Cybersecurity Leaders – Harry Eliopoulos CEO, Encode
Harry Eliopoulos has more than 20 years of business leadership experience focused on cyber security. He is the co-founder and CEO of Encode, a leading provider and developer of Managed Security platforms and services. Prior to Encode, Harry was an Information Security and Secure eBusiness expert consulting governmental and private organizations. Today he manages over 100 Cyber Security developers, analysts and consultants in Europe and the Middle East, serving hundreds of global brands with SOC as a Service and Managed Detection and Response.
Mr. Eliopoulos holds a BSc in Computer Science from Athens University of Economics and Business, and an MSc in Information Security from Royal Holloway College, University of London, UK.
How do you ensure your company articulates the three–pronged approach of people, processes and technology?
As a leading provider of cybersecurity solutions, and particularly those that pertain to behavioral breaching points, there is really no other choice. We accompany the integration of our platform with very meticulous training on all the aspects of secure behavior with devices, user interfaces and team communication. It helps that we maintain a very tight ship internally in the company as well. I’d like to believe that’s the case with most cybersecurity companies. Very often, our conversation with a new customer starts after they’ve been breached and learned a hard lesson such as paying ransom to regain their data, so they are more receptive to learn and apply the processes. It’s very important not to drop the ball in the longer term and we regularly test and retrain customers on secure behavior, as there will always be new employees, structural changes. The threat landscape is also very dynamic and the “update war” requires constant communication. We built our platform to support this inherently, and top it up with the necessary training.
How do you convince the board to buy into cybersecurity as business enabler?
Again, if the conversation starts after a security incident, the client’s board will be much more receptive. I’d say that on a clean level, for companies that have not been recently breached, about 15-20% of boards take the security requirements and the CISO’s role very seriously and are then involved in supporting the acquisition of cybersecurity solutions and practices. This is a significant improvement from the past but there is still a large gap and some boards need help to see the direct connection between data security and the bottom line.
Some people call for daily security drills and exercises at all levels of an organization to help reinforce defensive strategies. What is your take on this?
In a utopian reality this would be ideal, yes. Depending on the type of company, size of company and the industry in which it plays, you can adapt a drilling procedure that balances between security and the need to do business. For example, our large defense and law enforcement users are already conditioned to drilling and the cyber drills can be added to the pool and prioritized. In the private sector, it’s a very wide spectrum of challenges, and company culture plays a big part. The most decisive factor is leadership, as always. If a company’s leaders adhere and promote security, there will be motivation to drill more often. In any case, we have built in drilling mechanisms and the cybersecurity staff at our customer sites will be periodically drilled and tested. The challenges are usually more on a company-level.
Threats are everywhere and always changing. How can we address this difficult reality?
Choose the right people to lead your cybersecurity operation, empower them with actual capabilities and influence, and help them choose the right partners for technology and services.
How can a CEO balance security and innovation?
I speak daily with the CEO’s of our customers across the globe. I’m glad to discover time and again that the most innovative leaders are also usually most open to including security practices – which makes sense because it’s a smart thing to do. And as I said before, it usually links very directly to the bottom line, so it’s really a business decision. That’s across the board by the way, in any industry or vertical. Often, innovation manifests in HR for example, when leaders change the team structure or integrate an acquired business into the existing business – and those are exactly the weak points that attackers will seek as opportunities. Modern security products are flexible and can integrate with most outward facing systems and platforms – the challenge is in maintaining visibility at the top and identifying the most important alerts, which is exactly our expertise.
How important is information sharing within the sector to keep abreast of new threats and cybersecurity best practices?
Information on threats is of course a leading aspect and a business in itself, and dealing with the massive amount of information brings two major challenges: First, how do you filter the information in order to pass it internally in the company and match it with activity within your network? We do that with Machine Learning and automated tools, so that analysts can focus on what they are good at which is diving deeper on the real threats. The second challenge is that this information is a double-edged sword that smart attackers can use to mislead or overload security systems and practices. Over here experience plays a major role. As long as you remember not to rest on your laurels, you are maximizing your protection, and that’s our job as cybersecurity providers to keep this status permanently.
What do you perceive as the leading technologies in cybersecurity in the next decade to come?
I’d be careful with speaking longer term than a couple of years into the future, because the pace of change is accelerating as well. Definitely, Managed Detection and Response (MDR) technology is becoming a crucial aspect, especially for companies with many end-users or many device end-points. Early involvement of cybersecurity practices will usually protect fast growth and prevent incidents that threaten business. Right now there is still a lot of confusion among customers, because MDR is being marketed from many market players who sense its popularity, even though not all of them are pure-play MDR providers. It’s our job in the cyber security sector to clarify this picture. The technologies are amazing and improving at a decent pace too, but it will be many years before the human behavior aspect can become less crucial in the cyber kill chain.
You can find more information about Encode here.