Robert Carey: A Risk Worth Taking
What you need to know
- Advanced threats can be in and out of your network in 10 minutes
- CISO have due diligence to minimise third party risk by understanding how their partners run their network
- To enable business, use a common lexicon between network and business to accelerate business agility and decision making
- CISOS must care how their employees engage with the network and include all users to safely engage in the network so they do not become a business vulnerability
As Principal Deputy CIO for the US Department of Defence and formerly CIO for the US Navy, Robert Carey has championed transformation, strengthened cybersecurity, and led policy for millions of personnel and multi-Billion dollar budgets. Now serving as the VP & GM Global Public Sector Solutions for RSA, Carey integrates teams to connect technologies and solve customer information challenges in the Global Public Sector.
At CISO Edge, Carey’s message to Australia’s top cybersecurity leaders was to take advantage of digital technology to accelerate the velocity of business, transform constituent experiences and spawn new business models.
“Technology is a change agent in the network. Use technologies to simplify where and how data is stored,” Carey said.
But he warned of the increase in the pace of regulations, attack surfaces and the capabilities of malicious threat actors.
Attackers have to be right one time. Your business has to try to be right all the time.”
Carey said PII breaches and identity compromises will be the most common type of threat.
Because of organisational failures in demonstrating cyber-resilience, trust in technology is eroding. So to restore this trust, it is important to understand that risk cannot be wholly eliminated, prioritised and managed.
“Anticipate expected adversaries based on the complexity of your business, the volume of data consumption, network complexity and stability of the technology. Understand how well you can protect from your tech refresh budget based on your tech scope, geographic scope, compliance, and third party risk,” Carey said
This is part of Robert Carey’s keynote he delivered at CISO Edge. Only ADAPT Research and Advisory clients can access the full video, become one today.