1 00:00:05,760 --> 00:00:08,488 Sean Aylmer: Welcome to the Fear & Greed Business Interview. I'm Sean Aylmer. 2 00:00:08,610 --> 00:00:13,080 Sean Aylmer: Australia's battle against cyber attacks and online espionage stepped up 3 00:00:13,080 --> 00:00:16,469 Sean Aylmer: another level this week. On Tuesday, the federal government accused 4 00:00:16,469 --> 00:00:20,640 Sean Aylmer: a group called APT40 of working on behalf of a Chinese 5 00:00:20,640 --> 00:00:24,450 Sean Aylmer: spy agency to target government and business networks. It's a 6 00:00:24,450 --> 00:00:27,389 Sean Aylmer: major escalation in the war on cybercrime and a stark 7 00:00:27,389 --> 00:00:31,859 Sean Aylmer: reminder of the ongoing threat to Australian companies. Recent research 8 00:00:31,860 --> 00:00:36,569 Sean Aylmer: from identity security company CyberArk revealed Australia is the second- 9 00:00:36,630 --> 00:00:39,750 Sean Aylmer: most breached nation in the world because of our high 10 00:00:39,750 --> 00:00:43,290 Sean Aylmer: use of Cloud and digital technologies and because of an 11 00:00:43,290 --> 00:00:49,199 Sean Aylmer: historical underinvestment in cyber security. Thomas Fikentscher is Area Vice 12 00:00:49,200 --> 00:00:52,348 Sean Aylmer: President for Australia and New Zealand at CyberArk. He's a great supporter 13 00:00:52,350 --> 00:00:54,960 Sean Aylmer: of this podcast. Thomas, welcome to Fear & Greed. 14 00:00:55,260 --> 00:00:56,310 Thomas Fikentscher: Hi, Sean. Thanks for having me. 15 00:00:57,270 --> 00:01:00,720 Sean Aylmer: It's pretty confronting, Australia being the second- most breached nation 16 00:01:00,960 --> 00:01:02,940 Sean Aylmer: in the world. And I know earlier this year, you 17 00:01:02,940 --> 00:01:06,809 Sean Aylmer: released research showing 99% of Australian organizations have faced at 18 00:01:06,809 --> 00:01:11,129 Sean Aylmer: least two identity- related breaches in the past year. Does 19 00:01:11,129 --> 00:01:12,990 Sean Aylmer: the scale of it surprise you? 20 00:01:13,680 --> 00:01:16,650 Thomas Fikentscher: It doesn't. It should, but it doesn't. Having worked in 21 00:01:16,650 --> 00:01:18,810 Thomas Fikentscher: this industry for the last four- and- a- half years, 22 00:01:19,290 --> 00:01:22,080 Thomas Fikentscher: it seems to increase every day, in terms of the 23 00:01:22,080 --> 00:01:26,190 Thomas Fikentscher: threat volume, the amounts of threats that come from different 24 00:01:26,190 --> 00:01:30,450 Thomas Fikentscher: angles, different parts of industries. Different systems are being used. 25 00:01:30,990 --> 00:01:33,420 Thomas Fikentscher: It's only going to escalate further when we think about 26 00:01:33,420 --> 00:01:37,380 Thomas Fikentscher: new technologies like AI being introduced, so it doesn't shock 27 00:01:37,380 --> 00:01:40,289 Thomas Fikentscher: me any more. I didn't know how big the problem 28 00:01:40,289 --> 00:01:42,750 Thomas Fikentscher: was before I joined the cyber security industry, but in 29 00:01:42,750 --> 00:01:45,330 Thomas Fikentscher: the meantime, unfortunately, I'm getting used to it. 30 00:01:46,020 --> 00:01:49,740 Sean Aylmer: So the underinvestment, is that something that's unique to Australia, 31 00:01:49,740 --> 00:01:54,630 Sean Aylmer: or have most economies not necessarily misread, but perhaps not 32 00:01:54,630 --> 00:01:58,199 Sean Aylmer: fully understood the nature of what's coming at us? 33 