An Interview with Stuart Harrison, Chief Information Security Officer, Medibank

"Treat your supply chain for what they are – a logical extension of your organisation. Put the people, processes, and technologies in place to provide visibility and understanding of every supplier."
 

FST Media: You recently headed the revamp of Medibank’s cybersecurity strategy, which promoted a more data-centric security capability. In an increasingly multi-pronged threat environment, how will this strategy bolster Medibank’s cyber resilience?

Harrison: Our aim is to design controls commensurate with the sensitivity of the data itself and ones that ‘follow’ the data throughout its lifecycle. Effectively, this means that – by default – we simultaneously guard critical data at rest and in-transit across a multitude of IT environments, for example, on-premises, cloud, and hybrid.


FST Media: What do you rate as the most pressing security threat unique to health insurers today? Is the industry adequately prepared to address this threat?

Harrison: Given the sensitive nature of information insurers often hold, the highest threat is the potential compromise of someone’s privacy.

As far as industry preparedness is concerned, the answer is: “it depends”…


FST Media: Given the financial services industry’s growing concerns around supply chain attacks, how can organisations better address blind spots to mitigate third-party risks?

Harrison: Treat your supply chain for what they are – a logical extension of your organisation. Put the people, processes, and technologies in place to provide visibility and understanding of every supplier. Have a clear definition of what ‘good’ looks like and how you can measure improvement over time effectively, i.e. govern in-line with your risk appetite, which should be based on the sensitivity of the data you are entrusting to each supplier.


FST Media: Within the next 18 months, what emerging technology would you like to see play a more prominent role in Australian FSIs’ information security management systems?

Harrison: Machine Learning, coupled with a substantial focus on orchestration and automation, to really drive speed, quality and integrity, as well as resilience and workforce-scalability in every aspect of security.


FST Media: Cybersecurity is an ever-evolving discipline with persistent, often inscrutable threats. What, then, do you feel are the hallmarks of the best cybersecurity leaders?

Harrison: Honesty, integrity, humility, bravery, curiosity, intellect, determination, confidence, and empathy.


FST Media: On a more personal note, what is the best career advice you have received and how have you put it into practice?

Harrison: A quote from Nelson Mandela: “I never lose. I win, or I learn”.  This advice, along with my upbringing, helped me become adaptable and determined enough to overcome [extremely] difficult times, both personally and professionally.

------------------------------------------------------

Stuart Harrison will be a featured keynote speaker at the Future of Security, Sydney (2 April) and Melbourne (4 April), 2019. Register now to secure your spot!

 

Related Stories

An Interview with Steven York, General Manager, Group Compliance and Chief Security Officer, Bank of Queensland
FST Media: How has cybersecurity ‘threatscape’ evolved over the last 18 months and where do you see... Read More
An Interview with Anthony Thomson, Chair, 86 400
FST Media: As an industry veteran and founder of two disruptive UK banks– Atom Bank and Metro Bank... Read More
An Interview with Mary Nottle, Head of Technology, Equipsuper
FST Media: What do you rate as the most pressing cybersecurity threat facing today’s financial... Read More
An Interview with Scott Wall, Chief Information Officer, BankVic
FST Media: What do you rate as the most pressing cybersecurity threat facing financial services... Read More

Comments