RSA Conference

►

Mitigating the Impact of Ransomware With Data Science

Anna Delaney •  June 27, 2022

Unlocking the data generated by ransomware attacks is helping organizations better understand the risks, adopt defensive technologies and prepare for future attacks, says Wade Baker, partner at Cyentia Institute. He discusses new data on how quickly organizations are remediating vulnerabilities.

►

Strategies for Reskilling and Filling Cybersecurity Jobs

Anna Delaney •  June 27, 2022

The gap between cybersecurity workforce demand and the number of skilled workers available to fill those jobs widened during the pandemic. So organizations need to take a multi-pronged approach to attract, reskill and retain employees, says Vishal Salvi, CISO and head of cyber practice at Infosys.

►

Bridging the Divide Between Digitization and Cybersecurity

Anna Delaney •  June 27, 2022

The move to remote working has created two sets of tools, policies and personnel that are making it harder for security teams to protect the enterprise, says Airgap Networks CEO and co-founder Ritesh Agrawal. He discusses how Airgap is addressing the challenges of hybrid work.

►

Profiles in Leadership: John McClure

Mathew J. Schwartz •  June 27, 2022

Emerging cybersecurity guidance from the U.S. Securities and Exchange Commission is helping to make boards of directors more informed and more eager to discuss cyber risks and how to mitigate them, says John McClure, CISO of Sinclair Broadcast Group.

►

Profiles in Leadership: Ankit Patel

Michael Novinson •  June 27, 2022

Humana Business Information Security Officer Ankit Patel says the doctors, physician assistants and leaders that he deals with on a daily basis are laser-focused on providing care to patients and consider technology and security only as it relates to providing patient care.

►

Profiles in Leadership: Jeff Farinich

Anna Delaney •  June 27, 2022

It was the ultimate challenge: Build a cybersecurity program from scratch. Three years later, Jeff Farinich, CISO of New American Funding, talks about the transformation, aligning security with business needs and helping raise the bar on the enterprise's security maturity.

►

Latest Blow Falls on the 'Scourge of Passwords'

Information Security Media Group •  June 27, 2022

Tired of keeping track of passwords? Recent announcements by major platform vendors Google, Apple and Microsoft could have passwords down for the count in the next six years, says Andrew Shikiar, executive director of the FIDO Alliance, which has been on a 10-year mission to eliminate passwords.

►

Profiles in Leadership: Rich Lindberg

Anna Delaney •  June 24, 2022

Rich Lindberg, CISO of JAMS, didn't set out to have a career in cybersecurity. Instead, he sought to make a living at what he enjoyed - programming. "I embraced fun," he says. Now he wants to help others do the same by growing the diversity of the industry workforce.

►

'When, Not If': Crafting Cyber Resilience Plans That Work

Mathew J. Schwartz •  June 24, 2022

To excel at cybersecurity incident response, start with planning, preparation and, ideally, regular tabletop exercises, say Kevin Li, CISO for MUFG Securities Americas, and Rocco Grillo, managing director of Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice.

►

How Security Risks Might Halt the Use of AI in Applications

Michael Novinson •  June 23, 2022

Modern applications and architectures are permeating more deeply into organizations to transform back-office functions as well as those that directly affect the customer experience, according to Kara Sprague, F5's executive vice president and general manager of application delivery.

►

How to Mitigate Emerging Security Threats Against the Cloud

Michael Novinson •  June 23, 2022

The need to secure cloud workloads and environments isn't new, but a surge of funding and attention has come to the sector over the past year. One of the most acclaimed cloud security startups has been Wiz, which in October raised $250 million on a $6 billion valuation.

►

How Ransomware Has Changed the Nature of Risk

Anna Delaney •  June 23, 2022

Ransomware has changed the risk landscape for suppliers and is forcing companies to reconsider their risk relationships, says Kelly White, co-founder and CEO of RiskRecon. He discusses the correlation between cyber hygiene, ransomware and data loss.

