Thought Leadership Series

In cybersecurity, people are often considered to be a weak link, with significant numbers of security incidents being attributed to human error or negligence. However, we are more focused on technologies, processes or data instead of giving proper attention to the human vulnerabilities. Yuriy Larchenko, Former Director of Information Security at ING Bank, discusses in this interview the significance of human behaviour and how we need to understand users’ interactions with technologies, controls and data, so as to adjust our security strategies accordingly.

Agenda:

• What is the difference between security awareness practices and people-centric approach for security?
• How may companies act differently to understand employees behaviours and achieve desired change?
• You are saying that humans are vulnerable, what exactly are we talking about?
• Is it possible to avoid such behaviors?
• You mentioned earlier that we need to consider secure behaviour by design. What is role of technology to secure behaviour?
• How would you encourage the non-technical community to educate themselves and be more prepared against cyber criminals and incidents?
• Do you have any indication of where you want to go for travelling yet?

Investments into cyber security systems are a must, but are still perceived as a cost and not a business investment. How do you provide credible measurements that your security expenditure is reducing your organisation’s cyber risk? An evolving approach designed to help organisations assess these hidden risks and determine the real ROI of their security investments is cyber risk quantification. Dr Magda Chelly joins us for an intriguing discussion around why cyber security and business leaders should be embracing cyber risk quantification, and what has changed to make it a critically-needed proposition.
 

Agenda

• How has the cyber risk landscape evolved in the past few years?
• Do you think all industries understand their exposures and the criticality of cybersecurity investment?
• How do you define Cyber Risk Quantification (CRQ) and why is it important?
• How do you think CRQ fits within the wider cyber security strategy?
• How does one start to build a methodology for quantitative analysis?
• What is your advice for overcoming the challenges of communicating these cyber risks and the need for better communication between technical and business leaders?
• The Cyber Security Agency of Singapore recently launched the “Better Cyber Safe than Sorry” national cybersecurity awareness campaign. What are your two top tips for the community to be more aware of cyber threats?
• As the founder of Women on Cyber, what do you think is the biggest barrier to diversity & inclusion, and how can we overcome it to increase representation?