Although the threat landscape has become increasingly complex, modern cybersecurity tools have made warding off attacks far easier, as Fidelity’s Gearoid Terry explains.
The cybersecurity field has evolved a lot in recent years, growing beyond just another function of IT and taking on urgent importance in many organisations. Cyberattacks these days are highly sophisticated and, if successful, highly damaging for companies and individuals.
“If I think back 10 or 15 years ago, IT leads had a relatively easy role when it came to cybersecurity,” explained Gearoid Terry, vice-president of enterprise security at Fidelity Investments.
“While it was no means a walk in the park, there was a finite number of devices that needed to be protected and monitored. Today, with the advances in digital technologies … that’s given rise to a huge number of digital endpoints.”
Technology has become more advanced and businesses need to be more adaptable. So, how are you meant to keep up? It requires a multi-pronged approach, Terry said.
He noted the vital importance of having “dedicated threat intelligence teams” in an organisation. From there, leaders need to assess what their information assets are and then extrapolate the kinds of risks they can expect as a result of those.
“When you correlate these things together, you can really focus on allocating your resources to defining actionable and tailored intelligence for your organisation.”
Working in the cloud
Terry also pointed out that cloud migration, though it brings myriad benefits to organisations, comes with its own risks. Many organisations are not doing enough to ward off these risks. “And the bad actors know this,” he added.
“The bad actors go where the data is going, so if the data is going to the cloud, that’s where the bad actors are going to be.”
He also advised that teams working in the cloud today need to ask themselves whether they have the level of visibility they need to do their job successfully.
Don’t let phishing leave you reeling
Terry said that although social engineering is nothing new, it is nevertheless an enduring threat for security teams, simply because it works. He added that phishing, spear-phishing and business email compromise will continue to pose a risk to organisations.
Overall, one of the key things to note when working in cybersecurity is that it is virtually impossible to ward off everything, Terry said. However, the tools have become increasingly sophisticated, making it easier and easier to keep systems secure.
“There is no way to protect against every single cybersecurity threat, but we have much better mechanisms for detecting, analysing and preventing cyberthreats.”
To hear more of Terry’s insights, check out the video interview in full above.