Most people would assume ransomware tops the list of cyber insurance claims. Not so these days. Most claims are originating from third-party attacks, said Peter Hedberg of Corvus Insurance and Christopher J. Seusing of law firm Wood Smith Henning & Berman.
Humans continue to reuse simple passwords that criminals can access, and passwordless continues to be the way forward. Jeff Shiner, CEO of 1Password, said we're making progress toward the future of authentication - passkeys - and discussed when, why and how to adopt them.
In the face of a growing attack surface, the architecture and technology of traditional SIEMs keeps them from meeting the needs of modern enterprises. Firms can address these gaps with data protection, threat content as a service, and peer-to-peer collaboration, said Securonix CEO Nayaki Nayyar.
Everyone needs to have a security-first mindset for identity because as much as it is a defender's shield, it is also an attacker's target, said Rohit Ghai, CEO at RSA. In fact, identities are the most attacked part of enterprises, yet too little energy is spent on monitoring them.
While AI is presenting intriguing opportunities for productivity and innovation, the tech world must grapple with serious regulatory, legal and related policy considerations, said privacy, security and legal experts Benham Dayanim, Patricia Titus and Heather West in this CyberEdBoard talk.
Many of the cyber-related questionnaires that organizations ask their third parties to complete "are too broad" and not properly focused on questions related to the services or products being offered by that vendor, said Cassie Crossley, vice president of supply chain at Schneider Electric.
Cybercrime has grown considerably in the last several years. The scope, velocity and variability of attacks have increased, as has the attack surface - and it's impossible for humans alone to understand, correlate, find the cause, analyze and fix it, said Bipul Sinha, co-founder and CEO of Rubrik.
A key problem in organizations is that security and development are treated as two disparate processes instead of part of the same system. Executives deal with security issues after the fact and don't make it part of the development pipeline, said Nick Durkin, field CTO at Harness.
Some of the most sophisticated cyberattacks are being targeted at third-party suppliers in an effort to affect their critical clients, said Ashan Willy, CEO of Proofpoint. But often client organizations affected by these attacks do not even realize a key supplier has been hit, he said.
Public sector organizations often lack the resources needed to protect against nation-state attacks and espionage, while private sector entities often struggle in defending against ransomware and similar threats, said Yaniv Vardi, CEO of Claroty, who explained why more collaboration is needed.
The emergence and convergence of technologies - ranging from OT to AI and the shift to the cloud - are creating new threat vectors and security risks as well as opportunities, says Dave DeWalt, founder and CEO of NightDragon, who describes what keeps him up at night and why.
Companies that grow quickly through mergers and acquisitions often face an array of unique security risk challenges - as well as opportunities - said Ash Hunt, global CISO of Apex Group Ltd., who is helping to shepherd his organization through such a transformation.
Many small and medium-sized businesses are facing "generational trauma" in trying to comply with a variety of regulatory and other compliance issues as these requirements are being demanded by their larger business partners, insurers and others, says Tarah M. Wheeler, CEO of Red Queen Dynamics Inc.
When security teams buy dozens of security products, they also get dozens of dashboards and sometimes conflicting ways to approach security, which can create its own risk, said Saket Modi, CEO of Safe Security. Risk needs to be more visible and quantifiable, he said.
A cyberwar is afoot, but not every country can prepare and protect itself. Christopher Painter discusses how he built the Global Forum on Cyber Expertise Foundation to promote cybersecurity capacity-building around the world, cut redundancy in cyber training and prepare for anticipated threats.