It’s up to management to make sure IT’s got a seat at the table, Martin says in this interview on the Business Security Weekly podcast.
The military strategy called “Defense in Depth” can be applied to cybersecurity. It has defenders deployed in a series of pre-planned positions from which they can advantageously attack the advancing enemy.
Digital communication adds additional functionality and control – but also creates new vulnerabilities. It’s impossible to centrally control every connection with employees and clients – therefore a new approach is required.
There’s growing concern within intelligence communities that hostile governments could cyber-invade financial institutions, not to steal money — but to pollute, destroy and manipulate data. One of the biggest exposures lies in the cloud.
Experts say that instead of a cyber attack that deletes or releases stolen data, the next wave of attacks will merely change digital data to compromise its integrity so that, for example, all the tax return data in your systems are no longer correct.
David X Martin was one of more than 100,000 volunteers who participated in Citi’s Global Community Day activities that ranged from mentoring youth to supporting local parks.
Getting comfortable with your company’s cybersecurity program means being able to answer questions like, “Are we thinking about security the right way, and where is all this going?”
The human immune system provides an apt analogy for cyber risk strategy: When a germ breaches the body, it sounds the alarm, solves the problem, then recovers and remembers.
BitSight: You were Chief Risk Officer (CRO) at several major financial institutions. What is the role of the CRO with respect to understanding and overseeing newer, disruptive risks such as cyber?
Excerpt from DCRO.org As a member of the Board Risk Committee Governance Council, David X Martin contributed to developing this guidance…