Our Power Panel of international experts are here to lead the way.Join a Twitter discussion with industry leaders on “Where does cybersecurity go from here?”. Tune in on 29th Oct | 11 AM EDT https://t.co/4IPBe7Fi36 #OneHCL #STinsights pic.twitter.com/AMwiDZvave
— CIO Straight Talk (@CIOStraightTalk) October 29, 2020
We start things of by assessing future possibilities and change that is likely to shape the cybersecurity as we know it.We have an amazing panel with us today. We’ll be introducing them in the upcoming tweets. #STinsights. Visit https://t.co/16ERZxIgDz to join in the discussion. @YuHelenYu @jwgoerlich @JackRhysider @JaneFrankland @OttLegalRebels @TeriRadichel @romanyam @wlassalle @renjuv pic.twitter.com/Pw4IVetU8N
— CIO Straight Talk (@CIOStraightTalk) October 29, 2020
Even as the threat landscape broadens, new tools like AI will continue to evolve our defenses. Human vulnerabilities will continue to need constant mitigation.We are going live with the #Tweetchat. Here's the 1st question. #STinsights #OneHCL pic.twitter.com/IIh7G967Ri
— CIO Straight Talk (@CIOStraightTalk) October 29, 2020
A1. #STinsights #OneHCL @CIOStraightTalk I expect 5G & IoT, in addition to the advent of #remotework to increase the cyber-threat footprint, & risk to all organizations. pic.twitter.com/A4ZlO5wDnh
— Will Lassalle (@wlassalle) October 29, 2020
More Connected systems will increase the threat landscape , Cyberthreats to medical, critical infrastructure will disrupt lives, and have even bigger disruptions and impacts #STinsights @CIOStraightTalk #OneHCL
— Renju Varghese (@renjuv) October 29, 2020
#STinsights #OneHCL In the next 2-5 years the challenge create a secure Iotsphere were all these devices have to be protected beyond what the manufacturer originally installed. AI becomes primary for the number of devices to scan, patch
— Marc R Gagné MAPP ? (@OttLegalRebels) October 29, 2020
The shift will be to security of AI systems, and both defenders and attackers will rely heavily on AI leading to an AI arms race. @CIOStraightTalk #STinsights
— Dr. Roman Yampolskiy (@romanyam) October 29, 2020
I think we'll see new advancements in the way adversaries are able to cover their tracks and plant false flags to make victims believe it was someone else who conducted the attack.#STinsights #OneHCL
— Jack Rhysider (@JackRhysider) October 29, 2020
By the evolution of ML & AI with API Security integrations, Boom in Cyber Insurance are some of the expected trends #STinsights @OneHCL
— Syam Thommandru (@ntsyam) October 29, 2020
A1.The cyber-threat landscape will evolve due to the rapid shift to the cloud and the booming IoT. Businesses will invest more on "Security of Things", "Identify of Things", multi-faceted employee training and “advanced heuristic solutions”. @CIOStraightTalk #STinsights #OneHCL
— Helen Yu (@YuHelenYu) October 29, 2020
Absolutely! Do you feel companies will also shift towards outsourcing their security operations? #STinsights #OneHCL @TeriRadichel @JaneFrankland @jwgoerlich @OttLegalRebels @wlassalle @renjuv @TeriRadichel @JackRhysider @YuHelenYu https://t.co/aWYOSL4Os7
— Aayu Bajaj (@aayu_bajaj) October 29, 2020
Yes I do expect companies to be outsourcing their security operations & moving to the cloud. It makes sense when attacks are increasing & there's a shortage of skills to defend or avert failures in compliance.#STinsights #OneHCL
— Jane Frankland (@JaneFrankland) October 29, 2020
Maybe. But we've learned the hard way over the last decade. We can outsource tasks but we can't outsource responsibility and accountability. Any outsourcing efforts have to be very carefully considered, with clear lines.#STinsights #Tweetchat
— J Wolfgang Goerlich (@jwgoerlich) October 29, 2020
Outsourcing as in "someone else will surely protect us". I think it's hard for a lot of companies to understand they need the extra help to begin with. They run the business assuming things are fine without really digging in and checking.
