Jim Guinn, EY Americas Cybersecurity Leader, shares how companies must stay vigilant and navigate the evolving regulatory landscape.
*Sponsored by EY
*Sponsored by EY
Category
🗞
NewsTranscript
00:00I'm Dave Briggs here on the floor of the New York Stock Exchange, joined by EY America's
00:04cybersecurity leader, Jim Gwynne.
00:07Jim, great to have you here.
00:09Thanks for being here.
00:10Cybersecurity, it's probably the most important thing in the world that people aren't talking
00:15about enough today.
00:16Why is it more important right now than arguably ever before?
00:19It's a great question.
00:21You have a myriad of factors.
00:23In today's world, you've got a lot of geopolitical activity that's going on, whether it's in
00:27the South China Sea, whether it's wars in the Middle East, whether it's wars in Eastern
00:31Europe that are causing a lot of consternation and a lot of real tragedy, right?
00:36Every single one of those kinetic activities starts with some sort of cyber related event.
00:40So you have the normal cyber related events, ransomware gangs, people that are trying to
00:43do bad things.
00:44And then with all these geopolitical tensions, you also have nation state and or nation state
00:48actors poking and prodding at one another to figure out, can we get in?
00:52Can we pre-position?
00:53Can we figure out what we might want to do in the event that we want to create a diversion
00:57or distraction for something we might want to go actively do?
01:00Jim, you referenced times of transition.
01:02What are those different types?
01:04Yeah, there's all kinds.
01:06Whether you're a corporation and you have a new CEO or executive team that's coming
01:09in, whether you're divesting a portion of your business, you're merging something together
01:13with another business.
01:15And even in politics, like we have with the U.S. government transition, you have one administration
01:20coming in, another administration going out.
01:22Those are all elements of transition.
01:24We are undergoing a dramatic political shift at the moment.
01:27So what are the proactive steps you recommend organizations take in those times of transition?
01:32There's really just five.
01:33They're really, really easy.
01:35Number one, you better have a really good threat intelligence program that you understand
01:38where the threats are coming from.
01:39Number two, you take that information, you apply it to your threat hunt capabilities.
01:43Number three, you teach your employees.
01:45You train, train, train.
01:46Teach them what to do and what not to do.
01:47Number four, you actually have to test everything.
01:50You have to test your environment, your network, your systems, your applications, and look
01:53for vulnerabilities.
01:54And number five, and this is probably one of the more important, you have to know what
01:57you have.
01:58You have to know what's on your network.
01:59So you need good asset inventory.
02:01If you don't have that, you can't protect what you can't see.
02:03And if you can't see it, you can't protect it.
02:05What role does leadership play in maintaining vigilance for cybersecurity?
02:10You have to start at the top.
02:11I think the single most important thing that executives can do is speak about cybersecurity
02:16as part of what they talk about in their business.
02:18As a CFO, I want my financial reports to be accurate and timely in a safe and secure
02:23manner.
02:24I want the data to be secure.
02:26Be nice to say those things.
02:27I think that's the number one thing that CEOs can do.
02:29Do you think they are doing it?
02:31I think there's an epic shift.
02:32I think there's an epic shift.
02:34When I started in the technology sphere, right, way back when, when networks didn't actually
02:41talk to each other, no.
02:43But now because of some of the largest, whether it's, whether it's the most recent telcos
02:49that have all had some version of breach from one of the largest nation state actors that
02:54the FBI published reports about, yeah, they're paying attention now.
02:57I don't think that they know exactly what they should and shouldn't do to reduce risk
03:03and the relying heavily on many people in the organization to help them figure that
03:07out.
03:08Unfortunately, most of the CISOs in the world today are reporting into two or three layers
03:14below the CEO.
03:15So a lot of things get diluted by the time they get to the CEO.
03:18And something the CEO should also consider in terms of investment, where do you recommend
03:22organizations focus their spend when it comes to cybersecurity?
03:27Those five things that I talked about.
03:28You start off with threat intelligence.
03:30You deal with everything associated to enduring threat hunts.
03:33You teach your people, you test, test, test, and you make sure you know what assets you
03:36have on your network.
03:37If you can focus all your dollars on those things, you'll be in a much better perspective
03:41or a much better position to mitigate threats.
03:44Arguably nothing more important for companies out there today than cybersecurity.
03:48Jim Gwynne, thanks so much.
03:49Thank you very much.
03:50I appreciate it.
03:51This segment was brought to you by EY, helping to shape the future with confidence.