This episode of Code to Cloud features a discussion with the EY Consulting Partner in Cybersecurity, Koen Machilsen. There, Koen is responsible for delivery and innovation of the EY Consulting Cybersecurity and privacy service offering, and has been with the company for over 16 years. Prior to joining EY, Koen held various roles in IT operations. Koen and host Tim Chase, Global Field CISO at Lacework, discuss the significance of integrating cybersecurity into business resilience strategies. The conversation covers how to respond to cybersecurity incidents, the importance of preparation and regular training, and the necessity of understanding business impact when developing cyber crisis management plans. They also delve into the European Union’s NIS2 and Cyber Resilience Act regulations, explaining how they aim to enhance cyber resilience across organizations by mandating stringent cybersecurity practices and reporting requirements. The discussion underscores the need for local transpositions of these directives and the challenges they introduce. Finally, they emphasize the importance of cyber resilience as an integral part of overall business resilience in the digital age.
Key Quotes
*”In today's digital world, you cannot have decent business resilience without having cyber in there. And why is this? Because technology is embedded in the heart of many organizations. That technology is interconnected with clouds and based on internet technology. So it makes it inherently vulnerable to cyber attacks. So if you want to have a good business resilience strategy, to me, cyber is a vital part of that.”
*”The overall objective of incident reporting is not to get organizations fined. It's to be able to do early sharing of those incidents or those indicators of compromise potentially to other organizations within or across different member states. All again, to make sure that whatever impact there is, that it does not get bigger from a member state or from a European Union perspective.”
*”A lot of organizations are prepared to handle crise -, the traditional ones - but do not really fully understand yet what it takes to handle a cyber crisis specifically. I think one of the biggest benefits that NIS2 will bring is creating that awareness and making sure that decent cyber crisis management is adopted.”
*”The key question here is to really understand the impact of an incident from a few angles. I think understanding the impact of that incident is, is that really in the area that falls in scope of NIS2 for that organization? In what local European market is this impact cost? And to what extent is this impact significant? Because that's again at the discretion of the organization to determine. And I feel that those three elements really can help you decide how and where and when you need to report those incidents. So capturing all that information as part of your Security Incident Management process is key.”
Time Stamps
[0:30] Meet Koen Machilsen, EY Consulting Partner in Cybersecurity
[1:00] Handling a Cyber Incident: First Steps
[2:03] Understanding the Impact of an Incident and Communication
[3:45] The Importance of Regular Exercises
[6:26] Threat Modeling and Business Impact
[8:27] Regulation Insights: NIS2 Explained
[11:05] Incident Reporting Challenges
[20:24] Cyber Resilience Act Overview
[26:39] Rapid Fire Questions with Koen Machilsen
[30:13] Conclusion and Final Thoughts
Links
Read EY’s article on how to prepare for NIS2
This podcast is brought to you
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.