00:01:58,860 --> 00:02:00,449 Thomas Fikentscher: To be honest, I'm not quite sure whether it's a 34 00:02:00,450 --> 00:02:02,939 Thomas Fikentscher: problem of underinvestment or whether it's a problem of the 35 00:02:02,940 --> 00:02:05,879 Thomas Fikentscher: pace of digital innovation that happens in Australia, compared to 36 00:02:05,879 --> 00:02:08,580 Thomas Fikentscher: other nations, because we seem to race ahead when it 37 00:02:08,580 --> 00:02:13,110 Thomas Fikentscher: comes to embracing any form of innovation. Certainly in the 38 00:02:13,110 --> 00:02:16,590 Thomas Fikentscher: IT landscape, we do that a lot. Australia uses a 39 00:02:16,590 --> 00:02:19,710 Thomas Fikentscher: lot of Cloud services. Australian companies use a lot of 40 00:02:19,710 --> 00:02:23,699 Thomas Fikentscher: software as a service in their organizations, and I think 41 00:02:23,699 --> 00:02:27,300 Thomas Fikentscher: sometimes the pace of security transformation that needs to happen 42 00:02:27,300 --> 00:02:30,450 Thomas Fikentscher: doesn't sort of align with the pace of innovation. That 43 00:02:30,450 --> 00:02:32,639 Thomas Fikentscher: might be more of a problem when it comes to 44 00:02:32,639 --> 00:02:36,990 Thomas Fikentscher: that investment gap. I don't have detailed information about what 45 00:02:36,990 --> 00:02:39,539 Thomas Fikentscher: other nations are doing, but we certainly have a gap here 46 00:02:39,540 --> 00:02:40,079 Thomas Fikentscher: in Australia. 47 00:02:41,038 --> 00:02:43,590 Sean Aylmer: So what are the main targets of cyber attacks? When 48 00:02:43,590 --> 00:02:47,550 Sean Aylmer: you were talking then, it's kind of the downside of 49 00:02:47,550 --> 00:02:52,230 Sean Aylmer: data centers of Cloud computing. It just seems that it 50 00:02:52,290 --> 00:02:58,290 Sean Aylmer: makes middlemen more vulnerable. What are the cyber attackers attacking? 51 00:02:58,859 --> 00:03:03,090 Thomas Fikentscher: They used to go after corporations, after single entities. Ransomware 52 00:03:03,090 --> 00:03:05,940 Thomas Fikentscher: attacks were quite prevalent for a long time, and they 53 00:03:05,940 --> 00:03:08,730 Thomas Fikentscher: used to go after systems that are key in their 54 00:03:08,730 --> 00:03:11,639 Thomas Fikentscher: operations, to block them and then obviously, demand some form 55 00:03:11,639 --> 00:03:14,999 Thomas Fikentscher: of ransom for financial gains. But now we find more 56 00:03:15,000 --> 00:03:19,410 Thomas Fikentscher: attacks targeted towards what we call aggregators or service providers, 57 00:03:19,830 --> 00:03:22,770 Thomas Fikentscher: and it's quite damaging because those aggregators play a role, 58 00:03:22,770 --> 00:03:24,690 Thomas Fikentscher: not just for a single company. They play a role 59 00:03:24,690 --> 00:03:27,780 Thomas Fikentscher: for entire industries. So if you just look at the last four 60 00:03:27,780 --> 00:03:29,940 Thomas Fikentscher: weeks, you saw that it's not just in Australia but 61 00:03:29,940 --> 00:03:33,299 Thomas Fikentscher: across the globe. A pathology service in the UK was 62 00:03:33,299 --> 00:03:37,560 Thomas Fikentscher: attacked, and 800 critical surgeries in modern hospitals had to 63 00:03:37,560 --> 00:03:41,670 Thomas Fikentscher: be canceled. A service provider in the US was attacked. 