Proofpoint’s Andrew Rose discusses the ongoing cybersecurity challenges facing companies and how automation can help with the industry’s skills shortage.

Andrew Rose is the resident CISO for the EMEA region at Proofpoint. His primary responsibility is to build and maintain relationships with the broader CISO community, using their first-hand experiences and real-time feedback to ensure Proofpoint is making the right strategic decisions regarding product, features, priorities and platform architecture.

“As part of this, I advise CISOs on how best to develop robust cyber security strategies and, more importantly, how they can communicate to their board the importance of investing in the right protection,” he told SiliconRepublic.com.

“We recently surveyed 1,400 CISOs and found that only 51 percent of global CISOs believe their executive board sees eye-to-eye with them on cybersecurity issues. This lack of alignment leaves organizations vulnerable to the increasingly complex threat landscape, so my goal is to share insights and guidance on how CISOs can better demonstrate the value of cyber resilience as a business priority.”

The human factor in cybersecurity is the one challenge that isn’t going away anytime soon.
– ANDREW ROSE

What are some of the biggest challenges you are facing in the current IT landscape?

I think the main challenge everyone is facing in this business is complexity. No matter how big your organization is, your data isn’t all stored in one place. It is distributed across multiple networks, owned and managed by a multitude of third parties and SaaS platforms, and applying consistent security measures and policies across all of these becomes a real challenge.

Similarly, if you are unable to easily identify all of your assets, it is difficult to gain an informed understanding of all of your potential vulnerabilities, such as those in your SaaS provider’s OS suite, Log4J’s tool embedded in your application code or many Office 365 Vulnerabilities that appear regularly.

Now, not only do organizations have to worry about managing their own security, but they also have to worry about the security of every other business they work with, whether it’s their contracting partners, SaaS platforms or any of the suppliers that provide vital elements. of their main product.

Each part of the chain increases an organization’s total attack surface, and the more complex the chain, the wider the attack surface and the more difficult it is to gain visibility into real risk and apply robust cybersecurity strategies.

The ‘human factor’ in cyber security is the one challenge that isn’t going away anytime soon. The latest data from the World Economic Forum (WEF) shows that around 95 percent of cyber attacks can be traced back to human negligence – but I’m still not seeing enough focus on tackling human-centric vulnerabilities in the cyber security industry .

What are your thoughts on digital transformation?

Digital transformation is fundamental to modern society and there is no turning back from where we are now. Marc Andreessen’s much-quoted assertion that ‘software is eating the world’ continues to ring true, with the WEF estimating that 60 percent of global GDP will be digitized by the end of 2022. And even when the asset is strictly physical , we are often creating digital twins to model and manage them.

We are at a point where these digital platforms are a key part of the expanding critical infrastructure that supports the population and must have security at their heart if we are to be a cohesive and resilient society.

At Proofpoint, we focus on the top threats we see targeting critical and value-added infrastructure. Every day we see millions of attacks targeting people inside organizations across key attack vectors such as e-mail, and we are working with our customers to address the growing challenge of protecting vital services from disruption or vital data from theft or misuse.

One of our main focuses is also preventing insider threats, whether malicious or simply careless, from seriously damaging an organization from within.

How can sustainability be addressed from an IT perspective?

The good news from an IT perspective is that there are now many much more energy efficient and sustainable options for running a digitized business. Outsourcing is yielding huge benefits in this area – each firm no longer needs to maintain its own hardware stack, which has traditionally been run on old, inefficient equipment.

We are now able to take advantage of state-of-the-art, virtualized systems housed in energy-efficient co-located data centers. Positioning these data centers in cold climates further reduces energy usage.

While the global move to remote and hybrid work certainly brought its fair share of IT and security challenges initially, you can’t deny that reducing the number of users traveling to a central location has been instrumental in reducing of the carbon footprints of those individuals and their organizations. .

Going forward, organizations must demand more from their suppliers when it comes to sustainable practices, equally demonstrating with greater transparency the actions they are taking to reduce their negative impact on the planet.

What big tech trends do you believe are changing the world?

In the cybersecurity industry, we have been facing a skills shortage for some time, and I see automation as essential to address this.

At the same time as we work to bring more talented people into the industry, there are ways we can use automation to reduce the overall workload and burden on our existing staff to reduce the gap.

By automating time-consuming manual processes, security professionals can spend more time delivering value to their organization, and as defenders we can turn the advantage back on attackers.

An exciting part of automation is its potential for wider societal applications, such as driverless cars, drone deliveries, airport screening, medical diagnostics, and much, much more. Of course, the success of all these initiatives will depend on security!

It’s hard not to get excited about the potential of artificial intelligence (AI) and machine learning. We now have the ability to rapidly identify anomalies and outliers in large amounts of data, which allows us to respond to cyber threats in a much faster timeframe.

Hand in hand with automation, AI and machine learning has changed the cybersecurity industry for the better and is a vital technology in our defense arsenal.

How can we address the security challenges currently facing the cybersecurity industry?

In the last two years in particular, we have seen cyber security companies themselves being targeted by highly sophisticated attacks.

As a company that our customers depend on to protect them, this means we must work even harder to protect our services and infrastructure and practice what we preach.

In addition, as the regulatory compliance landscape evolves, focusing on localized service delivery is essential to ensure we can meet the unique needs of our customers.

It’s important that we leverage AI and machine learning to continually improve the security controls we can apply to protect not only our customers, but their customers as well.

An increasingly digitally dependent society inherits complex cyber security threats and they are woven into the fabric of our daily lives, so we need to be at the top of our game.

10 things you need to know straight to your inbox every weekday. Register for Daily summarySilicon Republic’s roundup of essential tech news.

Leave a Reply

Your email address will not be published.