An Interview with Stuart Harrison, Chief Information Security Officer, Medibank

"Treat your supply chain for what they are – a logical extension of your organisation. Put the people, processes, and technologies in place to provide visibility and understanding of every supplier."
 

FST Media: You recently headed the revamp of Medibank’s cybersecurity strategy, which promoted a more data-centric security capability. In an increasingly multi-pronged threat environment, how will this strategy bolster Medibank’s cyber resilience?

Harrison: Our aim is to design controls commensurate with the sensitivity of the data itself and ones that ‘follow’ the data throughout its lifecycle. Effectively, this means that – by default – we simultaneously guard critical data at rest and in-transit across a multitude of IT environments, for example, on-premises, cloud, and hybrid.


FST Media: What do you rate as the most pressing security threat unique to health insurers today? Is the industry adequately prepared to address this threat?

Harrison: Given the sensitive nature of information insurers often hold, the highest threat is the potential compromise of someone’s privacy.

As far as industry preparedness is concerned, the answer is: “it depends”…


FST Media: Given the financial services industry’s growing concerns around supply chain attacks, how can organisations better address blind spots to mitigate third-party risks?

Harrison: Treat your supply chain for what they are – a logical extension of your organisation. Put the people, processes, and technologies in place to provide visibility and understanding of every supplier. Have a clear definition of what ‘good’ looks like and how you can measure improvement over time effectively, i.e. govern in-line with your risk appetite, which should be based on the sensitivity of the data you are entrusting to each supplier.


FST Media: Within the next 18 months, what emerging technology would you like to see play a more prominent role in Australian FSIs’ information security management systems?

Harrison: Machine Learning, coupled with a substantial focus on orchestration and automation, to really drive speed, quality and integrity, as well as resilience and workforce-scalability in every aspect of security.


FST Media: Cybersecurity is an ever-evolving discipline with persistent, often inscrutable threats. What, then, do you feel are the hallmarks of the best cybersecurity leaders?

Harrison: Honesty, integrity, humility, bravery, curiosity, intellect, determination, confidence, and empathy.


FST Media: On a more personal note, what is the best career advice you have received and how have you put it into practice?

Harrison: A quote from Nelson Mandela: “I never lose. I win, or I learn”.  This advice, along with my upbringing, helped me become adaptable and determined enough to overcome [extremely] difficult times, both personally and professionally.

------------------------------------------------------

Stuart Harrison will be a featured keynote speaker at the Future of Security, Sydney (2 April) and Melbourne (4 April), 2019. Register now to secure your spot!

 

Related Stories

An Interview with Jason Dell, Chief Product Officer, MyBudget
FST Media: Since your arrival at MyBudget in 2017 – first as CTO and now Chief Product Officer –... Read More
In Conversation with Alan Tsen, General Manager, Stone & Chalk – Part Two
FST Media: Amongst the start-ups you work with, what do you feel is their overriding reason for... Read More
Movers and Shakers | April–May, 2019
Australia Westpac has appointed Jane Watts to the position of General Manager, Retail and Premium... Read More
In Conversation with Alan Tsen, General Manager, Stone & Chalk – Part One
FST Media: In the wake of the Royal Commission, the explosion of tech-savvy challengers, and with... Read More

Comments