64 00:03:41,670 --> 00:03:44,400 Thomas Fikentscher: That is a client management software provider for the car 65 00:03:44,400 --> 00:03:48,719 Thomas Fikentscher: dealership industry in the US, and 1500 car dealerships couldn't 66 00:03:48,719 --> 00:03:53,939 Thomas Fikentscher: function. A recent example in Australia was a e- prescription 67 00:03:53,940 --> 00:03:57,660 Thomas Fikentscher: provider in Australia called MediSecure, and they were attacked. They actually 68 00:03:57,660 --> 00:04:00,270 Thomas Fikentscher: went out of business because of that. But you can 69 00:04:00,270 --> 00:04:02,699 Thomas Fikentscher: see the aggregators are now more and more the ones 70 00:04:02,700 --> 00:04:05,610 Thomas Fikentscher: that are being targeted, so you can see that attackers 71 00:04:05,610 --> 00:04:08,130 Thomas Fikentscher: research what they want to do and where they can 72 00:04:08,130 --> 00:04:08,910 Thomas Fikentscher: inflict damage. 73 00:04:10,230 --> 00:04:12,089 Sean Aylmer: I mean, I suppose there's more value for money for 74 00:04:12,090 --> 00:04:14,250 Sean Aylmer: the hackers if they can hit an aggregator because they're 75 00:04:14,250 --> 00:04:16,350 Sean Aylmer: not just going to one organization. Potentially, they're going to 76 00:04:16,350 --> 00:04:20,550 Sean Aylmer: hundreds of organizations. What is the type of cyber hacking 77 00:04:20,550 --> 00:04:23,729 Sean Aylmer: that's occurring now? Is it ransomware, or has it moved on from that? 78 00:04:24,178 --> 00:04:27,059 Thomas Fikentscher: It's still ransomware on some occasions, but it's also moved 79 00:04:27,059 --> 00:04:30,810 Thomas Fikentscher: on, in terms of focusing on OT and operational technology. 80 00:04:31,469 --> 00:04:35,760 Thomas Fikentscher: So we see attacks against industrial systems, and some of 81 00:04:35,760 --> 00:04:39,359 Thomas Fikentscher: those industrial systems are quite old industrial control systems that 82 00:04:39,360 --> 00:04:42,630 Thomas Fikentscher: are still being used. So hackers seem to go after 83 00:04:42,630 --> 00:04:45,599 Thomas Fikentscher: that, and the question is where it comes from: which 84 00:04:45,599 --> 00:04:48,539 Thomas Fikentscher: threat actor? Is it a criminal organization or is it 85 00:04:48,540 --> 00:04:53,550 Thomas Fikentscher: a state- sponsored hacker group that's already trying to probe 86 00:04:54,120 --> 00:04:58,379 Thomas Fikentscher: geopolitical conflicts in many cases? So we seem to see 87 00:04:58,380 --> 00:05:02,938 Thomas Fikentscher: a shift towards operation technology and service providers, in particular. 88 00:05:04,529 --> 00:05:06,959 Sean Aylmer: Different attackers are looking for different things, though? Is that 89 00:05:07,469 --> 00:05:09,360 Sean Aylmer: what I can draw from that, Thomas? 90 00:05:09,570 --> 00:05:13,050 Thomas Fikentscher: Yeah, I would say critical services is a pattern here. 91 00:05:13,050 --> 00:05:19,139 Thomas Fikentscher: Critical services in an industry: energy services, water management companies. 92 00:05:19,139 --> 00:05:20,819 Thomas Fikentscher: Again, we saw that in the US, but I know 93 00:05:20,820 --> 00:05:24,149 Thomas Fikentscher: that the Australian water suppliers are quite nervous about that 94 00:05:24,150 --> 00:05:30,780 Thomas Fikentscher: as well. Waste management services, telecommunication services, critical medical services. 95 00:05:30,810 --> 00:05:34,260 Thomas Fikentscher: Let's talk about ERs, like emergency rooms. All of those 96 00:05:34,260 --> 00:05:36,299 Thomas Fikentscher: services seem to be targeted, in particular. 