Data breaches can ruin careers, and permanently damage the reputation of organisations. Defending against these cyber attacks is a challenge, and a problem that keeps business leaders up at night.
Think like a hacker
Jason Hart – CTO of data protection, Gemalto – believes that in his role, thinking like a hacker has helped him “beat the cybercriminals at their own game”.
“Using business insights and my years of experience as an ethical hacker, I know how cybercriminals think.”
>Read more on Algosec CTO looking to the future amid more complex customer needs
In his role, he creates strategies based on where the cyber security market is heading. And, like any thoughtful CTO, goes out to external experts to get an idea of the biggest pain points customers have.
“This helps me ensure we’re doing everything we can to solve these challenges,” he says.
Understanding the market
For product-focused CTOs, looking to deliver the latest innovations to their customers, understanding current market trends and needs is necessary in creating “visions of technology that customers don’t know they even want or need yet,” says Hart.
>Read more on Cyber security training: Is it lacking in the enterprise?
“It’s hugely important that we keep evolving, as hackers are always trying to think of new, creative ways to breach businesses.” Hackers only have to be successful once, so vendors have to create solutions that work every time, while customer-organisations have to implement cyber security best practice on top of this.
Do the basics right
One of the biggest challenges in data protection, according to Hart, is that businesses aren’t situationally aware and fail to do even the basics of information security.
“It’s always surprising how many businesses don’t even know where the data they need to protect is. Worse, I often work on projects where people haven’t implemented the best practices I was advising 20 years ago, like applying security controls that relate to enabling confidentiality, accountability and integrity controls.”
>Read more on Cyber security best practice
“In the post-GDPR era, it’s unacceptable that a business would have a ‘head in the sand mentality’ when it comes to data protection. People are willing to spend money on security controls that reveal when a breach has occurred, instead of solutions which actually protect against a breach. The challenge is getting businesses to understand they will inevitably be breached and need to focus on mitigating the impact.”
You’re not alone: The CTO office
The role of the CTO might feel like a lonely place. They are responsible for a company’s technology strategy (along with the CIO), and the products being delivered to clients.
This is changing. “Before long, CTOs will stop being lone operators – they’ll have a whole CTO office to support them,” says Hart. “This is already happening, but is far from the norm. With a team of specialists at different levels assisting the CTO, it’ll be much easier to communicate strategies and visions, rather than a single figure at the top trying to force change.”
>Read more on Cyber security – the CTO’s responsibility
There does, however, need to be someone at the top. It’s important that every business has a figure to look up to. Moving back to security, this could be a CTO, CSO or CISO or someone on the board who is responsible for cyber security.
This leadership, combined with an effective team, “will help ensure that every part of the organisation understands the threats that the business faces when deploying solutions, products and strategies,” continues Hart. “Unless it’s treated as a board-level issue then there’s no guarantee that a business will take security seriously.”