RSA Conference

CISOs Take on OT Security Threats to Critical Infrastructure

Michael Novinson •  May 30, 2023

CISOs now understand the importance and complexity of protecting the OT environment and how it differs from the IT attack surface. IT leaders in critical infrastructure and even the food industry increasingly want to get their arms around OT threats, said Rockwell Automation's Mark Cristiano.

ARTICLE

RSA Conference 2023 Compendium: 160+ Interviews and More

Information Security Media Group •  May 24, 2023

As the largest media company at RSA Conference 2023, ISMG conducted more than 160 individual interviews with CEOs, CISOs, government leaders, investors, researchers and attorneys. This compendium covers every facet of cybersecurity, from the latest technology solutions to emerging trends.

ARTICLE

Detecting and Mitigating Fraud Through Trust Building

Tom Field •  May 11, 2023

Customers want to trust a brand, and that includes trusting it with protecting their digital identity. Joe Burton, Telesign CEO, advised that customers should be part of the "security journey." Explaining why you're asking for information to verify their identities "turns friction from annoying to reassuring."

Moving Beyond Compliance for Third-Party Security

Mathew J. Schwartz •  May 10, 2023

Attacks like Kaseya and SolarWinds have highlighted the supply chain risks and demonstrated how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function, said Fred Kneip, chief executive officer at CyberGRX.

John Chambers: Navigating Through Cybersecurity Volatility

Mathew J. Schwartz •  May 9, 2023

The cybersecurity industry is undergoing profound and rapid change, said John Chambers, the visionary former CEO of Cisco Systems who has turned venture capitalist and predicts the market will soon demand an outcome-focused architecture - not products - to underpin next-generation tech.

The Role of Regulation in Comprehensive Cybersecurity

Information Security Media Group •  May 9, 2023

How much regulation is too much, and how much is too little? Increased cyber regulation, especially in areas of critical infrastructure, is necessary, as outages in the space have the potential to affect many Americans, said Ilona Cohen, chief legal and policy officer at HackerOne.

The Past, Present and Future of Tech Regulation

Tom Field •  May 9, 2023

Historically, U.S. regulators have been slow to set controls on critical infrastructure because of the technical complexity of systems in that sector, but that is changing thanks to the U.S. national cybersecurity strategy, said Glenn Gerstell of the Center for Strategic and International Studies.

Treasury Department Targets Cloud Risks for Financial Firms

Anna Delaney •  May 9, 2023

What are the challenges facing the U.S. financial sector as it continues its enthusiastic embrace of cloud-based technology? Department of the Treasury Deputy Assistant Secretary Todd Conklin said the agency has been "doing the best we can to secure cloud" as firms increasingly adopt it.

It's OpenAI Season for Bug Hunting

Michael Novinson •  May 9, 2023

As Bugcrowd helps OpenAI keep pace with the inevitable cybersecurity risks amid the massive popularity of its applications, the bug bounty firm's CEO discusses the unique elements of finding vulnerabilities in OpenAI, its impact and the journey so far.

Survey: Cloud Risk Growing in Financial Services

Tom Field •  May 8, 2023

The use of cloud by financial services firms has risen from 91% to 98%, and multi-cloud for critical operations has risen dramatically, triggering greater risk and regulatory scrutiny, said Troy Leach, chief strategy officer at the Cloud Security Alliance, citing a new survey.

ARTICLE

Defending Against Emerging Threats in Mobile Security

Tom Field •  May 8, 2023

The trend of bring your own device has boosted global businesses, but as new smartphones, tablets and portable storage devices emerge, the challenge of securing these devices intensifies. With organizations increasingly adopting BYOD, the question remains: How can we secure these devices?

ARTICLE

How ISACA Is Guiding Enterprises to Cybersecurity Maturity

Anna Delaney •  May 8, 2023

The threat landscape continues to deteriorate, and criminals are using new techniques and pulling off devastating attacks. Meanwhile, security leaders are struggling to fill a critical shortage of skilled talent. Rob Clyde shares how ISACA is helping defenders keep up and gain cyber maturity.

