Enforcing Information Security in the Age of Organized Cyber Threats

Nikk Gilbert, Chief Information Security Officer, Cherokee Nation Businesses

Nikk Gilbert, Chief Information Security Officer, Cherokee Nation Businesses

With 20 years of executive-level international experience in Information technology roles, Nikk is a respected thought leader within the government & private sectors. Experienced in multiple verticals, financial services, manufacturing, oil & energy, government & military, he is focused on building success by understanding the needs of the customer, and by enabling the business through a deep understanding of the corporate strategy & its culture.

“Having a security team that is trained, committed, and responsible for the management and oversight of information security is crucial”

What according to you are some of the trends currently impacting the cybersecurity landscape?

In the last five to ten years, the threat level in the security arena has reached an extreme point. Earlier, hackers would commit less organized and simpler attacks, and now those attacks have become much more complicated. The escalating number of advanced cyber attacks from hackers and cybercriminals toward businesses is devastating in many ways and results in substantial capital losses. A recent example is 2017’s NotPetya ransomware attack that brought down the entire network of connected systems of global corporations such as shipping giant Maersk, pharmaceutical leader Merck, and FedEx’s TNT Express division in just seconds. While it can be hard to detect these evolving cyberattacks, by analyzing the threat trends, researchers and IT security teams alike can plan ahead using data collected from previous attacks and combine it with real-time activity to more accurately identify risks and raise the bar of detection and prevention.

Please elaborate on how the growing threat landscape is affecting the role of chief information security officers (CISOs) in enterprises today?

About 20 years ago, information security was really an additional duty. Sometimes the network manager or the system admin would be in charge of security. However, with time, this responsibility has evolved and changed hands from the network manager to the security manager, and today, the CISO is accountable for ensuring there is a complete enterprise-wide information security program in place.

That being said, one of the significant reasons why cybercrime is so widespread is due to the availability of heaps of unstructured data and the many firms that lack the maturity to manage this vast data effectively. Organized hackers spend considerable resources to breach the critical infrastructures of private companies, while budget constraints and security vulnerabilities make these firms defenseless against organized cyber-attacks. Numerous organizations today require executives who can demystify the information security realm and define its impact on their businesses. Senior executives are looking for professionals who can help resolve security vulnerabilities and pinpoint the targets of the hackers—whether its customer data, production secrets, social media event, or details of mergers and acquisitions.

Having a security team that is trained, committed, and responsible for the management and oversight of information security is crucial. And, hiring an experienced CISO is one of the most important tasks to protect your business and critical data effectively.

How do you envision the future of cybersecurity realm and what are some of the significant measures enterprises need to take to stay ahead of hackers?

Taking a closer look across the business landscape, one can visibly see that less than 50 percent of the organizations today have efficient patching programs. Due to stringent budget constraints, many small and medium enterprises (SMEs) may face crunch time in deploying effective security systems in their environment, which will prompt hackers to escalate their advances and easily target such firms. Hence, it is crucial for every business to seriously think about securing their network to stop hackers from taking advantage of their un-patched systems. Innovation and growth need to be reconciled with risk and stability. More than ever, it is vital for business leaders to chart a course for their companies to capture emerging opportunities and rigorous resilience planning that matches up against the complex set of risks in the current global landscape.

What is the key piece of advice you would like to impart to fellow and aspiring information security professionals?

One of the most important things to keep in mind as a CISO is to be able to create a foundational information security program for a firm. From my industry experience, there are a few significant core competencies that must be effectively and successfully adopted before moving toward the information security realm. First and foremost, gain ardent support of the senior leadership because the secret to organizational success lies in continually making good decisions and implementing them quickly as a team. Secondly, devise a robust threat vulnerability management program to patch the existing systems. An unpatched system is like a gold mine for hackers; it requires no specific code and can be modified using any malware.

Furthermore, it is also imperative to create actionable security awareness training programs that can prevent users from clicking fake links or installing malicious software. Alongside, it is necessary to develop an efficient incident response plan to recover quickly and safely in case of cyberattacks, thereby preventing a prolonged service outage. Companies that hone the capability to respond to threats efficiently can stay prepared for an incident, follow the right response plan, and apply the proper processes and reviews around it.