Business email compromise continues to be a significant threat and is one of the most financially damaging online crimes. Attackers continue to innovate and grow in sophistication, which means defenders need to leverage new technology, warned Mike Britton, CISO of Abnormal Security.
As the digital landscape evolves, security teams need skills and training platforms that can provide the right resources for an organization "by showing what someone has got in terms of skills, without necessarily fully relying on their CVs," said Jess Burn, senior analyst at Forrester.
Recent legal actions against CISOs have spawned a debate on whether security leaders should be held accountable for security incidents. CISOs should manage this shifted liability through real-time documentation and collaboration with law enforcement, said attorney Stephen Reynolds.
Grant Bourzikas shared his experience as the new CISO at Cloudflare, highlighting a 90-day period during which he engaged with customers, internal nonsecurity personnel, executives and his team to gather insights on Cloudflare's security landscape.
Organizations engaged in software production often run their applications and services within cloud environments. CEO Ganesh Pai advocates the "shift-up" approach for enhanced cloud security, which focuses on operational visibility extending from software composition to production workloads.
Chen Burshan, the CEO of Skyhawk Security, wants to use the power of generative AI as part of the threat detection flow. Organizations with risk management tools in place and risk reduction occurring are still getting breached and therefore need to focus more on threat detection, he said.
In the new world of workloads in the cloud, hybrid systems, shadow IT and microservices, the legacy approach to threat detection no longer works, said Matt Shea, Chief Strategy Officer at MixMode. "Data is too big," he said, and "a radical new approach" is required.
Applications rely on lines of code to provide business value, but too much of that code is inherently dirty, full of inconsistencies and vulnerabilities. Olivier Gaudin, co-founder and CEO of Sonar, said organizations need clean code that is consistent, intentional, adaptable and responsible.
In the ever-evolving landscape of cybersecurity, zero authority is giving defenders a new perspective on security and business enablement, said Jake Seid, general partner at Ballistic Ventures. "Zero authority is an architectural change that affects every area of security," he said.
In encryption-less attacks, ransomware gangs steal large volumes of sensitive data, including terabytes of information, without locking up systems. Attackers leverage the value of the stolen data as a means to coerce organizations into paying ransoms to avert data release.
The cybersecurity industry remains resilient in the face of recession fears, said Alberto Yépez, co-founder and managing director of Forgepoint Capital. Amid economic shifts and technological advancements, the market is adapting to new challenges and opportunities.
Conventional wisdom recommends to never negotiate with ransomware actors. They can't be trusted. But Mark Lance at GuidePoint Security recently made the case that organizations can gather important information through negotiations, slow down the process and even lower the ransom demand.
This year's massive exploitation of managed file transfer products such as Fortra's GoAnywhere and Progress Software's MOVEit proves that MFTs are a hacker's paradise. Research by John Dwyer of IBM Security X-Force shows why and also reveals a path toward protecting MFTs in the future.
Large enterprises may have hundreds or thousands of APIs. Concerns over API vulnerabilities have been around for years, but most organizations outside of highly regulated industries such as banking have not taken the steps to understand the threats they face, said Richard Bird, CSO at Traceable.
The cyber insurance landscape has evolved significantly over the last 10 to 15 years. Initially, renewals were relatively straightforward, but with the rise of cyberthreats such as ransomware, the market has shifted dramatically to reduce risk exposure.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.