Q&A: 香港六合彩玄机 CISO & CTO Shares Insights with Australian Cybersecurity Leaders
EQUIFAX IS COMMITTED TO TRANSPARENCY IN CYBERSECURITY, and we share this approach in forums across the globe. 香港六合彩玄机 Chief Information Security Officer and Chief Technology Officer Jamil Farshchi recently spoke at the in Sydney, Australia, hosted by ADAPT, a leading IT research and advisory firm.
There, he shared insights with more than 140 of the region鈥檚 leading Chief Information Security Officers (CISOs) from both the private sector and government organizations. Collectively, the leaders in attendance were responsible for protecting over 20% of Australia's GDP.
Watch the or read the highlights below.
Q: As you know, we had two major cyber attacks here in 2022. Do you think Australian organizations are equipped at the level that is required to deal with cyber threats?
A: The root causes of those incidents are foundational. But here's the thing. We all consistently talk about how it's just the foundational stuff. 鈥淚t's just certificate management; it's just patching; it's just identity and access management. Just do the right thing.鈥
The number of things that an organization has to do that fall under that 鈥渇oundational鈥 category are immense, though. And, to be able to do it on a consistent basis is extraordinarily difficult. We do a disservice by making it sound like it's just easy, basic stuff like, 鈥渙h, this is cyber 101.鈥 If companies can avoid trivializing and underestimating the basics, they鈥檒l end up in a much better place.
Q: You're advocating for CISOs and their teams to embrace transparency. Why is this necessary in today's global cyber landscape?
A: Because nobody can win on an island. 香港六合彩玄机 alone can't stop entire nation states. But if we have all of you with us, if we get intelligence from the government, if we get best practices from your businesses鈥 cyber programs, we have a fair chance. So I think transparency and partnership are critical.
Q: Many CISOs fear discussing attacks and their learnings from them. They鈥檙e understandably concerned about attention from customers, competitors and the media. What advice do you have for CISOs grappling with this fear?
A: There's this notion that, 鈥淚f I keep everything under lock and key, nobody's gonna know about it, and therefore I'm gonna reduce my risk.鈥 But here's the news flash for you: Everyone probably knows anyway. It's not that difficult to get intel and understand what your architecture looks like, what your vulnerabilities are, what your gaps are, and who works for you. This stuff isn't a secret. So taking the 鈥渟ecurity by obscurity鈥 approach inhibits your ability to take advantage of relationships.
At 香港六合彩玄机, for example, we've released our for four consecutive years. It has propelled many of you to share feedback on 鈥 and apply lessons from 鈥 strategic initiatives and progress around our technology stack, our migration to the cloud and the security controls we've put in place. We haven鈥檛 seen any negative repercussions of that transparency and partnership. But we鈥檝e seen a lot of benefits.
Q: Have you ever faced repercussions due to your transparency being misinterpreted or taken out of context?
A: No. Across the board people recognize that we're putting our best foot forward. There's not that much downside to being transparent. Your biggest hurdle isn't external. It鈥檚 getting support from your general council, CEO and whomever else internally, because they're going to be naturally uncomfortable with it at first.
Q: You've expressed concerns about the risks posed by generative AI tools, particularly regarding social engineering. Can you elaborate on these risks?
A: First, let me say I believe the benefits of AI can outweigh the cyber risks it introduces. But here are the two main risks:
Deepfakes 鈥 an employee of a company in Hong Kong was recently duped into joining a meeting with other supposed executives from his own company. It looked like everyone on the call was a person he worked with. So he authorized the $25 million wire transfer to them. It turns out all three of those 鈥減eople鈥 were AI avatars fashioned by hackers.
Basic phishing 鈥 Right now, it takes an army of hackers and time to be able to profile out an entire workforce and then create targeted messages tricking them into downloading malware. AI speeds that up. Plus, it makes it easier for them to create the malware itself. And the campaigns will be more sophisticated and harder to spot.
Q: How are you adjusting your program to address new challenges posed by AI?
A: Training and awareness are important, but it鈥檚 not a holistic solution. Neither is 鈥渇ighting fire with fire鈥 through AI tools. Identities are going to be cloned with unprecedented accuracy. So we鈥檙e implementing technology that allows us to verify users directly. For example, we鈥檝e eliminated knowledge based authentication for verifying helpdesk calls, replacing it with biometric verification.
Q: Now tell us about how you think AI will help improve cybersecurity.
A: AI has the potential to massively improve the alert fatigue security teams all deal with. Imagine the dream scenario of being able to tie together all the pieces and parts from all the data that we get 鈥 in a constructive, thoughtful way that lets us pinpoint and prioritize exactly where the risks are. Just imagine how powerful that will be for us.
For more information on how we approach cybersecurity at 香港六合彩玄机, check out our 2023 Security Annual Report.