The CISO Dinner Series is a custom event that brings together top CISOs and senior security executives for an evening of interactive discussion and executive networking on current security topics, trends and what keeps them up at night!
Below are the 3 topics that were consistently discussed and top of mind across the Phoenix, Denver and Seattle CISO Dinners that we held this September.
Topic #1 – Equifax Breach – Avoiding the cover of Forbes
With the recent Equifax Breach, details have emerged that there was a known Apache software patch that with some basic testing and a timely update could’ve avoided the entire breach. This seemingly basic update that was missed is something that keeps CISOs up at night. Most of the CISOs mentioned that still it’s people – the staff that are employed at your company that are the most volatile and risk adverse. One CISO mentioned that he had a young, summer intern create an email phishing scheme that when deployed was opened by half of the C-suite executives. Phishing schemes are still the most common security breaches and training is the only method of prevention that works.
Topic #2 – Response Plan vs. Containment Plan
Many enterprise companies, like Equifax, are still operating on a Response Security Plan – a patch or issues arises and that is when action is taken. Even five years ago when security had a clearly defined perimeter there was a bold separation between ‘us’ (the good guys) and ‘them’ (the bad guys). But in the cloud environment the perimeter has evaporated, making a strict response plan too reactive and not proactive enough. One CISO mentioned – you try the best you can to create a perimeter with connectivity, but looking at things on an item by item basis and trusting people to connect back to the network every time is legacy thinking. Another mentioned that on hundreds of thousands of devices, probably only 1 or 2 employees were watching for issues. Cylance’s artificial intelligence (AI) machine learning is a ‘threat hunting service’, which allows your system to always be on the lookout for bad guys. This eliminates the response to a problem and instead allows you to be proactive and create a containment security plan. It will not only streamline the security process, it will alleviate stress and overwork on employees who are currently being asked to oversee an unmanageable amount of systems.
Topic #3 – Securing the Cloud
Numerous CISOs from multiple industries, including retail, healthcare and education – mentioned securing the cloud is a current, top priority. The cloud itself isn’t necessarily the concern, but it’s BYOD and IOT investments that come with aggressive innovation that creates a healthy paranoia when growth and scale are impacting the business. The more devices and items in the cloud creates more exposure, more people and more chance for a breach of any size. Specifically, the fact that data is the current and future currency of any enterprise, security becomes a front running issue. As more of this data begins to live on the cloud, risk increases. Whether working with an on-prem private cloud or a public cloud provider like AWS, there are options to protect your data and creating a proactive containment plan is the best way to stay off the cover of Forbes.
If you’d like to attend an upcoming CISO Dinner, visit this link to see where the Dinner Series will be in your town. If you’re interested in sponsoring a CISO dinner, click this link to see pricing and options.