We recently sat down with WineDirect’s Chief Information Officer and Chief Information Security Officer—Kalani Keala. Kalani joined the team in July 2022, and since then has been developing and implementing information security procedures and policies that are designed to protect WineDirect’s systems from both internal and external threats. Let’s get to know him a little better!
As you have recently joined WineDirect, Welcome to the team! How has your transition into the CISO role been so far?
Thank you! I’m excited to be here and am really enjoying the role. The entire team has been amazing, and I love working in a new industry. Everyone is so enthusiastic about what they do. Specific to my role, WineDirect already has a security-minded culture, which is fantastic! No arm-twisting is required when it comes to adopting new security practices. The importance of protecting our systems and customers’ data is already a priority.
Can you tell us a little bit about your role and responsibilities at WineDirect?
I’m wearing a few hats in my role as Chief Information Officer and Chief Information Security Officer. At the top of the list, responsibility-wise, is standing up on over-arching Enterprise Security Program. As mentioned before, a strong, security-minded culture already exists, as do critical policies and practices, such as PCI Compliance, secure software development awareness and general cybersecurity training and testing. But Cybersecurity is a journey, not a destination. We’ve already taken some valuable steps since I came on board back in July. For example, we now have a 24/7 Security Operations Center; this is monitoring telemetry from all the WineDirect connected systems for evidence of compromise, and is prepared to address any issues using tooling that we’ve installed across our network. That’s just one of a long list of enhancements we’ve made.
What top trends should businesses be aware of regarding information and security?
There are a lot of trends to consider, but one of the most impactful macro trends is the growth in Cybersecurity damages. In 2021, it was estimated that cybersecurity damages cost the world economy $6 trillion dollars! That’s projected to grow to $10.5T by 2025!! To put that into perspective, that $6 trillion dollars equals the combined revenue of the top 18 companies in the world! This includes the likes of Walmart, Amazon, Apple, ExxonMobil, Volkswagen/Audi/Porsche, etc. Hacking is BIG business that’s not going away and is becoming more widespread and sophisticated every day. Unfortunately, that’s why Cybersecurity will always be a journey and not a destination.
What are a couple of things wineries can easily do to help improve security?
Your people are the first line of defense and the path to most cybersecurity breaches. Cybersecurity training is critical! Wineries need to understand that any link their people click is like opening the door to your home and inviting whoever is on the other side into your living room. Yes, you might have security that keeps visitors from knocking or ways to prevent them from doing damage once inside your home, but the hackers are always coming up with ways to defeat those systemic solutions. Users must be trained in how to recognize and safely handle suspicious communications. Here at WineDirect, we use a dedicated IT Security Awareness platform. All knowledge workers with the company are required to complete training, and campaigns are run monthly to test their threat recognition skills.
Can you tell us about something you’re currently working on and are excited about?
In addition to all the work we’re doing on the security side, my team is also deploying a state-of-the-art data analytics platform that will allow near real-time access to data from all critical WineDirect systems. Of course, I’ll wear my CISO hat to ensure the privacy requirements are enforced. But our ability to analyze the business and glean insights will be game-changing in 2023.
Do you think your winery could be doing more to protect its data? The answer is most likely yes! Whether you’ve been thinking about it or not, now is the time to introduce updated security policies and technologies to ensure you’re as safe as possible.