S31 Ep4: Emerging Threats for 2025: Q&A

Today we’re listening to the second half of Steve’s recent Emerging Threats webinar for security leaders. In this episode, Steve responds to audience questions, covering everything from government regulation to supply chain to raising awareness within your organization.

Steve Durbin’s Contact Information:
steve.durbin@securityforum.org
Steve Durbin on LinkedIn

Key Takeaways:
1. Knowing what your crown jewels are and how to protect them is paramount in a volatile world.
2. The government should do what the government does well, and it should let businesses do what businesses do well. The government should provide clear guidelines, but then there should be little interference.
3. Everything begins and ends with cyber resilience. How do we deal with the aftermath of the cyber incident that inevitably will occur?

Tune in to hear more about:
1. How to get the board to care about cybersecurity and cyber risk (2:48)
2. How to avoid making regulatory compliance a tick box exercise (9:13)
3. How ISF can help make your organization more resilient (26:06)

Standout Quotes:
1. “I like bringing people into the cyber space that are not technical. That doesn't mean to say you don't need technical people in cyber – you do, your security team needs to have a combination of the two – but I do very much like bringing them in from the business because their perspective is very much more about how they're going to make use of the technologies and therefore the use and the role that cybersecurity can play in securing the critical assets. Now, because we obviously are in an industry where there's a shortage of skills, what it does do is open up the markets to attracting – if you get it right – a whole variety of people that perhaps you wouldn't normally be able to bring into cybersecurity. So not only does it give you fresh perspective, not only does it align you more closely with the business, but it also opens up a pool of talent that otherwise might not be there.” - Steve Durbin

2. “I don't actually differentiate very much anymore between cyber risk and enterprise risk. [...] The reason I don't is that for me, I've become very much more convinced that cyber is so integral in everything that we do, that actually you create something of a problem for yourself if you begin to differentiate between enterprise and cyber.” Steve Durbin

3. “We need to make it simple for our users to be able to contact somebody in security if they are at all concerned about something that they've seen either through their email, on a system. And all too often we're not doing that. I can't tell you the number of times I've spoken to organizations and they simply aren't doing some of those basics. We don't need to complicate it all the time.” Steve Durbin

Mentioned in this episode:

• Dear InfoSec

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.