SecureWorld 2022: Four Emerging Themes For Cybersecurity Leaders
After two years of webinars and virtual conferences, it was great to connect in person with some of the most innovative cybersecurity leaders in the industry at SecureWorld 2022 in Philadelphia.
The all-star lineup of speakers included FBI special agent Cerena Coughlin, US Secret Service field office supervisor Hazel Cerra, former US intelligence officer Delbert Roll, and many others from the public and private sectors.
As we listened to the sessions and spoke with attendees, we noticed a few major themes we think are important to share as you prioritize your cybersecurity initiatives this year.
Four themes from SecureWorld 2022
The need to manage security ‘in the wild’
While you’ve probably heard of “in the wild” threats referring to malware or CVEs like the recent zero-day security bug iOS that impacted Apple’s operating systems, this phrase refers to the more general trend that threats exist everywhere business operations occur — not only within your network, but in remote workspaces, in the cloud, and on connected devices.
Ransomware groups are becoming more aggressive, targeting manufacturers, financial companies, healthcare, higher education, government agencies, telecommunications, and critical infrastructure in an attempt to disrupt operations. As business operations and data storage have become more distributed, there is no longer a clear perimeter to protect. Any device or storage repository is a potential target.
Recent research by IBM noted 47% of attacks on manufacturing companies were caused by unknown vulnerabilities, such as industrial control systems or equipment connected to the internet.
Rather than simply identifying these ever-present threats, cybersecurity professionals are focusing on how to prioritize them and make their systems and data more resilient to attacks.
Compliance has gone from a reference point to a central focus
Compliance is no longer about simply checking boxes; it’s essential for building a more secure world. Many of the speakers during the conference discussed the importance of adopting continuous compliance when it comes to data privacy and security.
Companies have had to comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) since 2018, but several other US states are now introducing similar data privacy regulations.
The National Law Review predicts artificial intelligence and machine learning will demand further regulation to protect consumer data and address ethical concerns. Additionally, the Federal Trade Commission is focused on greater enforcement of the Children’s Online Privacy Protection Act (COPPA), noting one advertising platform was fined $2 million for collecting data on children without parental consent.
As cybersecurity risks increase, a recent Reuters report notes we can expect further regulations related to data breach response, cryptocurrency exchanges, the metaverse, and other emerging technologies.
Companies need a detailed playbook for responding to cyberattacks
In a recent call about Russian hacking threats reported in a Politico article, CISA director Jen Easterly warned that every sector is vulnerable to attacks. In the same article, former Pentagon cybersecurity official Jonathan Reiber said it’s simply not possible to patch every vulnerability that exists.
“You have to assume the adversary is going to break past the perimeter…so the first step is to assume breach and plan for known threats,” he said.
If ransomware attacks are inevitable, every organization needs a clear plan of action for responding to them. That includes identifying a potential attack, retrieving backup data and restoring networks and other affected systems.
Your company also needs to have clear restore time objectives and a way to test your playbook before an attack occurs as part of your emergency response planning.
A ransomware attack can be just as damaging to business operations as a natural disaster.
Security is everyone’s responsibility
A company with poor security posture has a limited ability to innovate. Without the scalable systems and protocol in place, you will either restrict growth or create new vulnerabilities as you expand.
At SecureWorld 2022, one common theme we heard is that security has become a core pillar of business, so it involves a variety of stakeholders outside traditional roles. Your CEO, CFO, COO, CMO, legal and compliance team, network and cloud architects, and others all have critical responsibilities in protecting your company’s data.
Create a more secure world with Myota
Unlike traditional cybersecurity solutions that focus only on protecting a defined perimeter, Myota transforms your company’s data so you can withstand attacks and restore operations quickly.
Our patented technology combines zero trust access controls with data encryption, micro-segmentation and dispersion to elevate data security and resilience. Myota converges protection, backup and recovery into a single solution your team can implement in minutes.
Myota offers flexible deployment models to meet a number of data security and resilience needs.
In an environment of assumed compromise, Myota allows businesses to protect, withstand, backup and restore. Learn more about how it works.