Although he grew up in Israel and now lives in Amsterdam, Tal Arad knows that Carlsberg is the closest you will get to a Danish national treasure. As the company’s Group CISO since 2020, he and his team are doing everything they can to keep this modern, yet historic brewery group protected.
While we are interviewing Tal Arad on a late autumn afternoon, his young daughter pops in the home office to see who her dad is talking to on the computer – a sudden reminder of the closeness and innocence of family life in a world where cybercriminals are becoming increasingly relentless in their efforts to cause destruction and panic for global companies.
Since taking over the role as Group CISO of Carlsberg in March 2020, Tal Arad has seen a growing number of ransomware attacks against global companies, partly sparked by the COVID-19 epidemic. In late 2021, he was given the additional responsibility of heading Carlsberg’s global IT infrastructure, digital workspace and service delivery. Now, as Vice President of Information Security and Technology Services, he knows more than anyone the value of having, in his own words, a “good eye on everything”. He explains:
“To say that the last two years have been difficult is an understatement. Like most other large manufacturing companies, we have also felt the uptake in attacks, both in volume and complexity. On top of that, our own complexity is also increasing due to remote work, the digital footprint of our people and our global production components.”
"The network perimeter simply does not exist anymore. A cyberattack that is launched in one country can reach another in no time, which is why we are essentially treating cyber security as one big global operation run by our international team of specialists, and I feel privileged to lead that effort.”
Getting to a top security position at one of Denmark’s most high-profiled companies wasn’t always in the cards for Tal Arad who, like many others, came to work with cyber security almost by mistake:
“During my mandatory military service in Israel in the late 1990s, one of my commanding officers asked if I knew anything about computers. I said “yes, I know some” and so I was appointed as the IT security officer of the unit on the spot. Later, I became the CSO of the central computing campus of the Israeli military, which was my first real foray in the world of security. Back then, the internet was still a new thing, and the dot-com bubble was only starting to happen. Look where we are today!”
Clear commitment from top management
Many years later, and on the back of an already successful career in cyber security, Tal Arad was the CISO for CEVA Logistics, a large global logistics company. However, the thought of working for a brand such as Carlsberg was appealing to him:
“During my interview, I was asked why I wanted to work for Carlsberg, and I told them that in my high school days in Israel we only had two local beers and then Tuborg and Carlsberg. It really tells you about the power of a global brand that is loved by so many people across the world. It is indeed a special place to work. I know that most Danes consider it a national treasure, and rightfully so.”
One thing is protecting a renowned brand; another thing is managing a global cyber security organisation and the significant investments in technology and resources that come with the increased levels of threats. However, Tal Arad experienced a clear commitment from Carlsberg’s top management from the first day he accepted the position:
“What I really like about Carlsberg is that we do not see cyber security as a necessary evil, but as an integral part of everything we do, which is exactly the right philosophy. This also means that I have the full backing of the entire management team in terms of getting the right resources.”
"I think that the Maersk ransomware incident in 2017 was a game-changer for many top-level executives who really saw the damage of a large-scale attack. It is one thing to safeguard the everyday availability of our critical systems, but it is a different game to recover from a potentially catastrophic event. Part of my job is to make sure that we have the plans and the capabilities in place for that.”
A never-ending arms race
Looking to the future, Tal Arad and his team will continue to secure Carlsberg while paying close attention to new regulations:
“Running a global company, of course, we need to take into account a lot of different regulations, ranging from GDPR in the EU to the Chinese Cybersecurity Law, and even tougher regulations on the horizon, such as NIS2. We are already in the process of aligning our processes with relevant ISO standards as well as other cybersecurity frameworks, to be well-prepared for new regulation, and we will of course continue to set the bar high when it comes to compliance,” Tal Arad says.
Most importantly, Tal Arad and his team will continue to navigate their security efforts in a world marked by conflict, instability, recession and a geo-political landscape that seems ever-changing:
“Like most other cyber security executives, I tell my organisation to hope for the best but assume the worst. We have just been through two tough and complicated years, and we do not seem to be slowing down. The only thing that we did not deal with yet is alien invasion or a zombie apocalypse, but we are gearing up towards those scenarios as well. We can only hope that 2023 and beyond will be easier for everyone.”