Supply chain attacks, such as the MOVEit data breach that has affected more than 150 organizations, are "the nature of the landscape now," said security leader Ian Hill of Upp Corp. The answer to this scourge may be using generative AI to qualify partners and to analyze and score supply chain risk.
Apart from some of the threats surrounding AI, this emerging technology can help defenders formulate effective policies and controls to prevent and mitigate BEC scams. With the evolving threat landscape, harnessing AI becomes crucial in defending, said Johan Dreyer, CTO at Mimecast.
Given the sustained onslaught of cyberattacks against the healthcare industry, organizations can help protect all enterprises simply by sharing advance information, said Steve Hunter, vice president of marketing and development at Health-ISAC. Ensuring anonymity helps users share more freely.
Attackers are targeting the weakest link in the supply chain. Because every vendor poses a risk, you need to classify them by risk and track all the data they manage, said Matan Or-El, co-founder and CEO of Panorays, who advised taking a holistic view of your third-party risk program.
Operationalizing security comes down to making it part of the business process, and everyone in the organization must be responsible. Goals and the objectives must be clearly spelled out, including lines of accountability and ownership, said Jason Hart, chief technology officer for EMEA at Rapid7.
Information security is no longer confined to the tech domain, and instead must align with business outcomes, adapted to suit an organizations' risk appetite, said Matt Gordon-Smith, former CISO at Gatwick Airport. Security teams often must balance competing needs and risks.
ThreatLocker will debut a security reporting tool for small businesses that not only details what's running in their environment but also where it was developed, CEO Danny Jenkins said. The company can break down where any dark mode extension in a client's environment came from and who's funding it.
Service providers typically lack the skills and large security teams needed to thwart complex and high-volume cyberattacks on their own, said A10 Networks CEO Dhrupad Trivedi. MSPs telecom and cloud providers struggle to assess the scale of cyber incidents and to detect and remediate them.
Legacy DLP is broken due to excess complexity, extended time to value and misalignment with security and business goals, said Next's Chris Denbigh-White. Addressing insider threats in a meaningful way is one of the biggest data protection challenges for organizations, he said.
A growing number of security teams are looking to consolidate tools to simplify operations, said Gartner analyst Dionisio Zumerle. "When you have the complexity, it's very hard to identify misconfigurations between the different overlapping tools, and it's also hard to identify security gaps."
Hackers use generative AI to churn out code that exploits vulnerabilities, while defenders use it to get more context around flaws discovered in their ecosystem, said CEO Amit Yoran. Tenable uses generative AI to spot and prioritize all the instances of MOVEit in a customer's environment.
Organizations need to adopt a creative approach when building policies around the legal, commercial and reputational risks raised by generative AI tools - such as with privacy, consumer protection and contractual obligations, said legal expert Anna King of Markel.
Buying both the networking and security pieces of SASE from a single vendor will be the predominant long-term approach, given the benefits of tight integration, said Cato Networks CEO Shlomo Kramer. Some three-fourths of Cato clients today get both SD-WAN and security service edge from the company.
CISO Ian Thornton-Trump said he is opportunistic about using chatbots but warns that the technology needs oversight and testing to ensure "the responses that it's giving are accurate and the information it's able to access is also pertinent to the questions that are commonly asked."
Russia has relied on blunt-force cyberattacks in Ukraine to inflict maximum damage rather than turning to new techniques. In many cases, Ukrainian defenders are flying blind because Russian wiper malware is designed to evade most security controls, said Mandiant CEO Kevin Mandia.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.