An Interview with Stuart Harrison, Chief Information Security Officer, Medibank
"Treat your supply chain for what they are – a logical extension of your organisation. Put the people, processes, and technologies in place to provide visibility and understanding of every supplier."
FST Media: You recently headed the revamp of Medibank’s cybersecurity strategy, which promoted a more data-centric security capability. In an increasingly multi-pronged threat environment, how will this strategy bolster Medibank’s cyber resilience?
Harrison: Our aim is to design controls commensurate with the sensitivity of the data itself and ones that ‘follow’ the data throughout its lifecycle. Effectively, this means that – by default – we simultaneously guard critical data at rest and in-transit across a multitude of IT environments, for example, on-premises, cloud, and hybrid.
FST Media: What do you rate as the most pressing security threat unique to health insurers today? Is the industry adequately prepared to address this threat?
Harrison: Given the sensitive nature of information insurers often hold, the highest threat is the potential compromise of someone’s privacy.
As far as industry preparedness is concerned, the answer is: “it depends”…
FST Media: Given the financial services industry’s growing concerns around supply chain attacks, how can organisations better address blind spots to mitigate third-party risks?
Harrison: Treat your supply chain for what they are – a logical extension of your organisation. Put the people, processes, and technologies in place to provide visibility and understanding of every supplier. Have a clear definition of what ‘good’ looks like and how you can measure improvement over time effectively, i.e. govern in-line with your risk appetite, which should be based on the sensitivity of the data you are entrusting to each supplier.
FST Media: Within the next 18 months, what emerging technology would you like to see play a more prominent role in Australian FSIs’ information security management systems?
Harrison: Machine Learning, coupled with a substantial focus on orchestration and automation, to really drive speed, quality and integrity, as well as resilience and workforce-scalability in every aspect of security.
FST Media: Cybersecurity is an ever-evolving discipline with persistent, often inscrutable threats. What, then, do you feel are the hallmarks of the best cybersecurity leaders?
Harrison: Honesty, integrity, humility, bravery, curiosity, intellect, determination, confidence, and empathy.
FST Media: On a more personal note, what is the best career advice you have received and how have you put it into practice?
Harrison: A quote from Nelson Mandela: “I never lose. I win, or I learn”. This advice, along with my upbringing, helped me become adaptable and determined enough to overcome [extremely] difficult times, both personally and professionally.
Stuart Harrison will be a featured keynote speaker at the Future of Security, Sydney (2 April) and Melbourne (4 April), 2019. Register now to secure your spot!