— Jack Rhysider (@JackRhysider) October 29, 2020
@JackRhysider How do you think we can alert companies to the important of cybersecurity before they even encounter attacks or risks of any sort? #STinsights #OneHCL
— Tanay Tandan (@TanayTandan) October 29, 2020
If they see a business similar to theirs get taken out by a security incident, they will take it more seriously themselves after that. That's why I podcast to teach regular people about these threats so they can shape up! #STinsights
— Jack Rhysider (@JackRhysider) October 29, 2020
Great point @JackRhysider. There’s usually a few weeks window of opportunity to do this though. Those in charge of Cyber need to prepare for this. #STinsights
— Jane Frankland (@JaneFrankland) October 29, 2020
Or themselves :) I've been called for security assessments and penetration tests after the fact...rather be called before!
— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) October 29, 2020
Next, we looker deeper at the exact role advanced technologies will play in our digital defenses.Q1 #STinsights @CIOStraightTalk #OneHCL
— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) October 29, 2020
Security fundamentals still apply. Attackers are making opportunistic use of basic security flaws and misconfigurations. Phishing still works. Focus on zero trust, reduced attack vectors and blast radius, monitoring, security architecture.
Advanced technologies will be instrumental in managing the growing scale, processing, and coverage necessary in the face of advanced threats.Join in the conversation using #STinsights #OneHCL #Tweetchat. And our second question is: pic.twitter.com/CYsi5ggQJs
— CIO Straight Talk (@CIOStraightTalk) October 29, 2020
A2. #STinsights #OneHCL @CIOStraightTalk These emerging technologies can help companies by increasing the ability, speed and response in identification and remediation of cybersecurity threats. pic.twitter.com/tCxcSybNpw
— Will Lassalle (@wlassalle) October 29, 2020
A2: Very good technologies both for malicious actors as well as for Legitimate teams. Absolutely required to detect, protect and “inoculate” new evolving technology landscape #STinsights @CIOStraightTalk #OneHCL
— Renju Varghese (@renjuv) October 29, 2020
#STinsights #OneHCL AI will rise to the IOT challenge. IoT requires cloud computing environment to handle its data exchange and processing; and at the same time,
— Marc R Gagné MAPP ? (@OttLegalRebels) October 29, 2020
it requires artificial intelligence to processing the incredible amount of data. Privacy balance will be tenuous
A2. Deep learning and AI can analyse complex situations with a level of detail that is impossible with traditional methods. It can also automate threats detection and governance process. @CIOStraightTalk #STinsights #OneHCL
— Helen Yu (@YuHelenYu) October 29, 2020
High velocity, Volume and Varsity of structured and unstructured data will be created in Industry 5.0 and need to Analysed for actionable descriptive , predictive and prescriptive information and security need to be placed according and AI and ML will play a critical role. #ML
— sanjayvaid (@sanjayvaid) October 29, 2020
Q2 #STinsights @CIOStraightTalk #OneHCL
— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) October 29, 2020
Automation is hugely beneficial for security. Prevent human error, speed up IR and analysis, and facilitate governance. Cognitive technology is not always required. Usefulness of ML depends on the problem, dataset, and environment.
I'm hoping to see AI and ML help developers write secure programs. Something to take unit testing to a whole new level. Like features built into the compiler or IDE which can check your code for security flaws. I just hope it's easy for developers to use. #STinsights #OneHCL
— Jack Rhysider (@JackRhysider) October 29, 2020
I hope we can leverage AI and ML to reduce opportunities for human errors.
— Helen Yu (@YuHelenYu) October 29, 2020
Thoughts on technology that, granted, is only barely emerging: .How big the threat that quantum computing poses to future cyber-security?@romanyam @YuHelenYu @jwgoerlich @JackRhysider @JaneFrankland @OttLegalRebels @renjuv @TeriRadichel @wlassalle #STinsights @CIOStraightTalk https://t.co/FpgRMYxjhM
— Paul Hemp (@paul_hemp) October 29, 2020
I'm hopeful that whatever problems quantum computers introduce (like quick code breaking), at the same time it'll be able to make more powerful codes that it itself has a hard time breaking. #stinsights
— Jack Rhysider (@JackRhysider) October 29, 2020
Next, the panel explores the role of cybersecurity in board-level decision making.Well, yes. We're already able to do that by brute-forcing things today that were encrypted with algorithms and key lengths 15-25 years ago. #STinsights #Tweetchat
— J Wolfgang Goerlich (@jwgoerlich) October 29, 2020
Organizations will have to take a top-down security initiative if they truly want to achieve a resilient enterprise network and secure their data assets.Time for our third question. Keep the questions coming! Join the conversation using #STinsights #Tweetchat #OneHCL pic.twitter.com/LWcGSC6yTy
— CIO Straight Talk (@CIOStraightTalk) October 29, 2020
A3: The forced evolution due to Pandemic introduced new models of doing business, CyberSecurity is now a critical component to control disruption of business capabilities and drive positive customer sentiments. #STinsights @CIOStraightTalk #OneHCL
— Renju Varghese (@renjuv) October 29, 2020
A3. #STinsights #OneHCL @CIOStraightTalk If corporate strategy is embracing data as the new oil, then its paramount that cybersecurity become an element of corporate level business strategy to protect the data which is such a valuable corporate resource. pic.twitter.com/USTNAi21lJ
— Will Lassalle (@wlassalle) October 29, 2020
#STinsights #OneHCL Limit access, TP compliance, employee awareness training, patch software regularly, good breach response plan. Compliance, planning. AI will also become a key player .
