APIs are delivering huge business value, but people don’t know how many APIs they have in their organization, what they do or who controls them. And that causes massive security vulnerabilities, according to CyberEdBoard panelists Chase Cunningham and Richard Bird.
In the online world, knowing and trusting who you are interacting with has been a problem for decades. When it comes to assessing the state of identity verification, "we certainly have a lot of problems to address," according to identity expert Jeremy Grant of Venable.
While multifactor authentication helps solve some of the problems with passwords, we still need to get to being truly passwordless, said Susan Koski, PNC Financial Services. She said adopting the FIDO standards, using zero trust and relying on authentication analysis can all help speed the journey.
In light of former Uber CSO Joe Sullivan's sentencing, five cybersecurity executives from distinct walks of cybersecurity discuss how professionals can protect themselves from personal liability for making business decisions while doing what's best for their organization.
With MFA becoming ubiquitous, hackers are finding it increasingly difficult to use technical skills to penetrate protected systems, leading to an increase in attacks focusing on the human element, said Scott Hellman, supervisory special agent, FBI San Francisco.
The ransomware threat is becoming increasingly pervasive. At least 10,000 different variants are victimizing organizations that thought they were well-prepared to tackle this growing menace, said Vishak Raman of Fortinet, which recently released a report on ransomware trends.
A startup cybersecurity strategy should be akin to a Russian doll: It should be built to preserve core elements of business. In most cases, this is a product offering, which needs to be secure, said Venkat Ranga, vice president of business information systems and head of IT at Aryaka Networks.
With the growing dominance of AI and concerns over its responsible use, is it time to move toward AI ethics by design? Sameer Ahirrao, founder of Ardent Privacy, shared how privacy and regulatory verticals should - and will - shape the future of AI.
Ron Gula practices what he preaches. The cybersecurity industry veteran who formerly led a market-leading vendor now works as an investor and philanthropist and focuses on expanding inclusivity - most recently via a $1 million grant to nonprofits that promote neurodivergent opportunities in cyber.
As organizations increasingly look to use artificial intelligence to boost cybersecurity, Kroll's Alan Brill discusses how sound legal counsel and compliance officers can ensure caution and assist with due diligence for the effective implementation of the technology.
Privacy protections must be important considerations throughout the life cycle and in all touchpoints involving customer data collected and used by financial institutions such as Equitas Small Finance Bank, says Venugopal Parameswara, the institution's CISO.
Artificial intelligence can solve really old problems around data wrangling and data protection that are essential to many security investigations, said Norwest Ventures' Rama Sekhar. The VC firm is looking at emerging companies that use large language models to automatically clean up data.
Cybersecurity expert Mikko Hypponen recently got sent "LL Morpher," a new piece of malware that uses OpenAI's GPT to rewrite its Python code with every new infection. While more proof-of-concept than current threat, "the whole AI thing right now feels exciting and scary at the same time," he said.
Organizations must extend identity protection beyond employees to safeguard contractors, supply chain partners, software bots and intelligent devices, said SailPoint CEO Mark McClain. Businesses struggle to keep up with what applications or data non-employee or non-human identities need access to.
Network segmentation and microsegmentation are ways to contain cyberattacks and prevent lateral spreading. Within the cloud, network segmentation ties into zero trust. Yet the diversity of information systems with different levels of criticality poses a challenge to implementing zero trust.