Given the sustained onslaught of cyberattacks against the healthcare industry, organizations can help protect all enterprises simply by sharing advance information, said Steve Hunter, vice president of marketing and development at Health-ISAC. Ensuring anonymity helps users share more freely.
Attackers are targeting the weakest link in the supply chain. Because every vendor poses a risk, you need to classify them by risk and track all the data they manage, said Matan Or-El, co-founder and CEO of Panorays, who advised taking a holistic view of your third-party risk program.
Operationalizing security comes down to making it part of the business process, and everyone in the organization must be responsible. Goals and the objectives must be clearly spelled out, including lines of accountability and ownership, said Jason Hart, chief technology officer for EMEA at Rapid7.
Information security is no longer confined to the tech domain, and instead must align with business outcomes, adapted to suit an organizations' risk appetite, said Matt Gordon-Smith, former CISO at Gatwick Airport. Security teams often must balance competing needs and risks.
Legacy DLP is broken due to excess complexity, extended time to value and misalignment with security and business goals, said Next's Chris Denbigh-White. Addressing insider threats in a meaningful way is one of the biggest data protection challenges for organizations, he said.
CISO Ian Thornton-Trump said he is opportunistic about using chatbots but warns that the technology needs oversight and testing to ensure "the responses that it's giving are accurate and the information it's able to access is also pertinent to the questions that are commonly asked."
Organizations are facing "a myriad of challenges" as they move their resources to the cloud and increasingly rely on third parties, said Island Chief Customer Officer Bradon Rogers. Part of the problem, he said, is that consumer browsers were "never built for living in the enterprise."
"Exposure management has become top of mind for most CISOs" due to three factors: the uncertain geopolitical landscape, the proliferation of the cloud and an increased focus on regulations and compliance, according to Sarah Ashburn, Chief Revenue Officer at Censys.
Attackers targeting the supply chain are "quite predictable in their movements; they want to persist their access, so they're looking for credentials," said Mackenzie Jackson, developer advocate at GitGuardian, who recommends deploying honeytokens to track the predictability of criminals' actions.
Automated XDR platforms are increasingly sought after as organizations grapple with tool sprawl and the complexity of their security stack. But is there a risk of XDR platforms becoming a single point of failure? Microsoft Senior Director Scott Woodgate emphasized building "resiliency" for XDR.
The increase in attack vectors and new threats has prompted companies to invest heavily in cybersecurity tools. But CISOs struggle with managing siloed products that do not integrate with each other. Consolidation of security architecture is a priority for CISOs, said Check Point's Itai Greenberg.
The relationship between a customer and a brand is personal. Customers want to trust a brand, and that includes trusting it with protecting their digital identity.
The 2023 Telesign Trust Index reveals the critical role of trust in the digital economy. The report illustrates that customers are not only afraid of...
The state of the software supply chain in 2023 continues to be "unacceptable," said Brian Fox, co-founder and CTO at Sonatype. Sounding alarm bells, Fox cited a Sonatype report that said organizations are using known vulnerable components in their applications 96% of the time and known Log4j vulnerabilities nearly 30%...
As the world of customer-business interaction continues to shift toward mobile apps, the challenge of keeping these apps secure is becoming more and more critical. With cyberthreats lurking around every corner, businesses that rely on mobile apps need to ask themselves a fundamental question: What's the best way to...
As the largest media company at RSA Conference 2023, ISMG conducted more than 160 individual interviews with CEOs, CISOs, government leaders, investors, researchers and attorneys. This compendium covers every facet of cybersecurity, from the latest technology solutions to emerging trends.