Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

The importance of a ‘forward-looking approach’ in cyber

Organisations can never be “fully prepared” for a breach, according to this cyber partner, who said that continuous improvements must be made to protect against cyber criminals.

user iconLauren Croft
Wed, 17 Jul 2024
The importance of a ‘forward-looking approach’ in cyber
expand image

Brenton Steenkamp is a partner at Clayton Utz, where he heads up the firm’s cyber security practice. He was also a recent panellist at Lawyers Weekly’s Corporate Counsel Summit earlier this year, discussing all things cyber.

Speaking on an episode of the Lawyers Weekly Show, produced in partnership with Clayton Utz, Steenkamp discussed the current state of the cyber market and revealed what a day in the life of a cyber partner is like in 2024

Being in this space requires proactivity, according to Steenkamp, who said that being prepared is everything.

============
============

“It’s that question of, once a crisis event does occur, does my crisis plan, as an example, really match up to my cyber incident response plan? But how often do we train our people around that process? How often do we test that process? And how often do we actually evaluate? How can we make this better?

“And I think from real life instances, what I’ve experienced personally, that’s not a place you want to be in if you are not really adequately prepared for such an event, because I don’t think any of us want to go through it, particularly if it’s serious,” Steenkamp said.

While having a plan is important, Steenkamp has also learnt the importance of being flexible and able to jump from one problem to the next if needed.

“You need to be mentally prepared for any event. And that, by default, also means equipping yourself not only in the executable but also understanding what is the psyche of the opponent. So, your threat actor, what you’re dealing with, why is this occurring? So, your intelligence around that process is important, but also, it’s a continuous flexing of the muscle,” he said.

“So, what I mean by that is test your process, test your vigour in terms of getting deep down in terms of your methodologies and having a good understanding in terms of what works and does not work. And that means that I can’t rely on yesterday’s winnings. I have to improve all the time.

“Our focus is really understanding what the lessons are learnt and taking those insights and bringing that to the forefront, particularly on the proactive side, to make our clients more vigilant around the issues of risk.”

In terms of engaging with clients, those conversations and steps change on a “case-by-case” basis, Steenkamp explained.

“Everybody’s on a journey; you can’t bring everyone on the same slate, and everyone has a different risk appetite in terms of what they perceive to be at risk and what they view as to be exposed or seen to be exposed. So, I think it’s considering that you can’t apply a one fix for all. You need to take them through a process and build that resilience as you go along,” he said.

“You might have the most secure processes in place, [but] there’s always something you may not think about. One of my previous colleagues investigated Edward Snowden, and he is a person who was working as a contractor to a third party who was engaged by the NSA, and that person breached the environment and still walked away in the most secure, so-called secure environment in the world. So that begs the question, are you really prepared? So, it’s testing and looking into that. So I don’t think you can use a one-step approach for everyone.”

Building this resilience within organisations can sometimes be a challenge for cyber teams, particularly for clients who either don’t think the threat is real or think they already have enough protections in place.

“You do get those clients who believe that they’ve done everything possible to meet the requirements to address any risk, if it may surface. However, what I’ve also seen is where that view is taken. Do they understand their risk landscape when it relates, for example, not only around the IT security controls, but to the data holdings they have in place? And that’s where sometimes the gaps arise,” Steenkamp said.

“And when those issues arise as a result of a breach, then the question mark is raised. And so, I don’t think we always fully can take for granted that we were already 100 per cent prepared. We need to do more and have an extra set of eyes and be on the continuum mode of being alert to address these issues because I don’t think we can be fully prepared, my personal view.”

In line with this, Steenkamp advised cyber lawyers and teams to be abreast of new changes and trends in the market as soon as possible moving forward.

“What are the different aspects of risks that we may not have seen before? And I think of AI bringing a whole new level of risk paradigm in terms of issues rather than the controls, but what are the outcomes? Are we addressing that? And are we incorporating that? We talk about compliance risks and cyber risks; AI risks can’t be seen in isolation. So that needs to be brought in. So, it opens a new, different window around issues, and how do we address that, and how do we best risk mitigate that for any particular client, but also different situations,” he said.

“So that prompts us to take a more forward-looking approach around that and then keep on training and keep on building the knowledge base around what is new. So, a good example is if you have a discussion with the FBI or, for that matter, with the AFP, the ASD’s office, you would see that there are trends taking place in the US coming onshore in Australia a few months later. What is happening in Europe will be impacting us. What is happening in mainland China [and] Korea will be impacting us as well. So, we need to consider all these factors, but be in step.”


This article was originally published on Cyber Daily’s sister brand, Lawyers Weekly.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.