WEBVTT 1 00:00:07.170 --> 00:00:09.720 Anna Delaney: Hello and welcome to the ISMG Editors' Panel. I'm 2 00:00:09.720 --> 00:00:12.720 Anna Delaney. And this is our weekly spot where the global 3 00:00:12.720 --> 00:00:15.570 team discuss the latest information and cybersecurity 4 00:00:15.570 --> 00:00:19.200 news stories, features and trends. I'm joined today by Tom 5 00:00:19.200 --> 00:00:22.710 Field, senior vice president of editorial; Suparna Goswami, 6 00:00:22.710 --> 00:00:26.460 associate editor at ISMG Asia; and Rashmi Ramesh, senior 7 00:00:26.460 --> 00:00:30.090 subeditor for our global news desk. Very good to see you all. 8 00:00:30.540 --> 00:00:31.350 Tom Field: Nice to be seen. 9 00:00:32.490 --> 00:00:33.540 Suparna Goswami: Glad to be back, Anna. 10 00:00:33.540 --> 00:00:36.870 Rashmi Ramesh: Great to be here, as always. 11 00:00:36.420 --> 00:00:39.060 Anna Delaney: So Suparna, there is a spectacular bridge behind 12 00:00:39.060 --> 00:00:39.870 you. Where are you? 13 00:00:41.010 --> 00:00:42.450 Suparna Goswami: So the background is that of Howrah 14 00:00:42.450 --> 00:00:45.600 Bridge in Calcutta, or Kolkata as they call it now. So it is an 15 00:00:45.630 --> 00:00:49.050 iconic landmark. It is a huge steel bridge over the Hooghly 16 00:00:49.050 --> 00:00:53.220 River. Now it is considered one of the, I think, longest 17 00:00:53.220 --> 00:00:56.970 cantilever bridges in the world. So I'll be traveling at the fact 18 00:00:56.970 --> 00:00:59.790 that I chose this because I'll be traveling to this city first 19 00:00:59.790 --> 00:01:03.420 time for work for ISMG. So I have traveled to the city 20 00:01:03.420 --> 00:01:05.670 multiple times before but this is the first time I am traveling 21 00:01:05.670 --> 00:01:08.760 for work. I have an RT scheduled in a couple of weeks. So yes, 22 00:01:08.760 --> 00:01:12.480 really, looking forward to meeting the CIOs from that city 23 00:01:12.480 --> 00:01:16.980 at the IT Roundtable that I will be hosting and know their views 24 00:01:16.980 --> 00:01:19.590 on cloud adoption, about the maturity of the market, never 25 00:01:19.590 --> 00:01:21.900 really interacted with practitioners from this part of 26 00:01:21.900 --> 00:01:22.260 the city. 27 00:01:23.070 --> 00:01:24.870 Anna Delaney: Also, we look forward to more virtual 28 00:01:24.870 --> 00:01:31.620 backgrounds then from the area. Excellent! Rashmi, this is well, 29 00:01:31.650 --> 00:01:33.450 Tom, was saying it looks like the States but 30 00:01:33.540 --> 00:01:34.800 Tom Field: The Grand Canyon to be honest with you 31 00:01:34.000 --> 00:01:39.250 Rashmi Ramesh: Well, this is where I live, about like 30, 40 32 00:01:39.250 --> 00:01:43.030 kilometers from where I live. This is still Bangalore. It's a 33 00:01:43.030 --> 00:01:48.430 short hike up maybe about five kilometers. So it's literally 34 00:01:48.430 --> 00:01:51.370 like an hour's drive from the city. It's lovely. 35 00:01:52.150 --> 00:01:53.440 Tom Field: Part of Bangalore, I've never seen. 36 00:01:56.020 --> 00:01:57.430 Suparna Goswami: I am sure most of us have not. 37 00:01:59.380 --> 00:02:01.330 Anna Delaney: Tom, you're at a party. 38 00:02:01.930 --> 00:02:05.320 Tom Field: I am milking my recent vacation to Orlando, and, 39 00:02:05.320 --> 00:02:07.480 you know, this is in honor of course we celebrated 40 00:02:07.480 --> 00:02:10.630 Independence Day in the United States last week, some grand 41 00:02:10.630 --> 00:02:13.510 fireworks from Magic Kingdom. 42 00:02:15.340 --> 00:02:18.220 Anna Delaney: Beautiful. So what happens there just as fireworks 43 00:02:18.220 --> 00:02:20.740 display was Minnie and Mickey Mouse come out? 44 00:02:21.530 --> 00:02:25.040 Tom Field: You know, if you can see above what would be my left 45 00:02:25.040 --> 00:02:28.460 shoulder, you see the turret right there. At the end of the 46 00:02:28.460 --> 00:02:32.900 fireworks, Tinker Bell flies from there to another part of 47 00:02:32.900 --> 00:02:36.050 the park. I shouldn't say this but on a zipline, but it is 48 00:02:36.050 --> 00:02:36.710 pretty impressive. 49 00:02:37.880 --> 00:02:38.510 Anna Delaney: Magical. 50 00:02:38.000 --> 00:02:40.130 Tom Field: Well, I don't wanna take the magic away from 51 00:02:40.130 --> 00:02:40.580 anybody. 52 00:02:40.760 --> 00:02:44.540 Anna Delaney: No, well, I am sort of not as fun this week. 53 00:02:44.540 --> 00:02:47.660 But I'm going local today. This is the River Thames behind me. 54 00:02:48.320 --> 00:02:52.040 Taken on a recent walk on a summer's day, so ... 55 00:02:52.310 --> 00:02:54.470 Tom Field: Again, that's part of the Thames I have never seen. 56 00:02:54.470 --> 00:02:55.010 Where's that? 57 00:02:55.580 --> 00:02:59.450 Anna Delaney: In Surrey, so maybe 30 minutes out of London. 