Hi-5 brings together leading CISOs & InfoSec leaders for peer-to-peer sharing via five short questions and insights.
Dalibor Kovacevic has been working in the cybersecurity space for about eight years. He held security consulting and IT audit roles in large companies such as Ernst & Young and Deloitte, then served as CSO at HPB Bank until two years ago, when he was appointed as CSO at Raiffeisen Bank Croatia.
What is the biggest challenge security leaders face today and how are you looking to tackle it?
In my opinion, the environment we work in has not changed that much in the past years. What has changed is the dynamic of the environment. We are facing new threats, attacks, malware and other threat actors daily, and the speed in which these new threats emerge is the biggest challenge we face.
In your view, how important are security awareness programs and what’s a CISO main role in making them effective?
Security awareness programs are now more important than ever. We face a time where social engineering, especially different phishing forms, is the main attack vector. Every major attack I’ve encountered recently had used phishing as a point of entry. The CISO is the key person responsible for protecting the organization and his role does not end at deploying the awareness education program. They need to understand the impact and the effectiveness of the program, consider all the different roles in the organization, and understand how employees react to the program so he can deep dive into areas that need further training and attention.
What’s the one thing you’ll never tell an employee who’s made a security error, and how would you suggest to handle the situation instead?
I will never just say: “It’s ok, you’ll get it better next time.”
The approach we use is to communicate clearly and directly to employees the risks associated with a security breach, and point out the exact red flags they should have noticed. All employees need to have a clear understanding that it is also their job to help keep the company safe and our job is to teach them how to do that. We need to be clear and direct by communicating that clicking on a link in a phishing email endangered the whole company and then explain how not to fall into that trap again.
When it comes to recruitment – what approach do you take to attract and keep the best talent, and what would be your best tip for a new CISO?
My approach is to make the job interesting and create the proper environment for people to be successful. One of your key responsibilities is to create the appropriate environment for your people to strive and to be good at what they know best. Be there for them and remove obstacles so they can focus on the important tasks.
Finally (just for fun): if you could have dinner with any renowned figure (dead or alive), who would you choose and why?
I would gladly have dinner with Elon Musk. I really admire what he has done and would love to hear about his vision and the journey he’s been through to make all of this possible – all in person.
Raiffeisenbank Austria d.d. Zagreb (RBA) is the first bank founded with foreign capital in Croatia and provides a comprehensive range of banking and financial services to its customers. Raiffeisenbank operates 66 branches, located in 36 Croatian cities.