EY, NASDAQ, RedSeal and others share insights on the Future of Cybersecurity at Finn Partners
August 8, 2019
Some of the brightest minds in cybersecurity recently gathered at Finn Partners San Francisco to discuss the ongoing “cat and mouse” game between cybersecurity leaders and threat actors. The roundtable discussion was moderated by Rob Belk, U.S. West Region Cybersecurity Leader, Ernst & Young LLP, who opened by giving an overview of the various strategies attackers use to infiltrate corporate systems.
“By 2019, losses to ransomware will total $25 billion,” said Belk. “With attackers now using AI and machine learning, we need to be able to combat in machine speed as well. There is without a doubt a need for this technology.”
Cybersecurity is now a board-level topic
Each of the panelists opened by sharing insights into what makes them excited to work in the field, and shined light on what keeps them up at night.
Brian Bertacini, President, Cybersecurity and Information Resilience U.S., BSI shared that, “Today working in cybersecurity is cool. Twenty years ago it was an uphill battle. With the number of high-profile breaches in the last decade, it’s now a board-level concern.”
David McNeely, Chief Strategy Officer of Centrify, shared what makes him lie awake at night. “Most people don’t realize that hackers have access to crowd-sourced tools. They share the methods open-source with other attackers.” McNeely emphasized that we need to be focused on what the attackers are doing, and the tools they’re using, so we can build technologies that prevent access to those systems.
Durgesh Gupta, Global Head, Privacy Data Protection Compliance, NASDAQ stated that the sheer amount of attacks his organization deals with is, in and of itself, a cause for concern. “We discover approximately 40 million vulnerabilities every week,” remarked Gupta, noting that it’s not just the U.S. system that could suffer if an attack were to be successful. “Both the Singapore and Australian stock exchanges all run on NASDAQ software.”
Apply the Basics—They Work. Complacency is the Problem.
A common theme amongst the panelists was that taking even a small amount of preventative measures are so much more effective, and certainly much cheaper, than dealing with these threats after an attack.
Ray Rothrock, Chairman, RedSeal said that “so much of it is preventable with the basics—just doing the right thing. Running basic processes, educating people about passwords.” By applying some sort of foresight or preventative strategy, companies are much better off than dealing with threats as they pop up. “Instead of cat and mouse I call it whack-a-mole,” said Rothrock. “Whack-a-mole is not a strategy.”
Andrew Shikiar, Executive Director and CMO, FIDO Alliance, agreed with this assessment, adding that even something as seemingly simple as reducing industry reliance on passwords, and adding in layers of two-factor verification, can make a huge difference. “We’re seeing more companies moving towards crypto-backed verification to help them sleep at night.”
Regardless of which tact a company takes, the important takeaway is that they decide on one and take action. Added Shikiar, “One word of advice is to act. Complacency is the problem.”
The Ghost in the Machine
Gary Sevounts, CMO, Kount, explained that technology has advanced across all industries, and hacking has been no different. “The latest mouse part of the game has been machine learning. Machine learning is now using social media scraping techniques. Looking at brands people are looking at and connecting them to phishing attacks.”
Sevounts added using AI, organizations can now defeat or get close to defeating these types of attacks. “Now it’s an arms race. If you don’t have strong machine learning in AI, and you’re battling machine learning, you’re at a disadvantage.”
Craig Lurey, CTO and Co-Founder, Keeper Security, shared more background regarding the ways companies aim to detect vulnerabilities as they update their constantly changing tech platforms. “One of the things I talk about a lot is vulnerability research—people all around the word are being paid to be on top of systems, to detect vulnerabilities.” He added that because hackers don’t tend to work 9-5 jobs, the way that security teams operate should reflect that. “Researchers work nights and weekend to find and fix these vulnerabilities,” said Lurey.
Looking Five Years Ahead
One thing that almost all of the panelists agreed on? A movement away from data centers and into the cloud is in store for most IT professionals if they haven’t done so already.
McNeely shared that, “These organizations are changing. They’re moving to the cloud where they’re building things that allow them to move and scale faster.” He also shared that even though you can move quicker, this creates new potential problems. “A lot of customers are moving to cloud to accomplish automation. As more and more is automated, those computers have to talk to each other and identify each other. That’s going to be a new problem space.”
Shikiar agreed, adding that “In five years, people will be much more attuned to where their information is being stored and protected, and how their service providers should be protecting them.”
Belk took a different approach to the future of cybersecurity, sharing that, “I hope privacy is actually the thing that drives security. If we do not have a national privacy regulation in five years, I would be shocked.”
Bertacini agreed, adding that “We’re at an interesting point in history where cyber is hard to grasp, but regulators understand privacy. Awareness is critical to all of the stakeholders in the organization.”
If you would like to learn more about Finn Partners tech sector click here.