The cybersecurity industry needs to be increasingly agile, said Hugh Thompson, program committee chairman of RSA Conference. Attackers are constantly changing tactics. Security leaders also need to change and keep up with the technologies accessible to a large group of people, he said.
Cybersecurity professionals are stressed out, overworked, underpaid and working on short-staffed teams, said Candy Alexander, president of the ISSA International Board. She advised organizations to look for the right indicators of a good cybersecurity culture.
Early-stage startups interested in the implementation of artificial intelligence are often concerned about the policies surrounding AI use. While some startups are looking at automating policies, others are building platforms to test the accuracy, integrity and robustness of AI models.
Generative AI has revolutionized the way people interact with chatbots. Ruby Zefo, chief privacy officer and ACG for privacy and cybersecurity at Uber Technologies, cited ChatGPT as an example of the need to conduct an "environmental scan" of both external and internal risks associated with it.
Divakar Prayaga, A.P. Moller - Maersk's director for security engineering, discusses the evolution of a CISO's role from a tech to a business partner, how it affects a firm's cybersecurity posture and how to get the best return on security technology investments amid challenging economic conditions.
The number of ransoms paid by organizations is on the decline, which is positive news. But we know that the criminals are always innovating. Valerie Abend, global cyber strategy lead at Accenture, said cybercriminals are constantly learning to accomplish their objectives.
There is a growing need for "citizen data scientists," such as engineers and programmers, to better understand the inner workings of AI and ML as those technologies become more ubiquitous, said Tom Scanlon, technical manager of the CERT data science team at Carnegie Mellon University.
The guilty verdict against Joe Sullivan, former chief security officer of Uber, has generated much discussion about CISO accountability for disclosures of breaches. How should CISOs be preparing to deal with this responsibility? Kirsten Davies, CISO at Unilever, said communication is crucial.
Prosecutors are urging a U.S. federal judge to sentence former Uber CSO Joe Sullivan to 15 months in prison for his role in impeding an investigation into the ride-hailing company's security practices. Sullivan exploited "his position to cover up a deeply embarrassing event," prosecutors wrote.
The intelligence community long refrained from adopting open-source technology, but its value has become evident with the rise of cloud computing and machine learning. Practitioners also are shifting toward open-source intelligence to augment the information obtained through human intelligence.
Venture capitalist Alberto Yépez says there are opportunities to innovate in this economy. The market is self-correcting, but the demand for cyber protection has increased with the rise in cyberattacks and increased regulations, making it a top priority in terms of technology budgets, he said.
Much of the friction between CISOs and their general counsels, according to Ron Raether, partner at Troutman Pepper, is the result of ignorance. General counsels don't understand the full extent of IT and information security and often pin the blame on the CISOs, who become the scapegoats.
ChatGPT may be grabbing headlines, but many security practitioners are still skeptical about AI. ISMG editors at the RSA Conference 2023 in San Francisco discuss the hot topics this year, from the looming risk of the metaverse and our reality to the latest approach to cloud development.
The high-profile Equifax breach happened nearly six years ago. Jamil Farshchi, CISO of Equifax, discusses how the firm invested $1.5 billion, hired new staff and improved governance to prevent future attacks, but he says security organizations need to enter a new era of cooperation and transparency.
Supply chain risk has become more critical in the post-pandemic world, and that means you need to ask "much more focused, targeted questions" about your partners, according to Sawan Joshi, director of information security at Cervest, a climate intelligence startup.