►

The State of Phishing and Email Security

Anna Delaney •  June 22, 2022

"Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.

►

Why Diversity Is the Defender's Greatest Weapon

Anna Delaney •  June 22, 2022

CISO Patricia "Patti" Titus says the cybersecurity sector is "still struggling" with the diversity and inclusion it requires. "The things we do really impact all of our end users, employees and customers," she says, so you need "the broadest skill set possible when you're making decisions."

►

Techniques to Improve Supply Chain Confidence

Anna Delaney •  June 22, 2022

Former ISACA board chair Rob Clyde shares highlights from ISACA's "Supply Chain Security Gaps: A 2022 Global Research Report," in which 25% of respondents say they experienced a supply chain attack last year, and offers recommendations for assessments and testing of software.

►

Securing Digital Payments in the Future

Anna Delaney •  June 21, 2022

Ten years from now, "the ability to transact on a global basis will continue," says Nick Coleman, CSO, real-time payments at MasterCard, who adds, "Maybe my car will buy stuff for me." Coleman discusses the future of digital payments and the technologies that can help secure that future.

►

The Future of Authentication Is Biometrics and Passwordless

Michael Novinson •  June 21, 2022

The need for more modern identity and access management capabilities such as biometric and passwordless authentication has been amplified by the COVID-19 pandemic and the shift to remote work, according to Forrester researchers Paul McKay and Merritt Maxim.

►

Essential Steps for Building a Risk Management Program

Anna Delaney •  June 20, 2022

When building an insider risk management program, don't start "too large or too quickly," says Randy Trzeciak of Carnegie Mellon University. He says the first step is to protect your organization's critical assets and services and then "build a risk program appropriate to those assets."

►

Legal and Litigation Trends in 2022

Anna Delaney •  June 20, 2022

Ronald Raether of Troutman Pepper says privacy, data security and information governance departments must collaborate to reduce unauthorized access to systems by criminals and make data operationalization more effective. He also says proper data mapping, governance and classification are critical.

►

How Can We Fill the Cybersecurity Education Gap?

Anna Delaney •  June 20, 2022

CTO Daniele Catteddu of the Cloud Security Alliance sees significant gaps in how the cybersecurity industry delivers education and training. For example, he says, while organizations are demanding Zero Trust services and guidance on implementation, the industry's offerings do not meet that demand.

►

How Can We Simplify Cyber Defense?

Anna Delaney •  June 20, 2022

The overlying problem in cybersecurity is scale and the complexity that comes from that scale, says Philip Reitinger, president and CEO of the Global Cyber Alliance. He says we need to simplify how we defend ourselves and "give individuals and companies products that meet them where they are."

►

Proposed SEC Rules Will Force Boards to Double Down on Cyber

Michael Novinson •  June 20, 2022

Publicly traded companies will need to beef up their cybersecurity knowledge since the the U.S. Securities and Exchange Commission is proposing rules and guidelines that would mandate more stringent oversight of cyber risk, says Roger Sels, former vice president of cyber solutions for BlackBerry.

►

Does Zero Trust Feel Too Overwhelming? Here's How to Start

Michael Novinson •  June 18, 2022

Evolving to a zero trust architecture can be overwhelming for organizations, leaving many unsure of where they should even start. Cloudflare Chief Security Officer Joe Sullivan urges CISOs to break the journey into bite-sized chunks that can be easily digested.

►

The Push on Capitol Hill for Passwordless Authentication

Michael Novinson •  June 17, 2022

Interest in passwordless authentication architecture continues to grow among U.S. government agencies and departments as they embrace more modern approaches to identity and access management, says Sean Frazier, federal chief security officer at Okta.

►

The Evolution of Phishing From Email to SMS and Voice Hacks

Michael Novinson •  June 17, 2022

Phishing is no longer restricted to just emails. As attackers broaden their arsenal, businesses today also need to be on the lookout for impersonation attempts via SMS text messages or voice calls, says Roger Grimes, a data-driven defense evangelist at KnowBe4.