58 00:02:59.800 --> 00:03:02.980 Tom Field: So I was gonna see it from South Bank or from Tower 59 00:03:02.980 --> 00:03:03.460 Bridge. 60 00:03:03.780 --> 00:03:07.560 Anna Delaney: Yes, it's long river. Well, so Bank of 61 00:03:07.560 --> 00:03:11.670 America's 2023 CISO survey was released last month. And one of 62 00:03:11.670 --> 00:03:15.030 the topics that came up was this concept of vendor consolidation. 63 00:03:15.030 --> 00:03:17.820 So what are the trends you want to bring to the group? 64 00:03:18,210 --> 00:03:20,160 Tom Field: It is, it's interesting, because there are a 65 00:03:20,160 --> 00:03:23,340 few things in there that really got my interest. And I wasn't 66 00:03:23,340 --> 00:03:26,850 going to reveal the source of the survey. So, I'm not sure 67 00:03:26,850 --> 00:03:29,430 they want that information to be told to the public, but it's out 68 00:03:29,430 --> 00:03:31,710 there now. So we're gonna go with it. But some things that 69 00:03:31,740 --> 00:03:35,130 got my attention. You know, they did a survey of X number of 70 00:03:35,130 --> 00:03:38,790 CISOs talking about some of the trends. And one of the things I 71 00:03:38,790 --> 00:03:41,700 found validating was the CISOs are saying that they've got 72 00:03:41,730 --> 00:03:46,890 decent, discretionary budget for new acquisitions, new solutions 73 00:03:46,890 --> 00:03:50,730 in 2023. That's consistent with what I've seen and heard in our 74 00:03:50,730 --> 00:03:54,450 Roundtable discussions at our events, is that it hasn't been a 75 00:03:54,450 --> 00:03:59,190 matter of level funding or less funding for security. Security 76 00:03:59,190 --> 00:04:01,770 actually has been doing pretty well, particularly as there are 77 00:04:01,770 --> 00:04:04,320 more threats and more incidents, because it's always easier to 78 00:04:04,320 --> 00:04:08,490 get money when, you know, God forbid, your organization gets 79 00:04:08,490 --> 00:04:11,310 struck, but when one of your competitors gets struck, budgets 80 00:04:11,340 --> 00:04:15,210 open up. So I found that validating. I also found it 81 00:04:15,210 --> 00:04:21,240 validating that you're seeing spend on endpoint security, 82 00:04:21,360 --> 00:04:25,110 network security, cloud. This is consistent not just with the 83 00:04:25,110 --> 00:04:29,250 discussions we have, but Suparna, you can chime in on 84 00:04:29,250 --> 00:04:34,140 this that when we get approached to lead Roundtable discussions, 85 00:04:34,170 --> 00:04:37,680 often they're on endpoint security, cloud security, 86 00:04:37,680 --> 00:04:43,170 especially some on vendor in third-party risk management. So 87 00:04:43,170 --> 00:04:46,260 I found it validating that they have money that is being spent 88 00:04:46,260 --> 00:04:49,830 there. Now, one of the points you brought this up, Anna, is 89 00:04:49,860 --> 00:04:53,010 in, we've discussed this a lot in our own internal meetings has 90 00:04:53,010 --> 00:04:57,780 been the notion of vendor consolidation. And there's been 91 00:04:57,780 --> 00:05:04,620 this discussion that CISOs want to work with fewer vendors that 92 00:05:04,620 --> 00:05:09,390 they want to consolidate, and that they're making a shift from 93 00:05:09,510 --> 00:05:14,670 discrete solutions or the old defense in depth or expense in 94 00:05:14,670 --> 00:05:18,480 depth as I've heard it called by Forrester to more of a platform 95 00:05:18,480 --> 00:05:21,450 approach. So instead of working with multiple vendors to work 96 00:05:21,450 --> 00:05:24,840 with a Microsoft more exclusively, a Cisco, a Palo 97 00:05:24,840 --> 00:05:29,910 Alto Networks, and what the CISOs' survey said, that I've 98 00:05:29,910 --> 00:05:33,720 heard consistently is hold on a minute, maybe that's not what 99 00:05:33,720 --> 00:05:38,100 CISOs want. Maybe that's more of a storyline that the vendors 100 00:05:38,100 --> 00:05:41,610 want to, that the platform vendors want to push out into 101 00:05:41,610 --> 00:05:44,610 the public. And I do believe that's the case, as I've had 102 00:05:44,610 --> 00:05:48,300 this discussion with CISOs at our Roundtable events, it's 103 00:05:48,300 --> 00:05:52,110 been, I'm looking for something that's going to protect me on 104 00:05:52,110 --> 00:05:55,500 all fronts, and I want high grades for everything. When you 105 00:05:55,500 --> 00:05:58,740 go with discrete solutions, you can get the best to have high 106 00:05:58,740 --> 00:06:02,460 grades everywhere. When you go with a platform, the platform 107 00:06:02,460 --> 00:06:08,280 might be an A plus, on two out of three areas. But the third 108 00:06:08,280 --> 00:06:13,020 area could be a B minus or a C. How do I go to my senior 109 00:06:13,020 --> 00:06:15,900 management or the board and say, we're going to be