Malwarebytes CISO: ‘Many SMBs think they are too small to be hacked’

17 Jun 2022

Laura Whitt-Winyard. Image: Malwarebytes

The anti-malware company’s new CISO explains why cybersecurity should be part of ESG strategies and flags the tech trends she’s most excited about.

Laura Whitt-Winyard is the chief information security officer at cybersecurity company Malwarebytes, having joined earlier this year. The company is best known for its anti-malware software and it has an EMEA headquarters in Cork.

Prior to her time at Malwarebytes, she was global chief information security officer for finance company DLL Group, director of security for automation company Billtrust, and held senior leadership positions in security at Comcast and Bloomberg.

Her primary role at Malwarebytes is to keep the company secure. She told that being responsible for security at a company that operates in the cybersecurity space takes on added importance.

“We’re dedicated to using our own technology within the company and have implemented initiatives including red teaming and our very own bug bounty programme to ensure we’re constantly on the lookout for potential threats,” she said.

As well as ensuring Malwarebytes maintains a strong security posture, Whitt-Winyard also must engage with the sales and marketing teams to ensure they understand the company’s customers.

‘We provide gamified secure development training as a way of adding an extra incentive’

What are some of the biggest challenges you’re facing in the current IT landscape?

One of the main challenges I and my team are facing currently is aggressive application development deadlines and requirements. To address this, we make sure we partner with the development teams and remain in close contact to ensure code is scanned and remediated before check-in and before moving to production

Staying abreast of the different sides of the business is crucial to performing effectively in my role and constant contact with the development side of the organisation is a key part of that commitment.

To that end, another big challenge is the process of seamlessly integrating development and operations. To do that successfully, it’s important that we define a minimum-security baseline and perform threat modelling on a consistent basis. In fact, we’ve gone so far as to provide gamified secure development training as a way of adding an extra incentive to the process.

How can sustainability be addressed from an IT perspective?

Our main aim has always been to protect consumers and organisations from cyberthreats – which, when done well, will ultimately reduce the amount of computing power, time and energy needing to be spent on addressing breaches of security.

That’s why I firmly believe companies should be looking at cybersecurity as part of their ESG efforts – it’s something I will always advocate strongly for, given the urgency of the matter on a global scale.

What big tech trends do you believe are changing the world?

Automation – the ability to automatically remediate threats frees humans up to focus on more technical and pressing matters, which inevitably helps to push not just our industry but the world forward. After all, who wouldn’t like to spend their time working on securing their company rather than spending endless hours in PowerPoint or Excel creating dashboards?

The advent of machine learning has also allowed systems to analyse patterns and provide insight into anomalous behaviours, whether fabricated or machine.

Both developments are hugely exciting to me because of the opportunities they open up for innovation and progress from a technology perspective.

How can we address the security challenges currently facing your industry?

The biggest challenge currently facing our industry is that many small to medium businesses (SMBs) unfortunately think they are too small or ‘off the radar’ to be hacked, or don’t feel they have the expertise to adequately protect themselves.

SMBs are targeted for the simple fact that they typically do not have the power to have a fully staffed security team, nor the budget to have a managed detection and response service.

Simply put, SMBs can be a gateway for hackers into large companies so it is imperative that they take the necessary steps to protect themselves.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.