Public companies disclosing a cyber incident under the new U.S. reporting requirements should focus on the business impact and stay away from the technical pieces, said Venable's Grant Schneider. The disclosure should examine how the incident will affect revenue, profitability and public perception.
In the latest weekly update, ISMG editors discuss the White House's debut of a $20 million contest to exterminate bugs with AI, a New York man admitting to being behind the Bitfinex hack, and a new malware campaign that is targeting newbie cybercriminals in order to steal sensitive information.
Changing technologies and markets require adapting an organization's overall cybersecurity strategy, including the scope of our risk management, and then reviewing and adjusting our operational program to deliver the revised vision, said Akm Hasan, head of cybersecurity at Hays PLC.
Many security awareness training programs fail because organizations don't understand the risks they face, said Culture AI's John Scott. He said a successful training program "will help people by making sure that it's targeting the behaviors that address the key risks for the organization."
Collaborative AI - the process of one AI model learning from another - is one of the most effective ways for financial institutions to fight the sophisticated techniques fraudsters use for scams, said Johan Gerber, executive vice president of security and cyber innovation at Mastercard.
Generative AI can detect malicious behavior undetectable by traditional forms of AI such as adversaries stealing sensitive data by sticking it in images, said Netskope CEO Sanjay Beri. Netskope has over 50 machine-learning models in production and has debuted AI-based DLP and threat detection tools.
OpenText acquired several cyber companies in recent years to protect sensitive information and data everywhere from consumer to large enterprise environments, said EVP Prentiss Donohue. The Micro Focus buy shored up OpenText's offerings around application and data security and identity management.
WatchGuard's presence on both the endpoint and network allows the company to accelerate response and remediation times on behalf of MSPs, CEO Prakash Panjwani said. MSPs can determine how much of the response they want WatchGuard to automate based on their level of sophistication.
In the latest weekly update, Troy Leach, chief strategy officer at Cloud Security Alliance, joins ISMG editors to discuss preparing for new regulations, new requirements for third-party cloud penetration testing, and the opportunities and risks of AI in the financial sector.
Fortra has pursued acquisitions in the infrastructure protection, data protection, and digital risk and email protection markets to help customers improve security posture. CEO Kate Bolseth said clients told Fortra they had challenges within segments such as security awareness and managed services.
ServiceNow wants to apply generative AI to its knowledge around how customer environments are configured to help organizations harden their digital attack surface. Security product leader Lou Fiorello said ServiceNow will use generative AI to leverage its presence across the entire enterprise.
Ten Eleven Ventures' Alex Doll sees privacy and device management as the hottest areas for security startups and cloud companies as "coming from behind." Advancements in privacy-enhanced technologies have allowed for searchable encryption, meaning that entire databases can be locked down.
New CEO Scott Harrell wants Infoblox to evolve from classic networking DNS management to bringing networking and security together in ways that optimize protection and efficiency. DNS serves as a building block for security since it is universal across large client devices and small mobile phones.
Shadow APIs are up 900%, and API business logic abuse attacks have come to the forefront and are demanding both discovery and defensive measures from cybersecurity organizations, said James Sherlow, director of solution engineering in EMEA at Cequence Security.
According to Expel's Q1 2023 Quarterly Threat Report, criminals are exploiting 1- to 2-year-old vulnerabilities. This suggests organizations don’t know which vulnerabilities pose the biggest threats to their environments, said Andrew Hoyt, Expel's director of solution architecture.