Our new CISO shares his thoughts on the future of Zacco’s digital security landscape and some of the most significant threats facing CISO’s across the globe.
Zacco is pleased to welcome Henrik Montan as our new CISO. Considered an expert in both security and IT advisory, Henrik will be using his considerable expertise, drawn from a career in IT security consultancy, to continue to develop and strengthen our internal security culture.
Wirth investment increasing across the board, security has gained prominence and attention in recent years. Working as a consultant, Henrik gained insight into a range of working environments across many different industries, learning how they approach potential threats and what they do to address security issues. While the threats themselves were often similar, regulation and compliance varies by sector, and one of the most important defining factors in success or failure could would often be the organisation’s security awareness culture.
For Henrik, the exciting thing about working in this field is the constant need to adapt. On the front line, there is a constant stream of development with new threats, new actors and new techniques appearing all the time. “It can be an exciting prospect to put yourself into the mind of an attacker. Thinking about how a system could be broken or an asset could be stolen is fascinating and requires some mental flexibility to be able to predict and counteract the latest threats. The role of a CISO is to bring everything together, to look beyond the technology into how the data, the people and the process actually interact with it.”
Joining Zacco, Henrik is looking forward to working with the wider organisation but he could immediately see the advantage of having our own in-house Cyber Security Division with Zacco Digital Trust who work with developing internal and external security maturity, among other important areas within the digital landscape. Although it is still early days, Henrik plans to use our valued internal security awareness raising tools to continue to raise awareness of current threats as well as contextualising them in the minds of our colleagues.
He also plans to continue the development of Zacco’s internal architecture, pre-empting the incorporation of new security strategies as they are released and centralising some of the more relevant controls and functions in order to ease the administrative burden on our users. Henrik knows that the best investment internally is often the development of a more cyber aware culture, trusting people to use their common sense and giving them the tools they need to make informed decisions or share their thoughts if they are unsure. “Security is an area that should be discussed openly, it is never be a ‘blame game’, it should be about developing a culture of openness so that people are not afraid to draw attention to a potential issue.”
Zacco understand the importance of trust and the responsibility that many of the organisations we work with have placed in us. In terms of the most significant threats facing CISOs today, part of this is down to integration. We now use more APIs and automation within systems, we create easier workflows and data crosses between companies and countries in ways we could never have considered even ten years ago. Combined with the rise in home working in recent years, this creates far more opportunities for interception so it changes the way that companies assess risk. It is no longer enough to build a perimeter fence and use access cards if people connect from home as often as they are physically in the office.
Another significant threat on the rise is that of ransomware, as well as advanced ransomware attacks where a vulnerable application is targeted rather than the organisation’s system itself. These are threats that are very difficult to detect and take time to fix. “When we talk of reaction time in a ransomware attack, we are talking about minutes. You need to identify and contain the spread immediately, as well as begin the recovery plan. That is why it is important to have a developed incident response plan in place where everybody knows their role. We know these attacks will happen so we focus on how to detect and respond quickly. No security measure is 100% effective but that does not mean you should make it easy. A combination of measures can make you a much harder target and might offer some precious time in such an event.”
Henrik knows that security is a commodity, but it is also becoming a significant differentiator. There has been a rise in attacks in recent years and companies who do not adopt digital security into the forefront of their operations run the risk of leaving themselves open to attack. “There is sometimes a culture of secrecy about being compromised and I think it will become more difficult for companies to hide it when they are breached as these are often leaked to the public even when a ransom is paid. I think we will see further migration of clients and the public to companies who adopt a more transparent and security conscious approach.”
As attacks continue to rise, it becomes a matter of mitigating the risk and the potential attack surface. This is achieved by raising employee awareness and understanding the implications of such risks. People are more likely to take a proactive approach when there is a personal impact. It is impossible to gauge how clients or the general public will react in the event of an attack and this has become more visible as supply chain attacks gain prominence. “Our insight shows that it is rarely the supplier that is considered in such an attack, rather the brand reputation of companies who have been affected. This is why it is important to consider as many angles and implications as possible when developing your security solution.
Finally, outside of work, Henrik enjoys spending time with his family, cooking outdoors on a big grill and, during less restrictive times, he was very keen on travel. He is also a big fan of finding out how things work and has been known to automate a few things around his house.
Thank you Henrik, and welcome to Zacco, we wish you all the very best in your new role.