Cyber security focus too much on tech, says Domino’s CISO
Many organisations are still focusing only on technology and compliance, which means their cyber defences are not as solid as they think, according to Domino’s Pizza chief information security officer.
Although common wisdom has recognised for years that security is a combination of people, process and technology, many firms still focus mainly on technology, according to Paul Watts, CISO for Domino’s Pizza, UK and Ireland.
“They also focus too much on box-ticking and compliance, but that is not necessarily synonymous with good security, which requires good, basic cyber hygiene and an establish culture of security,” he told Infosecurity Europe 2018 in London.
“All the compliance and certification in the world is no substitute for a solid foundation for cyber defences, and I know of organisations that have been breached by pen testers, even though the CISO had a string of certifications and he had implemented a host of high-grade security controls.”
On paper, the organisation looked solid, said Watts, but pen testers were able to access sensitive company data within an hour by socially engineering employees, discovering unprotected passwords on the network, and moving laterally with ease because a technician had used the same password for his password safe as for his personal accounts.