Divakar Prayaga, A.P. Moller - Maersk's director for security engineering, discusses the evolution of a CISO's role from a tech to a business partner, how it affects a firm's cybersecurity posture and how to get the best return on security technology investments amid challenging economic conditions.
As COVID-19 made remote work more prevalent, managing identity through both network and remote capabilities became a challenge for organizations. Zero trust is a big initiative for the Center for Internet Security, but applying zero trust principles to its infrastructure has not been easy.
Pre-RSA social media gaming predicted it. Many predicted they would loath it. And it happened: Discussions at this year's RSA conference again and again came back to generative artificial intelligence - but with a twist. Even some of the skeptics professed their conversion to the temple of AI.
Organizations often face challenges when they aim to build sustainable security programs at scale. Anna Westelius, director of security engineering with Netflix, discussed the company's big infrastructure projects that give it more leverage over time than investing in manual processes.
With new legal, contractual and cybersecurity requirements, the regulatory landscape is constantly changing on both local and national fronts. As a result, compliance can become increasingly difficult, leaving organizations with a certain amount of risk, said James Shreve, partner, Thompson Coburn.
Identity and access management technology has been around for decades, but identity-related breaches happen every day. The problem is not the underlying system. It’s whether organizations can take advantage of the wealth of data within their systems, says Radiant Logic's Wade Ellery.
Healthcare sector entities' reliance on specialty and legacy equipment, including imaging systems and other gear, continues to present attractive targets for threat actors and a growing risk for medical providers, said Frank Catucci, CTO and head of research at security firm Invicti Security.
Supply chain attacks once were the exclusive provenance of nation-state hackers, says Eric Foster, strategic advisor to Stairwell. But not anymore. "More and more of those are moving downmarket," he said. "These days every threat would qualify as an advanced and persistent threat."
Offense is what paces innovation in cybersecurity since threat actors constantly look for new ways to compromise systems, said AllegisCyber Capital's Bob Ackerman. Many offensive cyber capabilities developed by the national intelligence community make their way into the wild and become exploitable.
Many infrastructures have both OT and IT systems, making data and device transfer between the two systems difficult. Also, some OT devices are outdated while IT systems use modern cloud devices. And the shortage of training is another important hurdle, said OPSWAT CEO Benny Czarny.
Networking was created as a "trust everything" approach that "doesn't know who you are, doesn't know your content or why you're doing it." In the future, according to John Maddison, CMO of Fortinet, all that connectivity will be secure, and the market for secure networking will become bigger.
The threat posed by cybercriminals and fraudsters creates shared risks across the financial services industry including fintech companies. But fintech firms can balance rapid innovation with security and work with each other and governments to repel attackers, said Razorpay CISO Hilal Lone.
The way we secure workloads today is vastly different due to remote work and the move to the cloud following the pandemic. More modern SASE solutions such as zero trust have been adopted, and organizations are moving from legacy such as MPLS to software-defined networking and cloud-based solutions.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.