superior in 110 00:06:15,900 --> 00:06:18,180 these two areas, but we're going to be average here. Are you okay 111 00:06:18,180 --> 00:06:22,140 with that? And what does average mean? And how do we even 112 00:06:22,140 --> 00:06:26,250 convince our cyber insurers that this is the way to go? So I've 113 00:06:26,250 --> 00:06:30,480 seen a lot of pushback from CISOs on this notion of making 114 00:06:30,480 --> 00:06:34,020 the platform approach. And this survey came out and said exactly 115 00:06:34,020 --> 00:06:37,410 that, that this is less of something that's coming up from 116 00:06:37,770 --> 00:06:41,340 individual enterprises, but more of a storyline that's pushed by 117 00:06:41,340 --> 00:06:44,280 the vendors that would like to see organizations move to a 118 00:06:44,280 --> 00:06:47,160 platform approach. So I found that very validating, and wanted 119 00:06:47,160 --> 00:06:48,780 to bring that to our discussion here today. 120 00:06:49,980 --> 00:06:52,290 Anna Delaney: Excellent. And this view was actually reflected 121 00:06:52,590 --> 00:06:55,500 in a conversation I had with a Gartner analyst recently, who 122 00:06:55,500 --> 00:06:58,500 brought up that well-known phrase, the cybersecurity market 123 00:06:58,500 --> 00:07:02,640 is always consolidating, but never consolidated. And he said 124 00:07:02,640 --> 00:07:05,790 like you, there is a lot of consolidation, but there are 125 00:07:05,790 --> 00:07:08,190 more and more vendors, there are new threats every day, and 126 00:07:08,640 --> 00:07:12,030 therefore new products to tackle those threats. So his advice was 127 00:07:12,030 --> 00:07:14,760 when looking to consolidate, don't think about these projects 128 00:07:14,760 --> 00:07:19,620 as finite projects. Remember to keep it agile and fluid, think 129 00:07:19,620 --> 00:07:21,840 of them more as ongoing exercises. 130 00:07:22,350 --> 00:07:24,270 Tom Field: You know, Anna, something else from the BoA's 131 00:07:24,390 --> 00:07:29,400 report that I found encouraging is that the notion that CISOs 132 00:07:29,400 --> 00:07:32,970 were keeping some discretionary budget, so they can invest in 133 00:07:32,970 --> 00:07:36,060 new solutions and new vendors, and there's a recognition there 134 00:07:36,060 --> 00:07:39,270 that innovation is going to come from the startup community, it's 135 00:07:39,270 --> 00:07:42,420 going to come from someone that we don't know about today Isn't 136 00:07:42,420 --> 00:07:46,950 necessarily going to come from Microsoft or Cisco. And I find 137 00:07:46,950 --> 00:07:52,260 that validated by our own discussions, we see lots of 138 00:07:52,260 --> 00:07:55,620 CISOs coming to our events these days wanting to have very 139 00:07:55,620 --> 00:07:58,620 specific conversations with the vendors that they might not be 140 00:07:58,620 --> 00:08:02,130 working with now, to find out what is it you do? How can you 141 00:08:02,130 --> 00:08:04,710 help me? I think there's a great appetite out there for 142 00:08:04,710 --> 00:08:08,580 innovation. And there's money out there to be spent on vendors 143 00:08:08,580 --> 00:08:10,830 that come along that are offering something new. 144 00:08:11,340 --> 00:08:11,640 Anna Delaney: Yeah. 145 00:08:12,030 --> 00:08:14,250 Suparna Goswami: So Tom, just curious in your Roundtables, so 146 00:08:14,250 --> 00:08:19,230 you don't hear so much talks around budget? Because here when 147 00:08:19,230 --> 00:08:21,210 I have Roundtables, yes, of course, what you said is 148 00:08:21,210 --> 00:08:23,940 absolutely true. They're looking for those point solutions, which 149 00:08:23,940 --> 00:08:27,420 are really, which have those expertise, but at the same time, 150 00:08:27,420 --> 00:08:31,050 they're they too are worried about their budget as well. 151 00:08:31,890 --> 00:08:34,320 Tom Field: When we talk about resources Suparna, the 152 00:08:34,320 --> 00:08:38,340 conversation is less about financial resources and more 153 00:08:38,340 --> 00:08:43,230 about finite human resources. I don't have the people that I can 154 00:08:43,230 --> 00:08:46,260 deploy to manage all these different solutions and 155 00:08:46,260 --> 00:08:48,390 relationships. And that's part of what's driving the 156 00:08:48,390 --> 00:08:51,390 consolidation is I don't have people that can manage all this. 157 00:08:51,390 --> 00:08:56,010 I don't have visibility across all these different arenas. And 158 00:08:56,010 --> 00:08:58,980 we're looking to consolidate that view. So it's less about 159 00:08:58,980 --> 00:09:02,310 the money and it's more about, I don't have the people how can I 160 00:09:02,310 --> 00:09:05,310 get access to talent and solutions that I don't have 161 00:09:05,310 --> 00:09:07,830 in-house? And the money seems to be there for that. 162 00:09:09,960 --> 00:09:11,940 Anna Delaney: Very good. Well, thank you for bringing that to 163 00:09:11,940 --> 00:09:14,760 our attention, Tom. Suparna, speaking of innovation, you 164 00:09:14,760 --> 00:09:18,480 recently had the opportunity to interview the global CIO of Palo 165 00:09:18,480 --> 00:09:22,140 Alto, Meerah Rajavel. So tell us about what you discussed. 