Yigal Unna, former DG, National Cyber Directorate, Israel, emphasized the importance of continued collaboration between defenders and the formation of a Global Cyber Cabinet consisting of more than 20 national CISOs from leading countries working to dismantle cybercrime syndicates.
Former chief security officer Joe Sullivan avoided jail time for his role in impeding a federal investigation into Uber's security practices, but attorney Lisa Sotto of Hunton Andrews Kurth LLP warned security leaders and executives "to take heed" and ensure they are covered for personal liability.
The "shift left" movement puts "unrealistic" expectations on developers, said Gayatri Prakash, vice president and general manager of compliance at CloudBees. She said installing new tools to manage various parts of the SDLC is not necessarily "going to solve our problem for security."
Cyber resilience is "even more critical in the post pandemic world," said Amit Basu, CISO of International Seaways. The NIST framework is a useful tool for developing, testing and maintaining cyber resilience, but too often security teams neglect the "detect" and "respond" functions, he added.
Lack of data classification, threat detection and talent are among the factors preventing many financial services enterprises from meeting their security goals through cloud migration. Michael Brown, field CISO at Fortinet, lays out a road map to improve cloud security.
Attacks like Kaseya and SolarWinds have highlighted the supply chain risks and demonstrated how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function, said Fred Kneip, chief executive officer at CyberGRX.
The International Rescue Committee has identified new processes and ways to safeguard information in the midst of rapid digital transformation, according to CISO JT Jacoby. The IRC went from having multi-factor authentication deployed on just 1,500 devices in November to more than 10,000 today.
OTC Markets Group in recent years has gone from having almost sector-specific cybersecurity regulations to highly robust ones, said CISO Vlad Brodsky. Since 2016, the New York-based financial market has been subject to stringent policies and procedures to ensure OTC's cybersecurity and resiliency.
The cybersecurity industry is undergoing profound and rapid change, said John Chambers, the visionary former CEO of Cisco Systems who has turned venture capitalist and predicts the market will soon demand an outcome-focused architecture - not products - to underpin next-generation tech.
How much regulation is too much, and how much is too little? Increased cyber regulation, especially in areas of critical infrastructure, is necessary, as outages in the space have the potential to affect many Americans, said Ilona Cohen, chief legal and policy officer at HackerOne.
Historically, U.S. regulators have been slow to set controls on critical infrastructure because of the technical complexity of systems in that sector, but that is changing thanks to the U.S. national cybersecurity strategy, said Glenn Gerstell of the Center for Strategic and International Studies.
What are the challenges facing the U.S. financial sector as it continues its enthusiastic embrace of cloud-based technology? Department of the Treasury Deputy Assistant Secretary Todd Conklin said the agency has been "doing the best we can to secure cloud" as firms increasingly adopt it.
As Bugcrowd helps OpenAI keep pace with the inevitable cybersecurity risks amid the massive popularity of its applications, the bug bounty firm's CEO discusses the unique elements of finding vulnerabilities in OpenAI, its impact and the journey so far.
The use of cloud by financial services firms has risen from 91% to 98%, and multi-cloud for critical operations has risen dramatically, triggering greater risk and regulatory scrutiny, said Troy Leach, chief strategy officer at the Cloud Security Alliance, citing a new survey.
Gamification in cybersecurity can bring great potential business value to many organizations, but security teams need to dispel some misconceptions. In the first place, it’s not a game that takes employees away from their jobs, said Joe Carson, chief security scientist and advisory CISO at Delinea.