— Marc R Gagné MAPP ? (@OttLegalRebels) October 29, 2020
A3. Trusted data is the lifeblood of the #digital world. Making #CyberSecurity part of business strategy becomes competitive advantage in the era of trust economy. It is the table stakes for survival. @CIOStraightTalk #STinsights #OneHCL
— Helen Yu (@YuHelenYu) October 29, 2020
Q3 #STinsights @CIOStraightTalk #OneHCL
— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) October 29, 2020
Reducing cyber risk is on par with reducing legal risk. The average cost of a breach is substantial. New laws are making it more expensive. Insurance won't help when paying the ransom to an attacker in a sanctioned country is illegal.
Well a good security program has to start at the top of any org for it to be most effective. A security engineer has a very difficult time convincing Sr Leaders to take security more seriously. But if it comes from the top, the whole company must comply. #STinsights #OneHCL
— Jack Rhysider (@JackRhysider) October 29, 2020
So true. That's why I wrote my book for executives, not security engineers or DevOps teams. https://t.co/plaS4EwtIV
— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) October 29, 2020
Customers & business partners are learning to separate those businesses which take cyber security seriously from those that do not and invest their money accordingly. By making a board-level priority, able to demonstrate you mean business when it comes to cyber risks. #STinsights
— Syam Thommandru (@ntsyam) October 29, 2020
Securing the impact or possibility of human error is the focus of the next question.Good point. The power of the pocketbook can't be overlooked as a driver for security. Vendor risk management has done more for the overall security environment than practically any other factor.#STinsights #Tweetchat
— J Wolfgang Goerlich (@jwgoerlich) October 29, 2020
A combination of old school training with next-generation automation can go a long way to protecting the enterprise.A big shoutout to everyone on our panel. Here’s our fourth question. Join the conversation using #STinsights #Tweetchat #OneHCL pic.twitter.com/NtTa4twur6
— CIO Straight Talk (@CIOStraightTalk) October 29, 2020
Customers & business partners are learning to separate those businesses which take cyber security seriously from those that do not and invest their money accordingly. By making a board-level priority, able to demonstrate you mean business when it comes to cyber risks. #STinsights
— Syam Thommandru (@ntsyam) October 29, 2020
A4: While technology solutions can be fine-tuned/rightly configured/patched, Humans requires frequent training/refereshers as well as constant information on the different breaches and how it was performed. #STinsights @CIOStraightTalk #OneHCL
— Renju Varghese (@renjuv) October 29, 2020
Q4 #STinsights @CIOStraightTalk #OneHCL
— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) October 29, 2020
Humans make mistakes. Limit damage caused by the inevitable - stolen credentials. Train anyone making cybersecurity decisions. Automate. Leverage threat modeling. Use the results of a penetration test or assessment to train your team.
Opportunity, Environment, Lack of awareness are few influencers of Human errors. Humans don’t have to be the weakest link by addressing each of them . Mitigation of human error has to come from two angles: reducing opportunity, and educating users #STinsights #Tweetchat #OneHCL
— Syam Thommandru (@ntsyam) October 29, 2020
Simplify software and have fewer features, so the attack surface both from malicious and from accidental misuse is reduced.
— big moozer (@bigmoozer) October 29, 2020
A4. Make Cybersecurity a Board agenda and Executive discussion. Have a channel for employees to reach out when in doubts. Invest in governance process, education, 3rd party risk neutralization and technology is key to reduce human errors. @CIOStraightTalk #STinsights #OneHCL
— Helen Yu (@YuHelenYu) October 29, 2020
Great points @YuHelenYu. Get the Non Execs on board too. They influence the board tremendously.
— Jane Frankland (@JaneFrankland) October 29, 2020
Echo that Jane. It is important to cyber fortify every and each employee.