97 00:05:37,410 --> 00:05:39,930 Sean Aylmer: Is that by criminal activities, or is it by state- 98 00:05:40,020 --> 00:05:40,979 Sean Aylmer: backed hacking? 99 00:05:41,609 --> 00:05:43,800 Thomas Fikentscher: It's a bit of speculation, but often it seems to 100 00:05:43,800 --> 00:05:47,250 Thomas Fikentscher: be state- based or state- sponsored hacking. But there are well- 101 00:05:47,250 --> 00:05:48,720 Thomas Fikentscher: organized criminal gangs as well. 102 00:05:50,309 --> 00:05:53,880 Sean Aylmer: The state- backed hacking and the announcement we've had in 103 00:05:53,880 --> 00:05:58,079 Sean Aylmer: the last few days about APT40, it still really surprises 104 00:05:58,080 --> 00:06:01,229 Sean Aylmer: me that there are state- based hackers. Or am I 105 00:06:01,230 --> 00:06:04,770 Sean Aylmer: just a little bit too ignorant or too Pollyanna- erish 106 00:06:04,770 --> 00:06:09,209 Sean Aylmer: about this? The fact that out there, there are people, 107 00:06:09,330 --> 00:06:13,950 Sean Aylmer: like government money, going into hacking to hurt other nations. 108 00:06:15,120 --> 00:06:16,440 Sean Aylmer: I don't know; it surprises me. 109 00:06:16,799 --> 00:06:19,110 Thomas Fikentscher: Yeah, well, it doesn't surprise me. I think I said 110 00:06:19,110 --> 00:06:21,419 Thomas Fikentscher: that at the beginning. Nothing surprises me any more. So look 111 00:06:21,420 --> 00:06:24,630 Thomas Fikentscher: about geopolitical warfare or what they call hybrid warfare. If 112 00:06:24,630 --> 00:06:26,940 Thomas Fikentscher: you go to the major conflicts around the world, look 113 00:06:26,940 --> 00:06:30,150 Thomas Fikentscher: at what happened, what's happened in Russia and Ukraine. It 114 00:06:30,150 --> 00:06:33,659 Thomas Fikentscher: started before even the physical war broke out. It started 115 00:06:33,660 --> 00:06:37,770 Thomas Fikentscher: with hybrid warfare, where Russian hackers, or again, state- sponsored 116 00:06:37,770 --> 00:06:41,730 Thomas Fikentscher: hackers, were attacking energy grids and energy services in Ukraine 117 00:06:41,940 --> 00:06:44,998 Thomas Fikentscher: as a preparation for a different or next phase of 118 00:06:45,000 --> 00:06:49,229 Thomas Fikentscher: war. There's a group called Volt Typhoon, and they have 119 00:06:49,230 --> 00:06:52,169 Thomas Fikentscher: links to the Chinese government, and the US government found 120 00:06:52,170 --> 00:06:54,270 Thomas Fikentscher: out that they were basically sitting in their networks and 121 00:06:54,270 --> 00:06:58,350 Thomas Fikentscher: energy networks and water management environments, preparing for whatever in 122 00:06:58,350 --> 00:07:02,370 Thomas Fikentscher: the future. So it's systematic, and yeah, people use the 123 00:07:02,370 --> 00:07:03,479 Thomas Fikentscher: term hybrid warfare. 124 00:07:03,928 --> 00:07:05,609 Sean Aylmer: Stay with me, Thomas. We'll be back in a minute. 125 00:07:12,510 --> 00:07:17,850 Sean Aylmer: I'm speaking to Thomas Fikentscher from CyberArk. What about companies? 126 00:07:17,850 --> 00:07:20,550 Sean Aylmer: So let's bring it down to that level, and business 127 00:07:20,550 --> 00:07:24,540 Sean Aylmer: people. Their attitudes, I'm sure they're changing. Are they changing 128 00:07:24,540 --> 00:07:27,719 Sean Aylmer: for the better? Are people taking it more seriously? Has 129 00:07:27,719 --> 00:07:30,480 Sean Aylmer: it moved beyond just the chief technology officer? 