166 00:09:23,280 --> 00:09:25,710 Suparna Goswami: Absolutely, yes. So as you said, the global 167 00:09:25,710 --> 00:09:29,460 CIO of Palo Alto Networks, Meerah Rajavel, she came down to 168 00:09:29,460 --> 00:09:31,800 India for three four days and ISMG not only had the 169 00:09:31,800 --> 00:09:35,670 opportunity to meet her but interview her as well. So we did 170 00:09:35,790 --> 00:09:39,330 talk about, of course, we could not miss it about generative AI. 171 00:09:39,840 --> 00:09:43,650 I asked her how she is using AI to improve the overall IT 172 00:09:43,650 --> 00:09:47,700 efficiency in her organization, not so much what Palo Alto is 173 00:09:47,700 --> 00:09:50,760 doing in the products, but what she's doing as a CIO in her 174 00:09:50,760 --> 00:09:54,930 organization, and she gave some good examples. So one of the 175 00:09:54,930 --> 00:09:58,530 examples she gave was when a product gets launched, so 176 00:09:58,530 --> 00:10:01,470 typically when this happens a product gets launched, the 177 00:10:01,470 --> 00:10:05,670 product team produces a lot of documentation that becomes the 178 00:10:05,670 --> 00:10:09,120 basis for the marketing team. So typically, the time the product 179 00:10:09,150 --> 00:10:13,950 documentation is ready, and the product is finally launched, it 180 00:10:13,950 --> 00:10:17,190 takes about four to six weeks to finally launch a product. 181 00:10:17,580 --> 00:10:21,120 Because a lot of artifacts like your blogs, your PR activities 182 00:10:21,150 --> 00:10:24,060 other things are really planned before a product is getting 183 00:10:24,090 --> 00:10:27,150 launched. This is where Palo Alto thought of leveraging 184 00:10:27,150 --> 00:10:30,630 generative AI. And they reduced the entire process from four to 185 00:10:30,630 --> 00:10:36,000 six weeks to two to three days. And, they brought the product 186 00:10:36,000 --> 00:10:38,970 engineering and the product marketing team in a singular 187 00:10:38,970 --> 00:10:43,320 fashion because the content is being produced by AI. Of course, 188 00:10:43,320 --> 00:10:47,010 they did not eliminate the human element completely. It was 189 00:10:47,040 --> 00:10:49,650 overlooked by the humans, they were there was patchup done by 190 00:10:49,650 --> 00:10:52,860 the humans, but 70 to 80% of the content was produced by the 191 00:10:52,860 --> 00:10:59,670 human. So yes, generative AI is a very core business strategy 192 00:10:59,670 --> 00:11:03,570 for Palo Alto, and, but to be honest, they have been in the AI 193 00:11:03,570 --> 00:11:06,360 space for a long time, I did check with her that what is new, 194 00:11:06,390 --> 00:11:09,660 you have been in the AI space for a long time. But of course, 195 00:11:09,660 --> 00:11:13,770 it was mainly the ML model that they were focusing on. But now 196 00:11:13,800 --> 00:11:17,310 she said that she wants to put AI right in the center of their 197 00:11:17,310 --> 00:11:22,920 strategy game and not just add AI on top of any product, you 198 00:11:22,920 --> 00:11:27,810 know, or just put it at the center of what is whatever is 199 00:11:27,810 --> 00:11:28,620 being done. Yeah. 200 00:11:29,730 --> 00:11:32,070 Anna Delaney: Did you also talk about cybersecurity? 201 00:11:33,300 --> 00:11:35,850 Suparna Goswami: It was about cybersecurity as well. But it 202 00:11:35,850 --> 00:11:39,630 was more on, you know, the whatever she is doing on 203 00:11:39,630 --> 00:11:43,320 generative AI. She did mention about a product that they've 204 00:11:43,320 --> 00:11:51,180 come up come out with on it's what it is called, yeah, XSIAM. 205 00:11:51,210 --> 00:11:55,500 Yes, XSIAM. And it is on automating SOC. But mainly we 206 00:11:55,500 --> 00:11:58,440 did speak about because she was the CIO, I was just curious to 207 00:11:58,440 --> 00:12:03,780 know how she is handling or what is her strategy when it comes to 208 00:12:04,350 --> 00:12:07,650 your generative AI, and there are lot of other things that she 209 00:12:07,650 --> 00:12:12,480 has planned as well. On generative AI, for example, she 210 00:12:12,480 --> 00:12:16,350 said that generative AI will have a significant impact on 211 00:12:16,890 --> 00:12:20,760 efficiency, on speed and on experience. So she explained to 212 00:12:20,760 --> 00:12:25,350 me one of the initiatives that she is driving. So between IT, 213 00:12:25,380 --> 00:12:29,460 HR and some other