Mr. Bjørn Watne holds a Bachelor degree in Computer Science from Agder University in Norway, and an MBA from ESCP in France. He’s a Senior Vice President and Head of Group Security with Storebrand – A Norwegian financial services company with offices in the Nordics and Northern Europe.
Please introduce yourself and tell us a little about your journey in cybersecurity…
I’m Bjorn, and I’m the Chief Information Security Officer with Storebrand. With roots going back to 1767 we’re also the largest private asset manager in the Nordic region! I started my career in cybersecurity about 20 years ago, pretty much straight out of university. Back then security wasn’t in the syllabus at school, but the Internet provided tons of information to those eager to learn and with a degree in Computer Science to lean on, getting into the game wasn’t difficult.
I began working as a Security Analyst looking for needles in a haystack (or malicious traffic in IP logs) and then advanced through architecture and pre-sale support into consulting. I was even a short spell into marketing, working to translate tech-talk into business terms, before eventually ending up in a management position, working mostly on strategy and risk management.
What are your main security concerns and what are you prioritising at the moment?
Our core business is life insurance. That means we’ve got lots of very sensitive data to look after on behalf of our clients. My main concern is to make sure we are doing our absolute best to ensure the confidentiality, integrity and (proper) availability of the data we manage on behalf of all our customers, our owners, and all other stakeholders.
With the current situation we’ve got around COVID-19, we are putting extra effort into endpoint security – both technically and on a personal level. That means going after both laptops and smartphones, but also working with the end-users with extra effort on awareness training and support.
What have been the biggest challenges around COVID-19 for your organisation? And, how are you addressing them?
We were very lucky early on as we had launched our “Digital workday” -initiative just a month or two before the initial lockdown in March 2020. This initiative meant a move to M365, with an office in the cloud, as well as fully integrated Sharepoint and Teams. The fact we were already live with this enabled us to quickly adjust meetings from a physical to virtual setting and keep working. Extended security on all endpoints was also not too difficult to apply over the air.
The absolute biggest challenge was (and still is) to reach every individual working from home and help them out with concerns, worries, difficulties and annoyances that might prove to be security risks to the company. We are working with measuring company culture, security competence and awareness, and are also redoing our awareness programs. I could easily deliver the full answer to this question as a 45-minute presentation.
What is your advice on balancing security and digitalisation?
I would say security – keep up! Digitalization is here to stay, and there is little security people can (or should) do about that. With the arsenal of (digital) tools we’ve got available today we are able to do all sorts of stuff to ensure the digital journey as kept safe. It’s borderline scary how powerful some of these tools are, so it’s important not to be too eager here and keep privacy in mind at all times.
My advice in the rapidly digitalized world is not to forget about people and keep a strong focus on getting the users attention and top of mind about what you’re trying to do and why. Having the users on your side will always win the war if not the battle.
What do the next 5 years hold for your industry?
Oh, I believe it will get ugly before it gets better. Ransomware and fraud is on the rise, and threat actors are becoming increasingly more resourceful. Even nation-states are entering the game now, with several countries funding huge departments that actively target large accounts for profit. If we are to overcome this I believe the only way is transparency and cooperation within the industry. We must be better at sharing data and resources and have a more collaborative approach to how we identify, demask and stop these attacks.
Together the financial services industry has quite the cyber army, and our combined budget for cyber defence is substantial. If we can find a way to agree on the fact we aren’t competing on security, and that working together will benefit all of us – then we will surely be tough to beat. Exciting times it is, and I’m definitely looking forward to the next 5 years. Hopefully not working out of my home office though, as that is something I’ve got quite enough of by now.
Join Bjørn and other expert speakers from Autostrade per l’Italia, Lusiadas Saude, Financial Ombudsman Service, Darktrace and OneLogin at 09:30 GMT for the live Panel Discussion: How Should Cybersecurity Support the Next Wave of Digital Business Transformation? Learn more about our speakers here and view the full event programme for a better look at why you should get involved!
Secure your seat at Cyber World Congress for FREE* and enjoy up to 16 CPE points, 30-days access to summit resources and more by registering online with code STOREBRAND here: world.cyberseries.io/register/
*T&Cs apply. Offer eligible for end-user profiles only though vendors and consultants are welcome to purchase a pass online.