130 00:07:30,990 --> 00:07:34,350 Thomas Fikentscher: They do, and it depends on the level of regulation. 131 00:07:34,680 --> 00:07:38,429 Thomas Fikentscher: There's a ranking here. Highly- regulated industries are certainly taking 132 00:07:38,429 --> 00:07:42,960 Thomas Fikentscher: it very seriously. So last week, I attended a lunch. 133 00:07:43,200 --> 00:07:48,449 Thomas Fikentscher: The major speaker was chairman from ESSEC, and ESSEC and APRA obviously regulate the 134 00:07:48,450 --> 00:07:52,800 Thomas Fikentscher: financial services industry. That's a highly- regulated industry. They regularly 135 00:07:52,860 --> 00:07:57,179 Thomas Fikentscher: issue prudential standards that banks or deposit- holding institutions need 136 00:07:57,179 --> 00:08:01,049 Thomas Fikentscher: to follow. So those industries are heavily involved in the 137 00:08:01,049 --> 00:08:03,840 Thomas Fikentscher: discussion, and not just at a technical level any more. 138 00:08:03,870 --> 00:08:06,600 Thomas Fikentscher: The legal counsels are part of the conversation. The chief 139 00:08:06,600 --> 00:08:10,110 Thomas Fikentscher: operating officers are part of the conversation. So it's good 140 00:08:10,290 --> 00:08:13,080 Thomas Fikentscher: because that's what we need. If you go down the 141 00:08:13,080 --> 00:08:15,989 Thomas Fikentscher: regulation path a little bit to less- regulated industry, you 142 00:08:15,990 --> 00:08:19,590 Thomas Fikentscher: probably find less involvement. In those industries, it's still being delegated 143 00:08:19,590 --> 00:08:22,949 Thomas Fikentscher: to technology functions, and in my opinion, it's too niche 144 00:08:22,949 --> 00:08:25,950 Thomas Fikentscher: when it comes to tackling the problem in those industries. 145 00:08:26,640 --> 00:08:29,010 Sean Aylmer: Okay, so just expand on that a bit. So the 146 00:08:29,010 --> 00:08:32,910 Sean Aylmer: big banks, we get that, but let's say those companies, 147 00:08:33,059 --> 00:08:36,239 Sean Aylmer: which aren't as big as that, but certainly have plenty 148 00:08:36,240 --> 00:08:39,690 Sean Aylmer: of customers, plenty of customer data. Is it a whole- of- 149 00:08:39,690 --> 00:08:42,929 Sean Aylmer: company challenge, rather than just the chief technology officer? 150 00:08:43,409 --> 00:08:45,809 Thomas Fikentscher: It is a whole- of- company challenge, for sure. Think 151 00:08:45,809 --> 00:08:48,750 Thomas Fikentscher: about the impact of a cyber attack. It doesn't just sit 152 00:08:48,750 --> 00:08:51,929 Thomas Fikentscher: in technology domain any more. It becomes a reputational problem. 153 00:08:51,929 --> 00:08:54,540 Thomas Fikentscher: It becomes a legal problem for an organization. Certainly becomes 154 00:08:54,540 --> 00:08:59,100 Thomas Fikentscher: a financial problem. Business have gone bankrupt. So it is 155 00:08:59,520 --> 00:09:03,240 Thomas Fikentscher: a problem that actually impacts the entire executive team and 156 00:09:03,240 --> 00:09:03,870 Thomas Fikentscher: the boards. 