The use of cloud by financial services firms has risen from 91% to 98%, and multi-cloud for critical operations has risen dramatically, triggering greater risk and regulatory scrutiny, said Troy Leach, chief strategy officer at the Cloud Security Alliance, citing a new survey.
The trend of bring your own device has boosted global businesses, but as new smartphones, tablets and portable storage devices emerge, the challenge of securing these devices intensifies. With organizations increasingly adopting BYOD, the question remains: How can we secure these devices?
The threat landscape continues to deteriorate, and criminals are using new techniques and pulling off devastating attacks. Meanwhile, security leaders are struggling to fill a critical shortage of skilled talent. Rob Clyde shares how ISACA is helping defenders keep up and gain cyber maturity.
Gamification in cybersecurity can bring great potential business value to many organizations, but security teams need to dispel some misconceptions. In the first place, it’s not a game that takes employees away from their jobs, said Joe Carson, chief security scientist and advisory CISO at Delinea.
With an ever-expanding threat landscape, organizations need to possess the right tools and knowledge to deal with cyberattacks. Dawn Cappelli, head of OT-CERT at Dragos, recommends training small and medium-sized businesses that are just starting their operation technology journey.
Most people would assume ransomware tops the list of cyber insurance claims. Not so these days. Most claims are originating from third-party attacks, said Peter Hedberg of Corvus Insurance and Christopher J. Seusing of law firm Wood Smith Henning & Berman.
Humans continue to reuse simple passwords that criminals can access, and passwordless continues to be the way forward. Jeff Shiner, CEO of 1Password, said we're making progress toward the future of authentication - passkeys - and discussed when, why and how to adopt them.
In the face of a growing attack surface, the architecture and technology of traditional SIEMs keeps them from meeting the needs of modern enterprises. Firms can address these gaps with data protection, threat content as a service, and peer-to-peer collaboration, said Securonix CEO Nayaki Nayyar.
Everyone needs to have a security-first mindset for identity because as much as it is a defender's shield, it is also an attacker's target, said Rohit Ghai, CEO at RSA. In fact, identities are the most attacked part of enterprises, yet too little energy is spent on monitoring them.
The ever-expanding threat landscape and the continued talent shortage mean defenders increasingly need to be ready with the skilled talent to face the onslaught of cybercriminals who are gaining momentum by employing new tactics, according to Pamela Nigro, ISACA board chair.
Even as an increasing number of companies begin to migrate their systems to the cloud for better performance optimization and cybersecurity, each company's journey is unique. Otis Elevator, a "100-year-old startup," shares its cloud migration journey challenges, workarounds and key takeaways.
While AI is presenting intriguing opportunities for productivity and innovation, the tech world must grapple with serious regulatory, legal and related policy considerations, said privacy, security and legal experts Benham Dayanim, Patricia Titus and Heather West in this CyberEdBoard talk.
Many of the cyber-related questionnaires that organizations ask their third parties to complete "are too broad" and not properly focused on questions related to the services or products being offered by that vendor, said Cassie Crossley, vice president of supply chain at Schneider Electric.
Cybercrime has grown considerably in the last several years. The scope, velocity and variability of attacks have increased, as has the attack surface - and it's impossible for humans alone to understand, correlate, find the cause, analyze and fix it, said Bipul Sinha, co-founder and CEO of Rubrik.
A key problem in organizations is that security and development are treated as two disparate processes instead of part of the same system. Executives deal with security issues after the fact and don't make it part of the development pipeline, said Nick Durkin, field CTO at Harness.