More and more businesses are realising the need for experienced InfoSec specialists. According to PWC's Global State of Information Security, the growth of digital devices is driving risk management. Businesses see the real need for emerging technologies, but are more aware than ever of the risks.
We've had the opportunity to grab 5 minutes with Senior InfoSec Consultant, Uwe Fischer. He talked about the changing face of information security and the challenges businesses face in 2018.
How did you get into Info Sec?
After finishing my masters degree in computer science I was fortunate to receive a job offer in IT Sec thanks to good networking and my personal qualification.
You work in a niche role. What specific challenges do you face?
The day to day challenge is raising awareness of cyber security, and inform about the necessity. With enhanced security comes decreased usability. There seems to always be trade-off to be made.
When it comes to enforcing strict security guidelines, high level management needs to be onboard for support. However gaining trust and identifying key decision makers is tough as not all may be visible by looking at an organisational chart.
What are the biggest security threats to businesses today?
Recent articles recommend focusing on inside threats. Over privileged user accounts on software systems for me is the most severe aspect. Employees are enabled to execute unwanted actions be it with or without malicious intent. Combined with the all-time favourite “weak passwords“, an intruder can too easily cause hazard.
How is the cyber security sector adapting to new cyber threats?
From my understanding the focus is shifting to find ways to better react to threats rather than trying to close all holes. SIEM, CASB and artificial intelligence are going to be focus points.
One promising addition to traditional measures is having the ability to mitigate incidents, while trying to keep user experience as lean as possible.
How can businesses protect themselves better?
This question has to be answered on an individual basis. But in general, it is always recommended to regularly have security professionals do tests and analysis. These will yield individual recommendations. Addressing threats to cyber security must continue to be an ongoing, data-led process.
What has been your biggest professional success?
In the banking industry it is mandatory to fulfil regulatory requirements. Certification of users and their privileges on IT systems is one of the security-relevant requirements and effects all employees.
My team and I, as lead consultant onsite at the customer, have established an IT system and assisted in multiple successful executions of certifications, creating trust and reliability.
What advice would you give to IT professionals looking to move into Info Sec?
Be ready to constantly improve. Keep up-to-date, know your field of expertise in detail, pay attention to tangents and think outside of the box.
It is vital to prevent incidents through architectural, technical and regulatory means, but there will be an incident eventually. And when that time comes, you need a strategy to cope with it. Preferably beforehand!
Information Security demands expertise from specialist IT professionals. At Montash, we identify top information security talent to ensure that you get the protection you need.