157 00:09:04,500 --> 00:09:09,420 Sean Aylmer: Okay, AI and generative artificial intelligence. Let's bring that into 158 00:09:09,420 --> 00:09:12,659 Sean Aylmer: the discussion. It doesn't sound as if that's going to 159 00:09:12,660 --> 00:09:14,610 Sean Aylmer: help things too much, though. I don't know. 160 00:09:15,240 --> 00:09:17,880 Thomas Fikentscher: There's two ways of looking at it. We use AI 161 00:09:18,299 --> 00:09:21,420 Thomas Fikentscher: as a defensive mechanism, so we try to actually use 162 00:09:21,420 --> 00:09:25,950 Thomas Fikentscher: AI to recognize patterns much quicker, in pretty much minutes, 163 00:09:26,010 --> 00:09:29,309 Thomas Fikentscher: and be able to defend organizations against the attacks. So 164 00:09:29,309 --> 00:09:33,450 Thomas Fikentscher: that's a positive development, and AI will help us, whether 165 00:09:33,450 --> 00:09:36,990 Thomas Fikentscher: it comes to coding, pattern recognition, policy management. But there 166 00:09:36,990 --> 00:09:40,260 Thomas Fikentscher: is also the other side. Well- organized organizations like hacker 167 00:09:40,260 --> 00:09:44,700 Thomas Fikentscher: organizations, they also know about AI. Even the inventors of 168 00:09:44,700 --> 00:09:48,300 Thomas Fikentscher: that, there's this company called OpenAI. They had a breach 169 00:09:48,300 --> 00:09:50,759 Thomas Fikentscher: last year, and they didn't disclose it, but it was 170 00:09:50,759 --> 00:09:51,419 Thomas Fikentscher: just published. 171 00:09:51,660 --> 00:09:51,718 Sean Aylmer: Wow. 172 00:09:52,049 --> 00:09:55,050 Thomas Fikentscher: So that company, if they had a breach and someone 173 00:09:55,080 --> 00:09:58,559 Thomas Fikentscher: looked at the advanced development of AI technologies, you can 174 00:09:58,559 --> 00:10:01,949 Thomas Fikentscher: imagine that it might have already been transferred to hackers. 175 00:10:02,400 --> 00:10:05,639 Thomas Fikentscher: So it has two sides. It has a, " Yes, it's 176 00:10:05,639 --> 00:10:08,460 Thomas Fikentscher: good for us," but we also know that the other side 177 00:10:08,460 --> 00:10:08,909 Thomas Fikentscher: is using it. 178 00:10:09,360 --> 00:10:11,160 Sean Aylmer: You're not allowed to sit on the fence, Thomas. Not 179 00:10:11,160 --> 00:10:15,360 Sean Aylmer: going to let you. Do you think AI will ultimately 180 00:10:15,360 --> 00:10:18,569 Sean Aylmer: result in more cyber hacking or less? 181 00:10:19,200 --> 00:10:22,110 Thomas Fikentscher: I'm nervous about it, to be honest. I think it 182 00:10:22,110 --> 00:10:25,650 Thomas Fikentscher: will result in more hacks, and it's going to be 183 00:10:25,650 --> 00:10:29,458 Thomas Fikentscher: industrialized and automated to a certain degree, the activity of 184 00:10:29,458 --> 00:10:32,939 Thomas Fikentscher: the dark side, so I'm very nervous about it. If 185 00:10:32,940 --> 00:10:35,130 Thomas Fikentscher: you think about what AI is, there's a lot of these things, 186 00:10:35,130 --> 00:10:41,458 Thomas Fikentscher: natural language models and learning capabilities. Well, are these learning 187 00:10:41,460 --> 00:10:43,860 Thomas Fikentscher: capabilities being used in the right way, or are these 188 00:10:43,860 --> 00:10:46,830 Thomas Fikentscher: learning capabilities used in the wrong way? What are these 189 00:10:46,830 --> 00:10:50,160 Thomas Fikentscher: bots learning? Are they learning a certain behavior that is 190 00:10:50,160 --> 00:10:53,309 Thomas Fikentscher: actually evil, or is it good? So how do we 191 00:10:53,309 --> 00:10:55,950 Thomas Fikentscher: predict that? So I'm quite nervous, and I'm also nervous 192 00:10:55,950 --> 00:10:59,610 Thomas Fikentscher: that AI engines tap into so many different data sources, 193 00:10:59,969 --> 00:11:03,240 Thomas Fikentscher: not just within a nation, but outside of our boundaries, 194 00:11:03,240 --> 00:11:06,750 Thomas Fikentscher: so I think we are going to have a struggle. 