By Danny Lopez, CEO, Glasswall
While technology, finance, and diplomacy may seem worlds away from one another in most people’s minds, they may be surprised to learn that there is a significant crossover of the skills required.
Prior to my time at Glasswall, I worked in finance for the first decade of my career at Barclays in a variety of international banking positions. I then transitioned into working as the managing director of marketing and communications at the Department of International Trade in the UK where I focused on implementing a marketing plan for the promotion of the UK economy internationally. I also worked with former London Mayor Boris Johnson to create London & Partners, the UK Capital’s international trade, investment, and promotional agency. After this role, I was appointed to the post of British Consul General to New York where I was responsible for the UK’s economic profile, foreign policy, and national security priorities in the tri-state area. During those five years, I gained a strong interest in technology which led to my role as the COO of Blippar, a technology firm specializing in augmented reality, before joining Glasswall.
These cross-industry roles have collided to teach me valuable lessons about running transatlantic organizations — as well as how to protect them from digital adversaries and nation-state threats. Through my diverse experience, I’ve learned that organizations can make improvements to their overall cybersecurity effectiveness by focusing on improving training, taking initiative, and increasing internal communication and collaboration efforts.
Cybersecurity Culture Starts at the Top
Leaders across each and every industry I’ve worked in are the ones who set the tone for how their teams engage with challenges, solutions and risks. A culture of security awareness and protection starts at the top.
Their willingness to learn about cybersecurity can make a huge difference in the way the team approaches education and awareness. Cybersecurity training is often treated as a one-time, brief session to go over the basics such as password best practices and how to recognize phishing attacks. While this approach can be educational, there is a lack of engagement happening. organizations typically treat cybersecurity training as a ‘box ticking’ strategy, where employees are asked to do a training session and assume the job is done. In reality, employers should be creating a culture that helps people identify security challenges while also investing in the right technologies.
Moreover, having a supportive and collaborative leadership team is crucial to creating a strong sense of involvement around cybersecurity. This involves taking a zero-trust approach to cybersecurity by assuming that there could always be risks. According to a 2020 Insider Threat Report, 68% of organisations reported that insider attacks were becoming more frequent. This involves having clear on-boarding and off-boarding procedures for employees, hosting clear cybersecurity training sessions, regularly changing passwords, and having two-factor authentication on at all times. In addition, businesses should be aware of the best possible technological solutions.
Taking Initiative with Cybersecurity Protection and Risk Factor Awareness
In addition, many organizations struggle with corporate procrastination around cybersecurity issues. This can lead to major repercussions down the line. Issues should be addressed head-on. There are many relevant examples of this such as an employee putting off changing passwords or implementing two-factor authentication. The number of stolen passwords and usernames in circulation has increased by 300% since 2018 (Digital Shadows Research Team). Passwords are shared between personal and work devices and are often written in plain sight rather than secured with a password manager. This further improves the importance of taking a proactive approach to cybersecurity measures. Passwords should be regularly changed and updated. Leadership teams should be taking these extra steps.
Another way leaders can take initiative in cybersecurity protection is by implementing proactive tools that work to prevent the problem before it arises. For example, Content Disarm and Reconstruction (CDR) technology removes potential threats from every file by inspecting, cleaning, and rebuilding files to a “known good” standard.
Although some organizations may take some precautions, a leader or leadership team may not always understand the risks and how they should be addressed. For example, leaders may comprehend that ransomware attacks are on the rise but cannot translate that into the risks it presents to their own networks. Cybersecurity concerns should be addressed directly by preparing to implement change. This is not just about investing in technology but is about identifying the risk factors associated with major problems such as ransomware and phishing. While effective cybersecurity is built around strong technological solutions, organisations that are aware and ready to address these issues will always be better prepared.
Clear Communication and Collaboration
One of the biggest challenges and crucial values in the workplace is direct, honest communication and collaboration. In many organizations across sectors, there is a serious disconnect between leadership and other vital stakeholders. For example, some leaders view cybersecurity as an IT problem, and as a result, keep important issues at arm’s length. They may not prioritize cybersecurity investment in the same way because it does not show a tangible ROI in most cases.
There is still a large number of organizations that could benefit from prioritizing cybersecurity at a leadership level. Improving communication efforts between all parties is crucial to protect from growing cybersecurity risks. The estimated cost of cybercrime exceeded $1 trillion globally in 2020, more than a 50% increase in two years (The Hidden Costs of Cybercrime, McAfee). It is better for organizations to be prepared by investing in cybersecurity best practices before it’s too late.
Ultimately, organizations can improve their approaches to cybersecurity as a whole by staying up to date on the latest threats, modernizing cybersecurity training and technology, and ensuring everyone from the board and executives to the security analysts themselves have a clear-cut, coordinated plan in place. It’s no simple task, but after decades of working in international relations, finance, and technology and observing security practices across them all, I can assure you these steps will put your team on the right path.
About the Author
Danny Lopez is the CEO at Glasswall. Danny has enjoyed a successful international career to date in banking, marketing, diplomacy, and technology. Danny is the CEO of award-winning cyber security firm Glasswall, which delivers unique protection against sophisticated threats through its ground breaking technology. For two years up until August 2018 Danny was the COO at Blippar, a UK-based augmented reality (AR) pioneer. Between 2011 and 2016 Danny was the British Consul General to New York and Director General for trade and investment across North America. Before this diplomatic posting, Danny was appointed by the Mayor of London as the inaugural CEO of London & Partners, the UK capital’s official promotional agency. Previously, Danny was a Managing Director at the UK government’s Department for International Trade. The first ten years of Danny’s career were at Barclays Bank, where he held several senior international positions in corporate and investment banking in London, New York, Miami, and Mumbai. Danny is a Non-Executive Director at Innovate Finance – the UK industry body championing global FinTech – and a special advisor to New York-based venture capital firm, FinTech Collective. He is also a Council Member and Trustee at the University of Essex, his alma mater. Danny speaks regularly on platforms across the world on topics including geopolitics and the intersection of market disrupting technologies and government policy. Danny holds a Bachelor of Arts degree in economics and a Master’s degree in international economics and finance from the University of Essex. Born in England, Danny grew up in Spain and is a fluent Spanish speaker. Danny and his Australian wife Susan live in London with their three children. Danny can be reached online at @GlasswallCDR and at our company website www.glasswallsolutions.com