Information Security has long been a crucial function for any business, ensuring staff, clients and stakeholders’ private details, ranging from bank details to personal information, are stored safely. With such an important function to deliver, the individuals responsible for this task are of course under great pressure to deliver a high quality service, in the face of the ever changing threat of Cybercrime in the 21st century. The Institute for Information Security Professionals recognises their role in combatting cyber threats, and looks to address the shortage of highly skilled individuals throughout the profession by promoting the growth of talent in the field. We spoke to Piers Wilson, Director at the IISP to discuss their work and the issues the institute is aiming to address.
Piers cut his teeth in Information Security at Royal Holloway University with an MSc on the subject, followed by a range of consulting roles at various organisations, including PwC and Insight Consulting. Piers now combines his work as Director of the IISP with a role as Head of Product Management for Huntsman Security, a Cyber Security Analytics and Automation solutions provider. As Director of the IISP, Piers focuses mainly on the communication, events and PR activities that the Institute organises, as well as the Annual Industry and Membership survey and accompanying research papers.
As Director of the IISP, Piers has first-hand knowledge of the challenges faced by Information Security personnel in dealing with cybercrime. “Cyber threats are growing in prevalence and sophistication, and the technology/IT environment is becoming more complex with mobile computing, cloud, the Internet of Things and other areas”, Piers expressed, explaining the problems that IISP’s members face. In particular, he continued to acknowledge the problems are exacerbated by the skills shortage facing Information Security organisations, as well as the increasing level of regulatory and board attention that Information Security is receiving, making the demands on security teams ever more challenging. Referring to how these problems can be addressed, Piers pointed out that some of the solutions are obvious; the skills shortage must be addressed by increasing the number of people with the correct skills entering the field, However, he did caveat that there is a growing need to change thinking, investing more time into “investigating technologies that leverage innovations around AI, automation and machine learning to provide a better, faster or more consistent scalable defence”.
In combatting cyber threats, both technological spend and good practice are essential ingredients in mitigating the risk and preparing your organisation for the ever-present threat of an attack. Piers shared some good practice essentials that individuals within an organisation can do to ensure that their organisation is equipped to deal with these issues –simply choosing good passwords, being mindful with usage of cloud storage and USB media, through to prompt application of software updates and consideration of data storage and management on an organisation’s network. Piers highlighted that these methods all help to some extent, and for the most part, cost little to nothing to implement beyond awareness of Cyber concerns from personnel throughout the organisation. To this end, Piers was keen to stress the importance of training and knowledge of Cyber Security throughout an organisation – from developers writing secure code, business managers smartly selecting third parties and cloud providers, and admins setting systems up securely, all aspects of a business have a role to play, business leaders in particular – setting a good example and placing high priority on data protection. Piers signed off by addressing what he perceives to be the biggest misconception around Cyber Security – that it’s a technological problem only – as his previous answer suggests, Cyber he thinks, should be seen as a people and process problem, rather than being viewed in such a narrow focus, in order to address the issues faced by all.
Come to the Cyber Security Summit and Expo on the 16th November 2017 to watch Piers on the “Dealing with the Increased Sophistication of Phishing Attacks” panel, at 11:25am on Seminar Theatre 3.