Generative AI may have hijacked Gartner’s top, strategic predictions for 2024, but according to the analysts, CEOs must empower a single responsible executive to tackle the challenges across the organisation.
Gartner predicts that 45% of CIO responsibilities will expand beyond cyber security due to increasing regulatory pressures and an attack surface that is expanding rapidly.
In a recent discussion with PodChats for FutureCISO, Silvia Ihensekhien, the director of information security and risk management at Swire Coca-Cola, discusses the strategic imperatives for CISOs in 2024.
Cybersecurity strategy
Commenting on the cybersecurity strategy that has proven to be most effective in 2023, she commends the implementation of the sales trust architecture.
“Nowadays there is a growing attack surface and the attackers are getting smarter," she says.
Ihensekhien considers operational security her most significant cybersecurity learning in 2023. Coming from an E-commerce background, she sees the importance of the technology and security side of operational technology.
What keeps her up at night is the threat of cyberattacks, just like any other cybersecurity professional, being aware of its “potential damage to the organisation’s reputation, the regulatory requirements getting more and more, and then the financial loss.”
She says the most significant loss of a major cyberattack is the loss of customers’ trust. “How do we ensure to get back the confidence of the consumer? This is also important to us. You need to understand the company's priority to stay relevant. You need to know the risks and opportunities to protect your organisation,” quips Ihensekhien.
Biggest 2024 concern
For Ihensekhien, the biggest concern for this year is how malicious players leverage GenAI for their attacks. “They can master or can even use technology to do a lot of things, getting into the attack much quicker,” she explains.
To combat this, she encourages establishing a culture of openness in the organisation. “If they have any new emerging technology, they will come to you to discuss together the best way to use it while staying safe in the organisation,” Ihensekhien explains.
She explains that her role is “deeper than introducing a new technology or opening up new business models. Every time we do something new, we generally have to look at it from the security perspective because the implications are a lot more financially and operationally.”
Top challenges for cybersecurity professionals
Ihensekhien’s first things on the list of the greatest challenges for cybersecurity professionals are stress and burnout. “We have worked so long. We have lots of things to worry about and then lots of new things coming in.”
She encourages cybersecurity professionals to have a good balance between work and rest, and to “have a clear mind to refresh.”
The talent shortage is also a challenge for the profession, especially in Hong Kong.
She says she helps bridge the talent gap in their organisation by recruiting junior positions that do not require a computer degree.
She has also been actively working with universities for internships and mentorships.
You can always teach people tech; it is easy enough as you go along.
Silvia Ihensekhien
Ihensekhien shares that there has also been an increase in attack surface, increasing the risk of organisations’ exposure to cyber-attacks.
“We always need to lock cyber security from a workspace. We cannot hold at all, but we need to protect those high risks.
Click on the PodChat player to listen to Ihensekhien talk about vital cybersecurity strategies and trends for 2024
- What cybersecurity strategy has proven to be most effective in 2023?
- What is the single most significant learning (for you) in 2023?
- As a cybersecurity professional, name one thing that keeps you awake at night.
- As a cybersecurity professional, what are your top 3 tips/recommendations for staying relevant in your role as viewed from the perspective of (a) your peers; (b) the company; and (c) the industry?
- As a cybersecurity professional, which technology is your biggest concern this 2024 (as it relates to cybersecurity)?
- What do you see will be the top 3 challenges of the CISO/cybersecurity profession in 2024?