— Helen Yu (@YuHelenYu) October 29, 2020
And then of course there’s the supply chain! ;)
— Jane Frankland (@JaneFrankland) October 29, 2020
Q4 #STinsights @CIOStraightTalk #OneHCL
— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) October 29, 2020
Humans make mistakes. Limit damage caused by the inevitable - stolen credentials. Train anyone making cybersecurity decisions. Automate. Leverage threat modeling. Use the results of a penetration test or assessment to train your team.
I also like continuous control monitoring. Humans make mistakes. But if we can find and fix the mistakes faster than the criminals can find and exploit the mistakes, maybe it doesn't matter.#STinsights #Tweetchat
— J Wolfgang Goerlich (@jwgoerlich) October 29, 2020
And finally, we take on the matter of the new skill sets that play a critical role in ensuring we’re prepared for the future.A4. #STinsights #OneHCL @CIOStraightTalk companies can reduce human errors that lead to data breaches through More skills training, More security awareness, More automation, more leadership and more Compassion. pic.twitter.com/8AruF6G0OA
— Will Lassalle (@wlassalle) October 29, 2020
Strong partnerships with area experts will be necessary as will the overall investment in automation and in-house training.Here’s our final formal question to the panel. Keep shooting YOUR questions using #STinsights #OneHCL #Tweetchat pic.twitter.com/JChyKlDBkC
— CIO Straight Talk (@CIOStraightTalk) October 29, 2020
I think what helps is getting people specialized in certain areas instead of looking for people good at everything. A person who makes just shovels, probably makes better shovels than someone who makes 50 different things, and it's easier to train them to do it. #STinsights
— Jack Rhysider (@JackRhysider) October 29, 2020
A5: Skilled CyberSecurity professionals is and will be the biggest challenge. The very ability to train & re-train on current and newer tech incl. ways to identify, respond and remediate. #STinsights @CIOStraightTalk #OneHCL
— Renju Varghese (@renjuv) October 29, 2020
Q5 #STinsights @CIOStraightTalk #OneHCL
— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) October 29, 2020
Leverage automation to reduce required staff. Secure cloud services may reduce responsibility (but not all!) Train existing or junior staff. Hire an external consultant for an assessment to get recommendations your staff can implement.
#STinsights #OneHCL AI, ML, and automation fills the IOTvoid, for now, it's the means needed to simply keep up with the current demand and prepare for the future.
— Marc R Gagné MAPP ? (@OttLegalRebels) October 29, 2020
Cyberskills shortage as a major problem is solvable as well. Create the appropriate conditions which will find the right members for organizations. One key area could be Re-tasking of Cybersecurity Personnel and are Ready to Learn Hands-On. #STinsights #OneHCL #Tweetchat
— Syam Thommandru (@ntsyam) October 29, 2020
Q5 #STinsights @CIOStraightTalk #OneHCL
— Teri Radichel #cloudsecurity #cybersecurity (@TeriRadichel) October 29, 2020
Leverage automation to reduce required staff. Secure cloud services may reduce responsibility (but not all!) Train existing or junior staff. Hire an external consultant for an assessment to get recommendations your staff can implement.
And with that we conclude another scintillating session! We’ll be back very soon!A5. Start with skill gap analysis. Then take a holistic approach of continuous cybersecurity education, comprehensive career development, engaging managed security service provider and investing in process automation. @CIOStraightTalk #STinsights #OneHCL
— Helen Yu (@YuHelenYu) October 29, 2020
A big thank you to our Power Panel for their #STinsights and those who joined us for this exclusive discussion on our #Tweetchat #OneHCL @romanyam @YuHelenYu @jwgoerlich @JackRhysider@JaneFrankland @OttLegalRebels @renjuv @TeriRadichel@wlassalle pic.twitter.com/wYGNPUyv2z
— CIO Straight Talk (@CIOStraightTalk) October 29, 2020
Thank you @CIOStraightTalk for hosting us.
— Helen Yu (@YuHelenYu) October 29, 2020
Great discussion. Ditto what @YuHelenYu said!
— Jane Frankland (@JaneFrankland) October 29, 2020
Great insights & discussion. Really enjoyed participating & reading everyone’s answers.
— Jane Frankland (@JaneFrankland) October 29, 2020
We’ll close the #Tweetchat with an article about the danger of viewing the abnormality of cyber threats as an inescapable aspect of the New Normal. It's by Maninder Singh, Corporate VP, Cybersecurity & GRC, HCL Technologies @hcltech https://t.co/ClZiJbHAyO #STinsights #OneHCL
— CIO Straight Talk (@CIOStraightTalk) October 29, 2020