195 00:11:07,559 --> 00:11:09,809 Sean Aylmer: We like to finish these interviews with a lesson, often, 196 00:11:09,809 --> 00:11:11,819 Sean Aylmer: and particularly in these sorts of areas, because a lot 197 00:11:11,820 --> 00:11:14,220 Sean Aylmer: of us know about the threat, but we don't quite 198 00:11:14,220 --> 00:11:18,869 Sean Aylmer: know what our legal and regulatory responsibilities are. If I'm 199 00:11:18,870 --> 00:11:21,509 Sean Aylmer: running a business, I know I need to do something 200 00:11:21,509 --> 00:11:24,449 Sean Aylmer: about it. I haven't done enough about it. What do 201 00:11:24,450 --> 00:11:27,390 Sean Aylmer: I do? Who do I message? Do I pick up 202 00:11:27,390 --> 00:11:28,319 Sean Aylmer: the phone? What do I do? 203 00:11:28,980 --> 00:11:32,309 Thomas Fikentscher: Well, there are lots of organization involved here. You can 204 00:11:32,429 --> 00:11:35,670 Thomas Fikentscher: talk to the government. The federal government has issued lots 205 00:11:35,670 --> 00:11:39,120 Thomas Fikentscher: of guidances for corporate leaders, in particular. When it comes 206 00:11:39,120 --> 00:11:44,130 Thomas Fikentscher: to the cybersecurity strategy, 2023 to 2030, there's actually a guidebook which is 207 00:11:44,130 --> 00:11:48,300 Thomas Fikentscher: for corporate leaders. That's an interesting one. General counsels in 208 00:11:48,300 --> 00:11:52,349 Thomas Fikentscher: organization know when it comes to responsibilities for board directors 209 00:11:52,349 --> 00:11:56,009 Thomas Fikentscher: and responsibilities for executives. That's a good starting point, in 210 00:11:56,009 --> 00:12:00,150 Thomas Fikentscher: my opinion. Certainly, business leaders should talk to their technical 211 00:12:00,150 --> 00:12:05,520 Thomas Fikentscher: leadership teams: CTO, CIO, and the CISOs, in particular, and understand 212 00:12:05,520 --> 00:12:08,190 Thomas Fikentscher: what the day in the life of these individuals looks 213 00:12:08,190 --> 00:12:14,009 Thomas Fikentscher: like these days. That's internal communication, internal alignment, and then 214 00:12:14,009 --> 00:12:17,219 Thomas Fikentscher: advisories. There's lots of organizations out there, the big advisories 215 00:12:17,219 --> 00:12:22,020 Thomas Fikentscher: that actually have specific cyber strategies and cyber guidebooks and 216 00:12:22,020 --> 00:12:24,120 Thomas Fikentscher: frameworks that can be leveraged as well. 217 00:12:24,630 --> 00:12:26,429 Sean Aylmer: Thomas, thank you for talking to Fear & Greed. 218 00:12:26,790 --> 00:12:27,510 Thomas Fikentscher: Thank you very much. 219 00:12:28,139 --> 00:12:31,439 Sean Aylmer: That was Thomas Fikentscher, Area Vice President for Australia, New 220 00:12:31,440 --> 00:12:34,980 Sean Aylmer: Zealand at CyberArk, a great supporter of this podcast. This 221 00:12:34,980 --> 00:12:37,530 Sean Aylmer: is the Fear & Greed Business Interview. Join us every morning 222 00:12:37,530 --> 00:12:39,809 Sean Aylmer: for the full episode of Fear & Greed: business news for 223 00:12:39,809 --> 00:12:42,870 Sean Aylmer: people who make their own decisions. I'm Sean Aylmer. Enjoy 224 00:12:42,870 --> 00:12:43,230 Sean Aylmer: your day.