Failure to start is one of the biggest mistakes CISOs make, MapleSEC conference told

Share post:

Infosec leaders will make mistakes over the life of their careers, but according to a Canadian chief information security officer (CISO), being paralyzed with indecision is the worst.

“The number one pitfall is failure to start,” Kevin Dreyer, chief information and security officer at Ontario-based general contractor Maple Reinders, during a panel discussion of CISOs last week at the MapleSEC security conference.

Some security pros see all the obligations and responsibilities involving cybersecurity “as an insurmountable task,” he said. “Then you rely on hope.”

He advised those in that position to go through a cyber insurance application. These days, insurance companies have a long list of requirements for organizations to meet if they want to qualify for coverage. A long list — but, Dreyer said, it’s a start.

“Some of is very simple,” he said, “and you’ll be surprised that you already have some of the tools. You’re paying for them, you’re just not using them properly”

The second pitfall, he said is making your security awareness program feel punitive to employees. “If they feel like ‘I got caught [in a test], this is going to affect my performance review,’ or anything like that, then when they fall for a real phishing scam they’re not going to bring it to your attention.”

Rather than threaten employees with discipline, “celebrate their honesty,” Dryer advised.

Related: A fireside chat with a security consultant

Co-panellist Natalia Bakhtina, director of cybersecurity and IT risk management at insurance broker BFL Canada, said the biggest mistake some infosec leaders make is thinking that buying a cyber tool will solve all their cybersecurity problems. “Just because you have the best dishes and the best recipe book doesn’t mean you will cook the best meal,” she said. A good cybersecurity program needs the participation of everyone in the organization.

“Cybersecurity awareness is a lifestyle,” she added. Not only do employees need to be shown and convinced to do the right things, they also have to believe what they do is valuable to the organization. That’s why CISOs have to take every opportunity when talking to employees at all levels to remind them about the good cybersecurity brings.

In most cases the leader can’t do it alone, Dreyer added. “If you reflect on your own most difficult personal moments in your life, it’s not a matter of your ability to pull up your bootstraps, but the person who you can call to help you get off the ground.” That’s why, he said, infosec leaders need a network of knowledgeable people they can sometimes lean on.

The MapleSEC series of virtual and on-location conferences is organized by IT World Canada.

The post Failure to start is one of the biggest mistakes CISOs make, MapleSEC conference told first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

London hospitals cancel over 800 operations after ransomware attack

NHS England disclosed today that a recent ransomware attack on Synnovis has led to the cancellation of hundreds...

Microsoft cancels universal Recall release in favor of Windows Insider preview

Microsoft has decided to cancel the wide release of Recall, the controversial tool for Copilot+ PCs, and instead...

Cyber Security Today, Week in Review for week ending Friday, June 14, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, June 14th,...

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways