As Global Chief Information Security Officer (CISO) and Deputy CTO for News Corp, Latha Maripuri needs to provide employees in news, sports, radio, real estate and publishing with the tools to do their job, but in a safe and secure environment.
Cyber security is a big theme at IBC but do you think many media companies still take an ‘after the horse has bolted’ approach?
As attacks continue across all industries, cyber security has definitely become a business and board level imperative.
Given the brand and financial impacts, companies can no longer afford to be reactive and must implement a strong, comprehensive program to address their biggest cyber risks. Especially as companies transform into more digital channels to reach their customers, ensuring security is built into their processes is essential.
There have been lots of reports of security breaches in the news recently. Why are attacks becoming more common?
Companies previously operated in a very controlled and well-defined corporate environment where the rules were very clear about what was allowed into and out of a company.
Now we live in a hyper connected world where business is conducted online and employees are working remotely on a variety of different devices.
Most of the services we use to manage our lives are cloud based such as social media. This means there are now numerous entry points for an attack. The other change is that the cost of conducting a cyber attack has decreased. Hackers used to require sophisticated tools and skills - but now there is an online marketplace to buy malware or exploit kits.
How much would you estimate industry loses a year from cyber attacks?
Most companies do not disclose security breaches unless they are required to, let alone the financial impact.
The 2017 annual Ponemon study estimates that the average cost of a lost or stolen record with confidential information is around $141 (€120).
If you use this as an estimate, you start to get a view of the magnitude since the larger attacks reported typically have millions of records which were stolen. Besides the costs of investigation and remediation, there is often brand impact which is harder to quantify.
What are the main types of cyber attacks and how can they be prevented?
Attackers are looking to exploit vulnerabilities – this can be in your network, in your applications, in your databases, or in your people. There has definitely been a rise in targeting employees or contractors through social engineering and email spear phishing campaigns. The goal is to trick the user into providing credentials or clicking a malicious link or document. This can lead to ransomware or become an entry point into the corporate network.
Distributed denial or service attacks and web application attacks are still quite common.
It is important to consider cyber security in every aspect of the business such as new product development, risk management, acquisitions, employee on/off boarding or data science initiatives. Educating employees to how they play a role in protecting the company is key. Employees can still be your best line of defense.
What other practices should broadcasters and tech companies bear in mind?
Many aspects of cyber security come back to the basics. Inventory, manage and patch your assets.
Test your applications early in the development cycle and don’t launch until critical issues are fixed. If you don’t need something anymore, get rid of it! Legacy systems are an easy target for hackers since many companies don’t maintain them well.
Use strong or behavioural authentication everywhere you can. Ensure timely removal of access for employees or contractors who leave the company. Most importantly, understand future business objectives – whether mobile or VR or OTT and consider how security can support these transformations.
What security challenges does News Corp face?
Given our vast portfolio that ranges from news, sports, radio, real estate and book publishing, we have a diverse employee and customer base.
Our objective is to ensure our employees have the flexibility to do their jobs and continuously innovate in a secure manner. Whether that’s adopting cloud services, launching new products, using social media or working remotely, we are ultimately here to support the company’s strategy and growth.
Can it be considered safe to work in the cloud?
”Cloud transformation can provide significant cost savings, flexibility and security benefits”
Many companies deployed their current infrastructures and applications years ago before cyber attacks were as common as they are now - which means they have had to retrofit security in.
Cloud transformation can provide significant cost savings, flexibility and security benefits if architected correctly from the beginning. Cloud providers operate in a shared responsibility model and the key is in understanding what security controls the service provider will cover and what you are still responsible for.
What other technologies excite you?
True machine learning and how that can impact customer experiences and engagement is very exciting. Machine learning is also being heavily used in cyber security for monitoring and detecting some of the new threats that are happening in your environment. AI machine learning really provides us with an opportunity to learn things here.
You were named as one of top 10 women power players in IT security – what advice would you give to other women interested in a career in IT?
Technology has been a very rewarding and challenging career path. It is an area where you are constantly learning, solving key problems and helping transform industries.
Every company is becoming a technology company, especially in our industry. Having a strong technical strategy to support the business strategy is crucial.
There are numerous area to pursue such as engineering, strategy, user design, security, data science…the options are endless. I have had an incredible time and I hope that more young girls consider careers in tech.
Global CISO and Deputy CTO for News Corp
Region: United Kingdom
She is responsible for driving a comprehensive, risk based cybersecurity program across all News Corp operating companies including News UK, HarperCollins Publishing, Realtor.com and Dow Jones.
She oversees key initiatives such as secure development of new digital products, cyber training for employees, vendor risk analysis, incident response and security operations.
Prior to News Corp, Latha was a global executive at IBM. She helped shape the IBM Security division and has launched numerous highly profitable solutions across the world. She has extensive experience in driving tech strategy, product management, engineering, business development and M&A.