How to Find a Winning Cyber Security Strategy: Mike Gillespie at IFSEC 2015

“Cyber security needs a new business mentality and a holistic approach”

Mike Gillespie, MD of Advent IM

That was the message from Mike Gillespie, Managing director of Advent IM, Director of Cyber Strategy and research for the security Institute and Member of CSCSS, Global Cyber Strategy select committee.

Mike Gillespie – recently voted one of the most influential individuals in security –  spoke about cyber security and data breaches during IFSEC International 2015 at London Excel.

Bringing together Physical and Cyber Security

Historically, physical and technology infrastructure security have been considered independent from each other. The physical infrastructure is guns, guards, gates and dogs.

“Nowadays, we should use a holistic approach”, Gillespie said. “Therefore it is important to bring together physical and technology infrastructures, policy, legal matters and the cyber world.

“This approach is proportionate to companies’ needs and it is based on an effective risk assessment. Now, it’s time to stop thinking ‘I’m not a big corporate, I am not a valid target.’”

According to Gillespie, there is the possibility to jump onto a supply chain partners network.

How to benefit from planning IT Security

Corporate systems have benefited from long-term planned IT security:

• Regular health checks
• Regular software updates
• Regular patching
• Regular updating anti-malware

“It is important to plan IT security for financial systems, CCTV systems, building management systems, access systems and physical systems such as stock management, logistics managements and buildings,” Gillespie said.

How to find a clear business focus

To address cyber security in the right direction, it is fundamental to activate co-operation on several levels: people (local manager,  staff users policies, security and data protection); places (building management, Security systems; All remotely-monitored system); technology ( mobile devices, desktop devices, cloud usage); sweet spot, central understanding oversight and overall control of local threat surfaces with associated controls policies and training in place.

The real challenge is to totally understand risk and to co-operate all together to achieve a top level engagement.

The successful strategy: Education

Collaboration is the keyword to adopt a symbiotic approach, connecting all the business functions in the same direction.

Specifically, these functions are:

• Marketing
• Sales
• IT
• Logistics
• Facilities
• HR
• Finance

“In this cultural challenge, I want to cite Paul Drucker who said ‘culture eats strategy for breakfast’ – and this quote makes us understand the reason why security invest a lot of money in education and in business language,” Gillespie concluded.

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

Listen to the podcast today