Everyone needs to have a security-first mindset for identity because as much as it is a defender's shield, it is also an attacker's target, said Rohit Ghai, CEO at RSA. In fact, identities are the most attacked part of enterprises, yet too little energy is spent on monitoring them.
The ever-expanding threat landscape and the continued talent shortage mean defenders increasingly need to be ready with the skilled talent to face the onslaught of cybercriminals who are gaining momentum by employing new tactics, according to Pamela Nigro, ISACA board chair.
Even as an increasing number of companies begin to migrate their systems to the cloud for better performance optimization and cybersecurity, each company's journey is unique. Otis Elevator, a "100-year-old startup," shares its cloud migration journey challenges, workarounds and key takeaways.
While AI is presenting intriguing opportunities for productivity and innovation, the tech world must grapple with serious regulatory, legal and related policy considerations, said privacy, security and legal experts Benham Dayanim, Patricia Titus and Heather West in this CyberEdBoard talk.
Many of the cyber-related questionnaires that organizations ask their third parties to complete "are too broad" and not properly focused on questions related to the services or products being offered by that vendor, said Cassie Crossley, vice president of supply chain at Schneider Electric.
Cybercrime has grown considerably in the last several years. The scope, velocity and variability of attacks have increased, as has the attack surface - and it's impossible for humans alone to understand, correlate, find the cause, analyze and fix it, said Bipul Sinha, co-founder and CEO of Rubrik.
A key problem in organizations is that security and development are treated as two disparate processes instead of part of the same system. Executives deal with security issues after the fact and don't make it part of the development pipeline, said Nick Durkin, field CTO at Harness.
Some of the most sophisticated cyberattacks are being targeted at third-party suppliers in an effort to affect their critical clients, said Ashan Willy, CEO of Proofpoint. But often client organizations affected by these attacks do not even realize a key supplier has been hit, he said.
Public sector organizations often lack the resources needed to protect against nation-state attacks and espionage, while private sector entities often struggle in defending against ransomware and similar threats, said Yaniv Vardi, CEO of Claroty, who explained why more collaboration is needed.
The emergence and convergence of technologies - ranging from OT to AI and the shift to the cloud - are creating new threat vectors and security risks as well as opportunities, says Dave DeWalt, founder and CEO of NightDragon, who describes what keeps him up at night and why.
Companies that grow quickly through mergers and acquisitions often face an array of unique security risk challenges - as well as opportunities - said Ash Hunt, global CISO of Apex Group Ltd., who is helping to shepherd his organization through such a transformation.
Many small and medium-sized businesses are facing "generational trauma" in trying to comply with a variety of regulatory and other compliance issues as these requirements are being demanded by their larger business partners, insurers and others, says Tarah M. Wheeler, CEO of Red Queen Dynamics Inc.
When security teams buy dozens of security products, they also get dozens of dashboards and sometimes conflicting ways to approach security, which can create its own risk, said Saket Modi, CEO of Safe Security. Risk needs to be more visible and quantifiable, he said.
A cyberwar is afoot, but not every country can prepare and protect itself. Christopher Painter discusses how he built the Global Forum on Cyber Expertise Foundation to promote cybersecurity capacity-building around the world, cut redundancy in cyber training and prepare for anticipated threats.
Despite recent unstable market conditions, the cybersecurity market is growing, said Saj Huq of Plexal, a cyber innovation accelerator based in the U.K. and innovation partner of the National Cyber Security Centre, which is part of the U.K.'s intelligence, security and cyber agency.