Everyone needs to have a security-first mindset for identity because as much as it is a defender's shield, it is also an attacker's target, said Rohit Ghai, CEO at RSA. In fact, identities are the most attacked part of enterprises, yet too little energy is spent on monitoring them.
Many of the cyber-related questionnaires that organizations ask their third parties to complete "are too broad" and not properly focused on questions related to the services or products being offered by that vendor, said Cassie Crossley, vice president of supply chain at Schneider Electric.
Cybercrime has grown considerably in the last several years. The scope, velocity and variability of attacks have increased, as has the attack surface - and it's impossible for humans alone to understand, correlate, find the cause, analyze and fix it, said Bipul Sinha, co-founder and CEO of Rubrik.
A key problem in organizations is that security and development are treated as two disparate processes instead of part of the same system. Executives deal with security issues after the fact and don't make it part of the development pipeline, said Nick Durkin, field CTO at Harness.
Some of the most sophisticated cyberattacks are being targeted at third-party suppliers in an effort to affect their critical clients, said Ashan Willy, CEO of Proofpoint. But often client organizations affected by these attacks do not even realize a key supplier has been hit, he said.
Public sector organizations often lack the resources needed to protect against nation-state attacks and espionage, while private sector entities often struggle in defending against ransomware and similar threats, said Yaniv Vardi, CEO of Claroty, who explained why more collaboration is needed.
The emergence and convergence of technologies - ranging from OT to AI and the shift to the cloud - are creating new threat vectors and security risks as well as opportunities, says Dave DeWalt, founder and CEO of NightDragon, who describes what keeps him up at night and why.
Companies that grow quickly through mergers and acquisitions often face an array of unique security risk challenges - as well as opportunities - said Ash Hunt, global CISO of Apex Group Ltd., who is helping to shepherd his organization through such a transformation.
Many small and medium-sized businesses are facing "generational trauma" in trying to comply with a variety of regulatory and other compliance issues as these requirements are being demanded by their larger business partners, insurers and others, says Tarah M. Wheeler, CEO of Red Queen Dynamics Inc.
When security teams buy dozens of security products, they also get dozens of dashboards and sometimes conflicting ways to approach security, which can create its own risk, said Saket Modi, CEO of Safe Security. Risk needs to be more visible and quantifiable, he said.
A cyberwar is afoot, but not every country can prepare and protect itself. Christopher Painter discusses how he built the Global Forum on Cyber Expertise Foundation to promote cybersecurity capacity-building around the world, cut redundancy in cyber training and prepare for anticipated threats.
Despite recent unstable market conditions, the cybersecurity market is growing, said Saj Huq of Plexal, a cyber innovation accelerator based in the U.K. and innovation partner of the National Cyber Security Centre, which is part of the U.K.'s intelligence, security and cyber agency.
Social engineering is typically used to trick human beings to gain unauthorized access to computer networks and steal personal information, financial data or intellectual property. It is now becoming popular as a career option for ethical hackers, said Alethe Denis of Bishop Fox.
The role of a CISO in an organization is continuously evolving, more so after the COVID-induced digital transformation boom - and not in isolation. Protecting businesses is more than just putting the technology pieces together, said Arvin Bansal, CISO of Nissan Americas.
IT-OT convergence has created interconnection between components that were historically separate and have different maturity levels. But attacks on OT can have a kinetic impact that can lead to very grim scenarios, said Ashish Thapar, vice president and head of cybersecurity consulting at NTT.