functions, there are usually an employee 214 00:12:29,460 --> 00:12:33,000 will have multiple questions, like they will have my laptop is 215 00:12:33,000 --> 00:12:35,640 not functioning or there will be a question there will be queries 216 00:12:35,640 --> 00:12:40,260 around salary or career growth or switch, can I switch to the 217 00:12:40,260 --> 00:12:44,490 other team? So Palo Alto, she mentioned this, is a company 218 00:12:44,490 --> 00:12:47,430 which has around 15,000 employees, but they get around 219 00:12:47,460 --> 00:12:52,410 400,000 queries every month. And it takes them days to weeks, and 220 00:12:52,410 --> 00:12:55,710 sometimes even months to respond to these queries. So this is 221 00:12:55,710 --> 00:12:59,310 where she has brought AI. She said that of course one of the 222 00:12:59,310 --> 00:13:02,370 solutions that was proposed to her was that a great search 223 00:13:02,370 --> 00:13:05,220 function will do but the argument is that it will throw 224 00:13:05,220 --> 00:13:08,430 up multiple options. So if you're a new employee, you won't 225 00:13:08,430 --> 00:13:11,700 know how to go about it. So there she is, again, leveraging 226 00:13:11,700 --> 00:13:15,000 AI. They're looking to make available 90% of the information 227 00:13:15,000 --> 00:13:18,870 in the form of an AI assistant. But again, like she's, like I 228 00:13:18,870 --> 00:13:21,030 said before, she doesn't want to completely do away with the 229 00:13:21,030 --> 00:13:24,030 human element. So the rest 10% can be addressed by humans. The 230 00:13:24,030 --> 00:13:27,000 human loop is necessary for the personal touch. But yes, 90% 231 00:13:27,450 --> 00:13:31,620 will be, is being made available by an AI assistant. And even 232 00:13:31,620 --> 00:13:33,840 you're transforming the go-to-market experience that I 233 00:13:33,840 --> 00:13:37,800 just spoke about. The products team produces a lot of content, 234 00:13:37,800 --> 00:13:40,470 which is used by the marketing team while launching a product. 235 00:13:40,770 --> 00:13:46,440 So she is producing 80% of the content is being written by AI 236 00:13:46,440 --> 00:13:49,680 and the rest 20% is being improvised by humans. And the 237 00:13:49,680 --> 00:13:53,490 third category, which is she's focusing on is information at 238 00:13:53,490 --> 00:13:58,200 the fingertip of customers. The customers, they can they should 239 00:13:58,200 --> 00:14:01,200 be able to experience the product. That's what the aim is. 240 00:14:01,200 --> 00:14:03,990 The aim is to make Palo Alto product smart enough so that 241 00:14:04,290 --> 00:14:08,220 they can let the customers know in advance what are the changes 242 00:14:08,220 --> 00:14:11,430 they can expect. And they and give them the choice of auto 243 00:14:11,430 --> 00:14:14,010 remediations. But these are some of the things that she 244 00:14:14,010 --> 00:14:16,290 discussed. Of course, there were other topics that she discussed 245 00:14:16,290 --> 00:14:20,580 on industry cloud platforms, how that is gaining, that is a major 246 00:14:20,580 --> 00:14:24,600 trend that is going on. So that industry cloud platform 247 00:14:24,600 --> 00:14:28,440 essentially accelerates cloud adoption by appealing to 248 00:14:28,560 --> 00:14:32,130 particular industry and business consumers. And this is not 249 00:14:32,130 --> 00:14:35,550 really targeted at early cloud adopters. But yes, who are 250 00:14:35,550 --> 00:14:40,080 little mature and by offering them adaptable, and you know, 251 00:14:40,320 --> 00:14:43,740 probably relevant industry solutions. So that is one of the 252 00:14:44,040 --> 00:14:46,710 trends that she is also seeing, industry cloud platforms. 253 00:14:47,430 --> 00:14:49,410 Anna Delaney: Excellent. Very thorough, and all these 254 00:14:49,620 --> 00:14:52,650 generative AI use cases really helpful. Thanks, Suparna. Look 255 00:14:52,650 --> 00:14:55,050 forward to seeing that published on our sites. 256 00:14:55,440 --> 00:14:56,910 Tom Field: I'm gonna tell you too, Suparna, I'm looking 257 00:14:56,910 --> 00:15:00,090 forward to as we get out and start our Roundtable discussions 258 00:15:00,090 --> 00:15:04,260 and Summits for the second half of this year, to see how the 259 00:15:04,260 --> 00:15:09,210 generative AI discussion is different in July than it was in 260 00:15:09,210 --> 00:15:12,900 January. We've had six months for organizations to get their 261 00:15:12,900 --> 00:15:15,930 feet under them and get a better understanding of this and what 262 00:15:15,930 --> 00:15:18,270 it means to their organizations. I want to start hearing about 263 00:15:18,270 --> 00:15:18,480 them. 264 00:15:19,110 --> 00:15:19,440 Anna Delaney: Yeah. 265 00:15:19,500 --> 00:15:19,830 Suparna Goswami: Alright. 