S29 Ep2: Steve Durbin & Nick Witchell - Rethinking Technology Governance in a Fragmented Policy Landscape

Today, BBC journalist Nick Witchell interviews Steve about the threat landscape in light of a number of damaging hacks that have recently been made public. They consider the challenges regulators face given the current geopolitical situation and discuss how organisations can create a thorough cyber defense and response plan.


Key Takeaways:

1. Organisations cannot abdicate responsibility for data security, even when outsourcing to third parties. They need strong incident response plans and ongoing assessment of third-party security capabilities.
2. In terms of any country’s political agenda on cybersecurity, AI regulation is often overshadowed by other issues.
3. Few parliamentarians and ministers come from a security background, which is one reason why it’s critical to provide guidance and insight to them.
4. A more thoughtful and funded approach to security would benefit society, considering the potential impact on people’s lives and the need for effective incident response.


Tune in to hear more about:

1. Accountability and responsibility in cybersecurity (1:59)
2. Role of cybersecurity centers and national institutions (5:13)
3. Government and political involvement in cybersecurity (8:29)
4. Public awareness and the ISF’s role (12:21)
5. Risk management and security investment (16:32)
6. Concerns about technology implementation (20:14)


Standout Quotes:

1. “We (at the ISF) don't want to be one of those organisations that's constantly barracking people and complaining. We want to be holding true to some of our founding principles, which is about providing best advice, providing some of the best tools, providing some of the best insights that we gather from our own team and also from our member community. But we do need to make more noise about that, because people desperately need to understand some of the implications, and indeed, very much more importantly, what they can actually practically do about it.” - Steve Durbin

2. “There is no one size fits all. That's the other thing about this. You have to have it in line with your business direction, your size, your maturity, all of those sorts of things. Very often people ask me for blueprints or, what does good look like? And my answer is always the same: it varies depending on your stage of maturity and your willingness to spend, and how important your data is to you.” - Steve Durbin


Mentioned in this episode:

• ISF Analyst Insight Podcast
  
  

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.