Episode #
15
BullWall's Troels Oerting on Keeping the World Safe from Cyber Crime
Show Notes
In this week's episode of the Future of Cyber Risk podcast, David speaks to Troels Oerting, Chairman of the Board at BullWall. They discuss the insights Troels has learned across his long career in global cybersecurity leadership, which include how to build bridges of cooperation and communication between public and private entities, industries, and countries to better combat cybercrime. They also discuss the gaps in today’s cybersecurity landscape, the importance of running exercises to practice for imminent threats, and what the future of cyber risk will look like.
Topics discussed:
The evolution of Troels' deep career in cybersecurity, starting as a police officer, to serving as CISO at Barclays, to becoming the Director of the Global Center for Cybersecurity at the World Economic Forum.
How international collaboration around cybersecurity has changed, and why there's the need for more cooperation and bridge-building between countries.
Key lessons learned from being a CISO at Barclays, like why there needs to be more communication across the industry and how banks "put their money where their mouth is" to form a cyber alliance.
The need for the public and private sector to work together on exchanging information in a non-punitive way that benefits both parties.
Significant gaps in the current cybersecurity landscape, and how governments and organizations can work to manage better security approaches.
Three elements of the future of cybersecurity, including the increase in normalization of the risk, more risk-based approaches to security, and a new focus on resilience.
How to use exercises and practice to prepare for future hacks — and why it's essential to invite the board to participate.
Quotes from Episode
#1.)
"We haven't really moved in the direction of better and more intimate cooperation. There are still a lot of obstacles toward exchanging things. So I think that what we need to do is to see, to build bridges and not walls between our ability to exchange. Not information, we have a lot of that, but insight, valuable insight about how our opponents do, how they misuse credential, how they sneak into our various networks, and in order to see if we can combat that in an easier way and a faster way." (4:50)
#2.)
"I would urge people to actually seek cooperation, not just exchanging coffees and drinks and whatever, but real exchange of the most sensitive information. If I'm hacked on a Monday, and I tell you how they went through my systems, then you might be able to prevent them from hacking you on a Tuesday. And that's a simple philosophy." (11:34)
#3.)
"I think that the only thing that works in actually creating a resilient cyber dimension is public-private partnership. ... If you want to have a true corporation, it needs to be a two way street. You get something, you give something back so that we can, in the private sector, increase our security posture and you get the information and you can help us in that." (18:39)
#4.)
"I think that what you will see is that we are in the beginning, we are infants in cybercrime and all these challenges we have. That's also why we are bumpling a bit around and we don't know our way. This will be normal. The next generation after us, this will be more normal. So you will see that cyber risk is just another risk. It could be investment risk, a capital risk, the risk of pandemic, and whatever that businesses need to take into account." (36:40)
#5.)
"So it's not about if you get hacked, it's when you get hacked. ... And I think you ain't seen nothing yet. I don't think that we have seen the end of cybersecurity or the end of the methods. There will be much more and they will be even more poisonous than they are today. So you need to think ahead and be there when they arrive." (39:05)