266 00:15:21,690 --> 00:15:23,970 Anna Delaney: Rashmi, you've written a very interesting 267 00:15:23,970 --> 00:15:27,780 feature this week, stripping the magnetic stripe, what's taking 268 00:15:27,780 --> 00:15:30,840 so long and the premise of the article is that the world is 269 00:15:30,840 --> 00:15:34,200 moving on from the magnetic stripe payment cards with one 270 00:15:34,200 --> 00:15:37,890 notable exception. Tell us what or who that notable exception 271 00:15:37,890 --> 00:15:38,190 is. 272 00:15:39,240 --> 00:15:41,670 Rashmi Ramesh: Yeah, so we've been talking about magnetic 273 00:15:41,670 --> 00:15:45,390 stripes and cybersecurity risks for, what, more than a decade 274 00:15:45,420 --> 00:15:50,070 now. And it got me thinking, why is this still an issue? I 275 00:15:50,070 --> 00:15:52,980 remember Mastercard, saying that it would soon phase out magnetic 276 00:15:52,980 --> 00:15:57,120 stripes. Why hadn't that happened yet? And how were all 277 00:15:57,120 --> 00:15:59,790 the moving parts in this ecosystem dealing with the 278 00:15:59,790 --> 00:16:04,500 security risks? So Suparna and I decided to ask the experts, both 279 00:16:04,530 --> 00:16:09,780 payments and cybersecurity. So turns out that the U.S., which 280 00:16:09,780 --> 00:16:13,650 is one of the biggest markets for payment cards, is also one 281 00:16:13,650 --> 00:16:16,560 of the biggest holdouts when it comes to moving to chips 282 00:16:16,560 --> 00:16:20,700 entirely. So everyone in the ecosystem, credit card issuers, 283 00:16:21,240 --> 00:16:24,660 your banks and consumers all agree that the magnetic stripe 284 00:16:24,660 --> 00:16:28,140 is prone to hacking. So that begs the question, right? Like, 285 00:16:28,140 --> 00:16:31,530 why is the U.S. still clinging on to a technology that is more 286 00:16:31,530 --> 00:16:35,100 than 60 years old now? So the primary answer to this is a 287 00:16:35,100 --> 00:16:39,630 thing that runs the world - money. So replacing them costs a 288 00:16:39,630 --> 00:16:43,950 lot of money. And it's a tedious job, and it's no specific 289 00:16:43,950 --> 00:16:48,180 organization's responsibility. So why is it expensive and 290 00:16:48,180 --> 00:16:52,710 tedious? Mostly because small merchants, millions of them, 291 00:16:53,010 --> 00:16:56,580 need to be convinced to bear the cost of updating their POS 292 00:16:56,580 --> 00:16:59,760 machines. And they must be convinced to do it, when the 293 00:16:59,760 --> 00:17:03,150 payment process they have in place now works perfectly well. 294 00:17:03,690 --> 00:17:06,660 So take gas stations, for example. They're one of the 295 00:17:06,660 --> 00:17:09,270 largest everyday spend categories for card payments, 296 00:17:09,300 --> 00:17:12,330 and they spread across the country. They're also the 297 00:17:12,330 --> 00:17:16,170 costliest to deploy new software in. And then there's the card 298 00:17:16,170 --> 00:17:19,620 brands who cannot really just wake up one day and choose to 299 00:17:19,620 --> 00:17:22,680 not support a standard. They have mandates where they need to 300 00:17:22,680 --> 00:17:25,830 comply with payments standards, such as the ISO, which defines 301 00:17:25,830 --> 00:17:28,620 the smallest of things like, you know, the shape, the layout, and 302 00:17:28,620 --> 00:17:32,970 even font that can be used on a card. But none of this is to say 303 00:17:32,970 --> 00:17:36,570 that we're always going to be living in the 60s. What really 304 00:17:36,600 --> 00:17:40,950 helped bring the move to chip is that card networks eventually 305 00:17:40,950 --> 00:17:44,760 shifted the liability of any fraud that happens on magnetic 306 00:17:44,760 --> 00:17:49,110 stripes to the merchant. So basically, if there was a fraud, 307 00:17:49,290 --> 00:17:51,990 at the point of sale, like a counterfeit card being used, 308 00:17:52,290 --> 00:17:55,740 then the loss would be borne by whatever party wasn't EVM 309 00:17:55,740 --> 00:18:00,270 compliant. And more often than not, that was a merchant. But 310 00:18:00,450 --> 00:18:05,310 this liability shift was also staggered. It did not apply 311 00:18:05,310 --> 00:18:08,730 everywhere, all at once. So we spoke about the millions of gas 312 00:18:08,730 --> 00:18:11,820 station payment terminals earlier, right. So they were 313 00:18:11,820 --> 00:18:14,190 given a little bit more time than others to make that 314 00:18:14,190 --> 00:18:20,700 transition. So this change sort of began around 2015. At that 315 00:18:20,730 --> 00:18:24,330 time, there were about billions of cards circulating in the 316 00:18:24,390 --> 00:18:28,440 U.S., most of which were magnetic stripe cards, which had 317 00:18:28,440 --> 00:18:32,850 shelf lives of about four to five years. So that transition 318 00:18:32,850 --> 00:18:36,840 to chip began after that. So it took time for merchants to roll 319 00:18:36,840 --> 00:18:39,480 out the hardware for issuers to replace all the cards that were 320 00:18:39,480 --> 00:18:43,230 already in the market. And for processors to get the technology 321 00:18:43,680 --> 00:18:47,730 in place. So eight years later, we're still in the process of 322 00:18:47,730 --> 00:18:50,790 phasing out. And there is concern about disruption to 323 00:18:50,790 --> 00:18:53,940 customer experience. What if the chip doesn't work and there's no 324 00:18:53,940 --> 00:18:56,910 fallback magstripe? What if the payment isn't processed 325 00:18:56,910 --> 00:19:00,540 correctly due to the hardware issues? So the answer to why we 326 00:19:00,540 --> 00:19:03,300 still have magstripe is a vicious circle at this point. 327 00:19:04,230 --> 00:19:08,100 Tom Field: It's all my country. It's so embarrassing. To tell 328 00:19:08,100 --> 00:19:11,190 you Rashmi, I remember it was maybe a dozen years ago, when 329 00:19:11,490 --> 00:19:14,940 the U.S. started to go to what they call chip and signature. 330 00:19:15,090 --> 00:19:17,370 You know, it used to - go to your merchant would use the chip 331 00:19:17,370 --> 00:19:20,100 card. And then they would check the signature on the back of 332 00:19:20,100 --> 00:19:22,560 your card against your other signature, your driver's 333 00:19:22,560 --> 00:19:26,640 license, whatever it may be. Very few merchants ever looked 334 00:19:26,640 --> 00:19:29,850 at that. You could go, you could use any card you want. As long 335 00:19:29,850 --> 00:19:31,860 as it went through, they worked. They were fine with that. 336 00:19:32,010 --> 00:19:32,220 Rashmi Ramesh: Yeah 337 00:19:32,250 --> 00:19:36,150 Tom Field: We're seeing a lot more in the U.S. of tap-and-go 338 00:19:36,330 --> 00:19:38,490 payments. And so I think we're getting over some of the 339 00:19:38,490 --> 00:19:41,220 hurdles. But honestly, I think one of the things that's helping 340 00:19:41,220 --> 00:19:46,920 us get over these hurdles is a younger generation of consumers 341 00:19:47,160 --> 00:19:51,120 that are used to different forms of payment and are very happy 342 00:19:51,120 --> 00:19:54,780 with the tap and go, used to the chip. And we're losing some of 343 00:19:54,780 --> 00:19:59,280 the legacy dependency on the old magstripe. So I'm encouraged 344 00:19:59,280 --> 00:20:01,650 that there will be some changes, but I think it's a generational 345 00:20:01,650 --> 00:20:03,720 change more than its a technological change. 346 00:20:04,920 --> 00:20:07,890 Anna Delaney: Rashmi, you raised the point that this is not just 347 00:20:07,890 --> 00:20:12,240 about cost - it is costly to remove the magnetic stripe. But 348 00:20:12,690 --> 00:20:17,220 this is not just the merchants, it's to do with the community 349 00:20:17,220 --> 00:20:20,100 itself - the card community itself. Tell us more. 350 00:20:20,880 --> 00:20:23,940 Rashmi Ramesh: Yeah. So you're right that it is about the 351 00:20:23,940 --> 00:20:29,430 card-issuing community as well. So those CEO of the merchant 352 00:20:29,430 --> 00:20:33,420 advisory group, whom I spoke to his name is John, I hope I'm 353 00:20:33,420 --> 00:20:37,410 pronouncing this correctly, Drechny. So basically, this 354 00:20:37,410 --> 00:20:42,240 group represents more than 150 U.S. merchants. So he said that 355 00:20:42,240 --> 00:20:46,080 if you look through Mastercard's announcement, for example, it 356 00:20:46,080 --> 00:20:49,620 says that prepaid cards don't really have a timeline for the 357 00:20:49,620 --> 00:20:54,300 removal of magnetic stripe. So it essentially means that even 358 00:20:54,300 --> 00:20:59,280 if merchants install new EMV equipment, they will still be 359 00:20:59,280 --> 00:21:03,210 required to support magnetic stripe. So if cards are going to 360 00:21:03,210 --> 00:21:06,090 be in the market, it doesn't really make sense for everyone 361 00:21:06,090 --> 00:21:09,360 to install the new equipment, especially not in a short time 362 00:21:09,360 --> 00:21:11,430 frame, and definitely not in haste. 