4 minute read 1 Oct. 2018
cyber team looking at data

Sandra Liepkalns: cyber on the business agenda

By EY Canada

Multidisciplinary professional services organization

4 minute read 1 Oct. 2018
Related topics Alumni Cybersecurity Digital

LoyaltyOne’s Sandra Liepkalns offers her perspective on implementing a robust risk and cyber strategy.

Cybersecurity is a source of mounting concern for organizations, and rightfully so.

According to the World Economic Forum, a large-scale cybersecurity breach is one of the top five risks facing the business world today. And as companies have become increasingly reliant on technology, large volumes of data and automation, the risk of a cyber threat becomes much more real.

However, our recent EY Global Information Security Survey found that nearly two thirds of Canadian companies have a cybersecurity budget that accounts for less than 10% of their overall spend on information technology.

EY alum Sandra Liepkalns shares insights about this threat to businesses. In her current role as Chief Information Security Officer (CISO) at LoyaltyOne, Sandra leads the IT Security Team, which is responsible for strategizing corporate information security architectures to meet industry best practices and minimize risks. She offers her expertise and insights on how companies should approach security risks in the digital age.

Why should cybersecurity be at the top of the business agenda?

In today’s digital product world, data security has become integrated with the business innovation process, during its initial development and implementation lifecycle. Security is no longer a backroom function, it’s about business-focused collaboration, risk identification and mitigation.

In your opinion, what are the key components of a good risk management and cyber strategy?

It requires a holistic approach. Organizations need to understand how their data flows and protect that information at every stage.

Companies also need to look at risk management as the beginning of the cycle. To start; business management, legal, privacy, data governance, business information and information security teams need to work in conjunction with the data security component.

At the end of the day, it’s about elevating the security consciousness of the organization. It should not be relegated to one specific department or team, but rather a collaborative effort. It also requires executive leadership and demonstration of its importance. Everyone has a role to play in mitigating risk and detecting potential threats and, as such, all employees should be involved in ongoing cybersecurity education and training.
 

How does LoyaltyOne approach cybersecurity?

Our program employs several frameworks which has, among other elements, five domains that are imperative in any cybersecurity strategy: identify, protect, detect, respond and recover. We don’t operate in silos – every team and its members play a role in identifying risks and protecting sensitive information.
 

Many companies speak about cyber attack prevention, but few discuss response tactics. Why is it so important to have a response management plan in place?

A cyber response plan should be an essential part of any company’s risk management plan. It’s critical to have a team and plan in place in order to detect and understand what’s happened when an incident occurs and then quickly decide who you need to communicate to, what information needs to be communicated, and what measures should be taken to rectify or mitigate the situation.
 

Is storing proprietary data on the cloud a viable security measure for businesses? Why or why not?

The use of new technologies and agile methodologies enable organizations to bring their digital business transformations to life. Adopting cloud technologies allow this change to happen even faster. Storing data in the cloud can be a viable option, so long as a cloud governance framework and appropriate security standards are in place. It’s also critical to understand any underlying legal and regulatory risks to make an informed business decision.
 

Given the propensity for cyber threats, why do you think so few organizations allocate budgets to cybersecurity? Moreover, what can they do to overcome this, and how can they obtain buy-in from the most senior executives within the organization?

In terms of securing buy-in, there are more business leaders with technology expertise asking about cybersecurity now versus a decade ago, and they have the capacity to elevate the discussion to the most senior executives within the organization. A perception shift is also required – by looking at their company’s maturity level, assessing their information and the risks to it, senior leaders will be better equipped to determine what resources and budget should be allocated to implementing a robust cyber program.
 

How can businesses competitively differentiate themselves when it comes to the future of cybersecurity?

They can enable trust by safeguarding data and training their employees at all levels to understand their duties and responsibilities to secure data and be aware of business risks.

Summary

EY alum Sandra Liepkalns shares insights about this threat to businesses. In her current role as Chief Information Security Officer (CISO) at LoyaltyOne, Sandra leads the IT Security Team, which is responsible for strategizing corporate information security architectures to meet industry best practices and minimize risks. She offers her expertise and insights on how companies should approach security risks in the digital age.

About this article

By EY Canada

Multidisciplinary professional services organization

Related topics Alumni Cybersecurity Digital