In the final session of our Talking Cyber webinar series, we were joined by Dr. Zibby Kwecka, Chief Information Security Officer at Arnold Clark, for an in-depth exploration of cyber security beyond the headlines. With extensive experience across organisations like NatWest, KPMG, Heineken, and Quorum Cyber, Zibby shared invaluable insights on protecting organisations from modern cyber threats while emphasising the importance of resourcing and practical strategy.
Understanding Cyber Security Realities
Zibby opened by challenging common misconceptions. Much like extreme sports such as cave diving are often perceived as riskier than they are, cyber security threats are frequently misrepresented in the media. While sensational attacks grab headlines, day-to-day cyber security work—like vulnerability management, governance, email security, and security engineering—plays a far more critical role in organisational resilience.
He highlighted that most organisations tend to focus on high-profile “exciting” attacks, but the most likely threats often come from more mundane vulnerabilities, including unsecured external services and phishing campaigns. This misalignment of perception versus reality can leave organisations unprepared for attacks that are statistically more probable.
Learning from Past Events
Using historical case studies, Zibby illustrated the real-world impact of cyber incidents:
NotPetya (2017): A single infected computer propagated malware across a global organisation, disrupting operations and causing losses of around $300 million. Despite the severity, the company emerged stronger, showing that effective preparation and contingency planning can mitigate catastrophic outcomes.
Roku (2009) SQL Injection: Ignored vulnerability reporting led to stolen user data and significant operational disruption, demonstrating the importance of timely response and internal communication.
Cambridge Analytica: Regulatory intervention and the cutting of key operational links caused the organisation to fold, highlighting how external oversight and accountability can be just as decisive as cyber attacks themselves.
From these examples, Zibby emphasised that the biggest threats to an organisation are often cash flow and operational resilience, rather than the technical breach alone
Strategic Cyber Security: Beyond Compliance
Zibby stressed the importance of a structured approach to cyber security, splitting efforts into strategic, tactical, and operational layers:
Strategic: Align with recognised frameworks such as NIST Cybersecurity Framework or CIS Critical Controls to build layered defences, identify gaps, and enable a structured approach to security.
Tactical: Focus on mitigating the kill chain of attacks and implement controls to prevent, detect, and respond to likely attack vectors. Examples include phishing simulations, external infrastructure scanning, and endpoint protection.
Operational: Ensure daily controls are in place, gaps are minimised, and teams communicate effectively. Using models like the Swiss Cheese model, multiple overlapping safeguards reduce the risk of a single failure escalating into a full-scale incident.
Zibby highlighted the Swiss cheese model to demonstrate how layered security compensates for inevitable gaps in individual controls. He also emphasised understanding the threat landscape: distinguishing between nation-state actors, organised crime groups, activists, and insider threats, and tailoring defences accordingly.
Human Factor and Team Dynamics
Technical solutions alone aren’t enough. Zibby highlighted the importance of team collaboration and communication. Cyber security experts need to be able to explain complex issues across organisational levels and work collaboratively to implement effective controls. Investing in people, training, and clear accountability is just as vital as any technological solution.
Key Takeaways
Prioritise resources on foundational cyber security roles and capabilities, not just high-profile attacks.
Real threats often differ from media narratives—prepare for the most likely scenarios, not just the sensational.
Adopt layered security frameworks to manage risk, with internal rigour exceeding external compliance requirements.
Understand your adversaries—different attackers require different strategies.
Communication and collaboration across teams are crucial for effective defence and resilience.
Cash flow and operational readiness are often the deciding factors in whether an organisation survives a breach.
Looking Ahead
As our Talking Cyber and Talking Data and AI series concludes, we’re excited to continue the conversation in our upcoming Talking Change and Transformation series,. Keep an eye on our website and LinkedIn for details.
Special thanks to Dr. Zibby Kwecka for sharing his expertise and engaging discussion. This session offered a powerful reminder that effective cyber security goes beyond headlines—it requires strategic planning, human collaboration, and a clear understanding of real-world threats.