363 00:21:12,900 --> 00:21:15,300 Anna Delaney: Excellent. Well, thank you very much. I implore 364 00:21:15,300 --> 00:21:18,660 everybody to go read your article. It's a great analysis 365 00:21:18,660 --> 00:21:23,070 of where we are at the moment. So and finally, just for fun, 366 00:21:23,400 --> 00:21:26,580 what's on your cyber tech summer reading list? 367 00:21:27,810 --> 00:21:31,530 Tom Field: I will say for me, it's less about physical 368 00:21:31,530 --> 00:21:35,070 reading, and more about digital. I'm spending a lot of time on 369 00:21:35,070 --> 00:21:39,300 our own education site, CyberEd.io, where we've launched 370 00:21:39,300 --> 00:21:44,760 just a graduate courses in cybersecurity education. And in 371 00:21:44,760 --> 00:21:48,060 the time that I'm not spending on the road for our events and 372 00:21:48,060 --> 00:21:50,910 for our Roundtable discussions, I was spending more time there 373 00:21:50,910 --> 00:21:53,940 just trying to enhance my own education. This world, this 374 00:21:53,940 --> 00:21:58,140 industry is moving so fast, and it takes considerable more effort to 375 00:21:58,140 --> 00:22:01,260 try to keep up and we've got a great place that we can try to 376 00:22:01,260 --> 00:22:03,120 do that. So that's where I'm spending my time this summer. 377 00:22:03,840 --> 00:22:06,600 Anna Delaney: Well said. Suparna? 378 00:22:07,800 --> 00:22:11,190 Suparna Goswami: Yes, in fact, one is a physical book that I 379 00:22:11,190 --> 00:22:15,120 want to read. It was recommended by a security practitioner from 380 00:22:15,120 --> 00:22:18,930 Australia, Chirag Joshi. He recommended "The Wires of War: 381 00:22:19,440 --> 00:22:21,840 Technology and the Global Struggle for Power." So it 382 00:22:21,840 --> 00:22:26,400 essentially explains the high stakes, the cyberwar brewing 383 00:22:26,400 --> 00:22:30,570 between the Western democracies and China and Russia, and the 384 00:22:30,570 --> 00:22:35,130 social disinformation risk to the U.S., especially that can 385 00:22:35,160 --> 00:22:38,970 probably bring democracy, damage democracy. So the book 386 00:22:38,970 --> 00:22:41,370 talks about that was highly recommended by him, I plan to 387 00:22:41,370 --> 00:22:46,140 purchase it. I have planned to order it soon, probably sometime 388 00:22:46,140 --> 00:22:52,380 this week. And the other one which I follow a lot in ISMG 389 00:22:52,380 --> 00:22:57,450 websites are the webinars. So I do go to the webinars and they 390 00:22:57,450 --> 00:23:01,050 have some of the vendors, they have some fantastic sometimes 391 00:23:01,410 --> 00:23:05,430 PPTs that, you know, especially when it comes to cloud or OT 392 00:23:05,430 --> 00:23:08,610 security, I specifically look at those webinars, and even they 393 00:23:08,610 --> 00:23:12,000 have those white papers that I read. But yes, I will. I will 394 00:23:12,000 --> 00:23:16,350 also, I plan to probably, you know, I'll take Tom's advice, 395 00:23:16,380 --> 00:23:20,580 CyberEd.io. And I'll probably go visit that site as well. 396 00:23:21,060 --> 00:23:22,470 Tom Field: Well you make a good point, Suparna. I probably 397 00:23:22,470 --> 00:23:24,600 record four or five of those webinars a week. So there's 398 00:23:24,600 --> 00:23:26,040 education every day right there. 399 00:23:26,070 --> 00:23:28,080 Suparna Goswami: Yes, those webinars are great. 400 00:23:29,430 --> 00:23:29,970 Anna Delaney: Rashmi? 401 00:23:31,050 --> 00:23:34,530 Rashmi Ramesh: Mine are two really cool crypto books: crypto 402 00:23:34,530 --> 00:23:38,490 security books. One is called "Tracers in the Dark," by Andy 403 00:23:38,490 --> 00:23:43,260 Greenberg. It's about law enforcement, tracing ill-gotten 404 00:23:43,260 --> 00:23:48,540 cryptocurrency and "The Lazarus Heist," by Geoff White, which is 405 00:23:48,540 --> 00:23:52,860 so cool. And it's about North Korea, how the adventures really 406 00:23:52,890 --> 00:23:56,940 of North Korean threat actors. Its, they're both really 407 00:23:56,940 --> 00:24:02,160 amazing. And I've read half of one of them, and definitely on 408 00:24:02,160 --> 00:24:04,440 my list for the next couple of months. 409 00:24:04,980 --> 00:24:07,080 Anna Delaney: And the Lazarus Heist was serialized, I think on 410 00:24:07,080 --> 00:24:07,500 a podcast. 411 00:24:07,500 --> 00:24:07,950 Rashmi Ramesh: Yes 412 00:24:09,780 --> 00:24:12,330 Anna Delaney: There are always the audio channels as well. 413 00:24:12,480 --> 00:24:15,420 Well, I'm looking at Yuval Harari's "21 Lessons for the 414 00:24:15,420 --> 00:24:19,800 21st Century." It's interesting because I look forward to what 415 00:24:19,800 --> 00:24:23,880 he creates post ChatGPT that was obviously written even before 416 00:24:23,880 --> 00:24:28,440 COVID. So I'm sure he has thoughts to add. And also one 417 00:24:28,440 --> 00:24:31,440 that's caught my eye "Impromptu: Amplifying Our Humanity Through 418 00:24:31,470 --> 00:24:38,220 AI" written by Reid Hoffman, along with GPT-4. So couple of 419 00:24:40,140 --> 00:24:40,590 ... 420 00:24:43,680 --> 00:24:46,020 Well, this has been excellent and educational. Thank you so 421 00:24:46,020 --> 00:24:48,390 much, Tom, Suparna and Rashmi. Until next time. 422 00:24:48,420 --> 00:24:49,110 Suparna Goswami: Thank you, Anna. 423 00:24:50,430 --> 00:24:52,350 Anna Delaney: And thanks so much for watching. Until next time 424 00:24:54,210 --> 00:24:54,240 ...