Dispelling Misconceptions About Cyber Gamification

Anna Delaney •  May 8, 2023

Gamification in cybersecurity can bring great potential business value to many organizations, but security teams need to dispel some misconceptions. In the first place, it’s not a game that takes employees away from their jobs, said Joe Carson, chief security scientist and advisory CISO at Delinea.

OT-CERT: Enabling SMBs to Address Cybersecurity Risks

Tom Field •  May 8, 2023

With an ever-expanding threat landscape, organizations need to possess the right tools and knowledge to deal with cyberattacks. Dawn Cappelli, head of OT-CERT at Dragos, recommends training small and medium-sized businesses that are just starting their operation technology journey.

Security Controls Cyber Insurers Are Looking for These Days

Anna Delaney •  May 8, 2023

Most people would assume ransomware tops the list of cyber insurance claims. Not so these days. Most claims are originating from third-party attacks, said Peter Hedberg of Corvus Insurance and Christopher J. Seusing of law firm Wood Smith Henning & Berman.

Rolling Out the Passwordless Future

Anna Delaney •  May 8, 2023

Humans continue to reuse simple passwords that criminals can access, and passwordless continues to be the way forward. Jeff Shiner, CEO of 1Password, said we're making progress toward the future of authentication - passkeys - and discussed when, why and how to adopt them.

How a Unified SIEM Helps Defenders

Rahul Neel Mani •  May 8, 2023

In the face of a growing attack surface, the architecture and technology of traditional SIEMs keeps them from meeting the needs of modern enterprises. Firms can address these gaps with data protection, threat content as a service, and peer-to-peer collaboration, said Securonix CEO Nayaki Nayyar.

The Dual Role of AI in Identity and Access Management

Mathew J. Schwartz •  May 8, 2023

Everyone needs to have a security-first mindset for identity because as much as it is a defender's shield, it is also an attacker's target, said Rohit Ghai, CEO at RSA. In fact, identities are the most attacked part of enterprises, yet too little energy is spent on monitoring them.

ARTICLE

Taking the Elevator to the Cloud: Otis' Security Journey

Tom Field •  May 8, 2023

Even as an increasing number of companies begin to migrate their systems to the cloud for better performance optimization and cybersecurity, each company's journey is unique. Otis Elevator, a "100-year-old startup," shares its cloud migration journey challenges, workarounds and key takeaways.

ARTICLE

New Approaches to Solving the Cybersecurity Talent Shortage

Anna Delaney •  May 8, 2023

The ever-expanding threat landscape and the continued talent shortage mean defenders increasingly need to be ready with the skilled talent to face the onslaught of cybercriminals who are gaining momentum by employing new tactics, according to Pamela Nigro, ISACA board chair.

Exposing the Downside of Digital Transformation

Tom Field •  May 7, 2023

Digital transformation has accelerated the pace of innovation but also created a broader attack surface and new vulnerabilities. Even worse, adversaries are more efficient, automated and effective than ever before, warned Art Coviello, managing partner of SYN Ventures.

AI: Complex Emerging Regulatory and Risk Concerns

Information Security Media Group •  May 7, 2023

While AI is presenting intriguing opportunities for productivity and innovation, the tech world must grapple with serious regulatory, legal and related policy considerations, said privacy, security and legal experts Benham Dayanim, Patricia Titus and Heather West in this CyberEdBoard talk.

Asking Third-Party Vendors the 'Right' Questions

Rahul Neel Mani •  May 7, 2023

Many of the cyber-related questionnaires that organizations ask their third parties to complete "are too broad" and not properly focused on questions related to the services or products being offered by that vendor, said Cassie Crossley, vice president of supply chain at Schneider Electric.

Why Humans Alone Can't Beat Cybercrime

Tom Field •  May 7, 2023

Cybercrime has grown considerably in the last several years. The scope, velocity and variability of attacks have increased, as has the attack surface - and it's impossible for humans alone to understand, correlate, find the cause, analyze and fix it, said Bipul Sinha, co-founder and CEO of Rubrik.

Out-Siloing Security and Development to Mitigate Cyber Risk

Rahul Neel Mani •  May 7, 2023

A key problem in organizations is that security and development are treated as two disparate processes instead of part of the same system. Executives deal with security issues after the fact and don't make it part of the development pipeline, said Nick Durkin, field CTO at Harness.