Social engineering is typically used to trick human beings to gain unauthorized access to computer networks and steal personal information, financial data or intellectual property. It is now becoming popular as a career option for ethical hackers, said Alethe Denis of Bishop Fox.
The role of a CISO in an organization is continuously evolving, more so after the COVID-induced digital transformation boom - and not in isolation. Protecting businesses is more than just putting the technology pieces together, said Arvin Bansal, CISO of Nissan Americas.
IT-OT convergence has created interconnection between components that were historically separate and have different maturity levels. But attacks on OT can have a kinetic impact that can lead to very grim scenarios, said Ashish Thapar, vice president and head of cybersecurity consulting at NTT.
This is the time and place in which geopolitical interests, hacktivism, espionage and all of the crime syndicates are coming together, and we're amateurs showing up at that gunfight with a knife, said Jeff Multz, senior vice president of sales in North America at Radware.
Data breaches are often the result of hackers exploiting bugs in third-party service providers to make their way to larger organizations. Rishi Rajpal, vice president of global security at Concentrix, discussed how to pick the right partners and mutually benefit from each other's services.
The adoption of APIs in terms of daily transactions in the post-COVID-19 digital world has skyrocketed, but that proliferation of APIs has created exposures and risks that need to be addressed proactively before an organization faces a devastating data breach, warned Pam Murphy, CEO at Imperva.
The fundamentals of protecting against application-based malware attacks are no different from infrastructure-based attacks, and it is all about having threat intelligence, context and the capability to really understand these applications, said Mariano Nunez, co-founder and CEO at Onapsis.
Organizations are faced with the security challenges presented by the combination of custom and open-source code. Sandeep Johri, CEO of Checkmarx, suggests treating all open-source code as an unknown source and conducting security checks using software composition analysis to identify vulnerabilities.
The U.S. national cybersecurity strategy released by the Biden Administration is part of a larger effort to draw attention to the pervasive issue of cybersecurity liability on the part of vendors. The strategy also calls for ramping up the adoption of software bill of materials, or SBOMs.
Organizations face three major challenges in safeguarding data, said Gee Rittenhouse, CEO of Skyhigh Security. The first is determining where data is located. The second is knowing who had access to the data and what they are doing with it. The third is determining the level of risk exposure.
Cybercrime has evolved over the decades, and criminals are running entities that function exactly like legitimate organizations. The high-revenue industry is growing, and those running it continue to improve at doing their jobs, said Jon Clay, vice president of threat intelligence at Trend Micro.
As the cyberthreat and regulatory landscapes are evolving, so too are the data security and privacy priorities of healthcare sector entities, said Taylor Lehmann, director, Office of the CISO, Google Cloud, who explains how organizations can respond to the challenges.
The challenges in building a privacy program to comply with laws and regulations across multiple jurisdictions and verticals are numerous, especially since much has changed in the past decade, said Nishant Bhajaria, director of privacy engineering, architecture and analytics at Uber One.
Many organizations are finally improving basic cyber hygiene, but the major problem facing defenders and governments is how to achieve scale across all sizes of businesses including nonprofits around the world, said Phil Reitinger, CEO and president of Global Cyber Alliance.
OT security programs continue to be underfunded and understaffed, although rapid growth in this sector and new focus from government and organizations show hope, said Alexander Antukh, CISO of AboitizPower, and Mex Martinot, vice preisdent and global head of industrial cybersecurity, Siemens Energy.