In today’s evolving landscape, situational awareness is crucial to help organizations proactively identify, assess, and respond to emerging threats before it is too late. Steve Winterfeld, Advisory CISO at Akamai, joins us in another episode of CISO Insights to talk about the role of situational awareness in cybersecurity, how it fits into an effective cybersecurity strategy, and the importance of culture. He says, “Culture eats strategy for breakfast. If you don’t have a culture of security, you will have a real problem.”

Situational awareness in cybersecurity, including responsibilities and critical perspectives

• Winterfeld emphasizes the importance of complete situational awareness of all your environments, whether legacy or cloud. It is crucial to understand where the important things are that might have a material impact.
• Winterfeld talks about whose responsibility it is to have situational awareness saying that it is primarily the CISO’s but it needs to be consolidated in the security operations center (SOC) too.
• Winterfeld discusses the differences between visibility and situational awareness saying we need to move away from the concept of just having visibility into our environments to being able to recognize real threats and respond appropriately.
• Winterfeld explains how situational awareness is viewed from different perspectives, including SOC, CISOs, risk or audit committee members, CEOs, or board members.

Cybersecurity threats and how to maintain situational awareness to avoid potential risks

• Winterfeld discusses how you need to have situational awareness when using new technologies or in transformation which are particularly vulnerable to threats.
• Business email compromise and ransomware are predominantly driving companies to go out of business because of a cyber event. Winterfeld highlights the importance of understanding the different types of threats and data needed for each stakeholder group.
• Although tools need to be measured, Winterfeld believes that they become less directly measurable as you move up to a strategic, board, or senior leader level.
• CISOs need to prioritize optimizing current tools over or using existing vendors or adding new ones to maintain security posture.

Cybersecurity trends, situational awareness, and culture

• CISOs need to balance bringing in new technologies without compromising their security posture. He talks about the potential threats of LLMs and their uses to reduce manual labor and improve agility.
• Winterfeld highlights why situational awareness needs to be built around a crisis response plan being enacted immediately, emphasizing the difference between discovering a breach in six hours versus three months.
• Winterfeld stresses the importance of culture in cybersecurity, saying if you do not have a culture of security you will have a real problem.

Cybersecurity policies, risk management, and AI use in the workplace

• Winterfeld talks about the changing landscape of cybersecurity and the need to adapt policies to address the evolving threats.
• It is crucial to have a contract that sets you up for success in dealing with third-party incidents including having a notification SLA and a way to validate the security that is taking place.
• Winterfeld discusses the challenges of LLMs providing incorrect information or hallucinating. However, he talks about the potential uses to help find the correct resources and to cut out the time spent looking through logs.

Guest: Steve Winterfeld (LinkedIn)
Company: Akamai (Twitter)
Show: CISO Insights

This summary was written by Emily Nicholls.