The U.S. national cybersecurity strategy released by the Biden Administration is part of a larger effort to draw attention to the pervasive issue of cybersecurity liability on the part of vendors. The strategy also calls for ramping up the adoption of software bill of materials, or SBOMs.
Organizations face three major challenges in safeguarding data, said Gee Rittenhouse, CEO of Skyhigh Security. The first is determining where data is located. The second is knowing who had access to the data and what they are doing with it. The third is determining the level of risk exposure.
Cybercrime has evolved over the decades, and criminals are running entities that function exactly like legitimate organizations. The high-revenue industry is growing, and those running it continue to improve at doing their jobs, said Jon Clay, vice president of threat intelligence at Trend Micro.
As the cyberthreat and regulatory landscapes are evolving, so too are the data security and privacy priorities of healthcare sector entities, said Taylor Lehmann, director, Office of the CISO, Google Cloud, who explains how organizations can respond to the challenges.
The challenges in building a privacy program to comply with laws and regulations across multiple jurisdictions and verticals are numerous, especially since much has changed in the past decade, said Nishant Bhajaria, director of privacy engineering, architecture and analytics at Uber One.
Many organizations are finally improving basic cyber hygiene, but the major problem facing defenders and governments is how to achieve scale across all sizes of businesses including nonprofits around the world, said Phil Reitinger, CEO and president of Global Cyber Alliance.
OT security programs continue to be underfunded and understaffed, although rapid growth in this sector and new focus from government and organizations show hope, said Alexander Antukh, CISO of AboitizPower, and Mex Martinot, vice preisdent and global head of industrial cybersecurity, Siemens Energy.
Organizations need to look at privacy at a strategic and "almost cellular level" that is in constant motion, said Michelle Dennedy, CEO of PrivacyCode. "It's generative privacy." Dennedy said that nearly 75% of the world is governed by a GDPR-like scheme, and it's time for the U.S. to follow suit.
Threat intelligence is an important component of OT security because it maps the techniques and tactics of threat actors to what they are likely to attack, and it collaborates across teams to cover potential vulnerabilities, according to CISOs Susan Koski and Sapan Talwar.
APIs are delivering huge business value, but people don’t know how many APIs they have in their organization, what they do or who controls them. And that causes massive security vulnerabilities, according to CyberEdBoard panelists Chase Cunningham and Richard Bird.
In the online world, knowing and trusting who you are interacting with has been a problem for decades. When it comes to assessing the state of identity verification, "we certainly have a lot of problems to address," according to identity expert Jeremy Grant of Venable.
While multifactor authentication helps solve some of the problems with passwords, we still need to get to being truly passwordless, said Susan Koski, PNC Financial Services. She said adopting the FIDO standards, using zero trust and relying on authentication analysis can all help speed the journey.
In light of former Uber CSO Joe Sullivan's sentencing, five cybersecurity executives from distinct walks of cybersecurity discuss how professionals can protect themselves from personal liability for making business decisions while doing what's best for their organization.
With MFA becoming ubiquitous, hackers are finding it increasingly difficult to use technical skills to penetrate protected systems, leading to an increase in attacks focusing on the human element, said Scott Hellman, supervisory special agent, FBI San Francisco.
The ransomware threat is becoming increasingly pervasive. At least 10,000 different variants are victimizing organizations that thought they were well-prepared to tackle this growing menace, said Vishak Raman of Fortinet, which recently released a report on ransomware trends.