To rethink security strategies, enterprises should tap into edge computing, adopt technologies such as generative AI and ensure "secure by default" practices, said Fastly Vice President Sean Leach. He discussed the evolving risk landscape and third-party providers' role in managing security.
Generative AI is growing rapidly as organizations seek ways to transform human tasks. With the ability to process and analyze large volumes of data in real time, AI can empower defenders to detect and respond to threats more effectively, said John Giamatteo, cybersecurity president at BlackBerry.
Supply chain attacks, such as the MOVEit data breach that has affected more than 150 organizations, are "the nature of the landscape now," said security leader Ian Hill of Upp Corp. The answer to this scourge may be using generative AI to qualify partners and to analyze and score supply chain risk.
Apart from some of the threats surrounding AI, this emerging technology can help defenders formulate effective policies and controls to prevent and mitigate BEC scams. With the evolving threat landscape, harnessing AI becomes crucial in defending, said Johan Dreyer, CTO at Mimecast.
Given the sustained onslaught of cyberattacks against the healthcare industry, organizations can help protect all enterprises simply by sharing advance information, said Steve Hunter, vice president of marketing and development at Health-ISAC. Ensuring anonymity helps users share more freely.
Attackers are targeting the weakest link in the supply chain. Because every vendor poses a risk, you need to classify them by risk and track all the data they manage, said Matan Or-El, co-founder and CEO of Panorays, who advised taking a holistic view of your third-party risk program.
Operationalizing security comes down to making it part of the business process, and everyone in the organization must be responsible. Goals and the objectives must be clearly spelled out, including lines of accountability and ownership, said Jason Hart, chief technology officer for EMEA at Rapid7.
Information security is no longer confined to the tech domain, and instead must align with business outcomes, adapted to suit an organizations' risk appetite, said Matt Gordon-Smith, former CISO at Gatwick Airport. Security teams often must balance competing needs and risks.
Legacy DLP is broken due to excess complexity, extended time to value and misalignment with security and business goals, said Next's Chris Denbigh-White. Addressing insider threats in a meaningful way is one of the biggest data protection challenges for organizations, he said.
CISO Ian Thornton-Trump said he is opportunistic about using chatbots but warns that the technology needs oversight and testing to ensure "the responses that it's giving are accurate and the information it's able to access is also pertinent to the questions that are commonly asked."
Organizations are facing "a myriad of challenges" as they move their resources to the cloud and increasingly rely on third parties, said Island Chief Customer Officer Bradon Rogers. Part of the problem, he said, is that consumer browsers were "never built for living in the enterprise."
"Exposure management has become top of mind for most CISOs" due to three factors: the uncertain geopolitical landscape, the proliferation of the cloud and an increased focus on regulations and compliance, according to Sarah Ashburn, Chief Revenue Officer at Censys.
Attackers targeting the supply chain are "quite predictable in their movements; they want to persist their access, so they're looking for credentials," said Mackenzie Jackson, developer advocate at GitGuardian, who recommends deploying honeytokens to track the predictability of criminals' actions.
Managing risk for internet of things devices must start early in the design phase, says Tim Mackey of Synopsys, who offers insights on key risk mitigation steps, including building a threat model.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.