RSA Conference

Ransomware Response Essential: Fixing Initial Access Vector

Mathew J. Schwartz •  August 4, 2022

As ransomware attacks continue to pummel organizations, Rapid7 Chief Scientist Raj Samani says victims must identify how the attacker broke in and if they've given themselves persistent ways to regain access. Otherwise, he says, "They'll hit you again and again."

Profiles in Leadership: Sean Mack

Mathew J. Schwartz •  July 25, 2022

Exploring new ways to offer security as a service from his organization to external customers is an exciting challenge and opportunity, says Sean Mack, CIO and CISO of publishing company Wiley. He also discusses aligning security investments with the company's biggest business risks and goals.

Navigating the Great Zero Trust Debate

Anna Delaney •  July 20, 2022

With dozens of cybersecurity vendors offering solutions, today's zero trust debate is not about whether to do it but rather how to implement it. Some argue that firewalls and VPNs are dead while others caution against cobbling together new solutions. Experts advise to start small - but start now.

Profiles in Leadership: Caleb Sima

Michael Novinson •  July 11, 2022

It's not the emerging technology or the increasingly complex threat landscape. Instead, people and process are what prove to be consistently the most challenging parts of the job for Caleb Sima, chief security officer at Robinhood.

ARTICLE

RSA Conference 2022 Compendium: 150+ Interviews and More

Information Security Media Group •  July 5, 2022

Welcome to ISMG's compendium of RSA Conference 2022. The 31st annual conference covered a wide range of topics including cybercrime, cyberwarfare, zero trust, supply chain risk, ransomware, OT security, cyber insurance and jobs. Access 150+ interviews with the top speakers and influencers.

Profiles in Leadership: Rob Hornbuckle

Mathew J. Schwartz •  June 30, 2022

Beyond advising the seniormost levels of the business in the strategic use of technology, the need to recruit new cybersecurity professionals often also tops the list of tasks facing today's security leaders, says Rob Hornbuckle, CISO of Allegiant Air.

The Criticality of Reporting Cybercrimes

Anna Delaney •  June 30, 2022

For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.

Ransomware Groups Pursue Fresh Monetization Strategies

Mathew J. Schwartz •  June 29, 2022

Ransomware-wielding criminals constantly refine their behavior and tactics to maximize the chance of a payday, and recently they have been implementing fresh strategies for monetizing stolen data, says Steve Rivers at threat intelligence firm Kela.

Preparing for Retaliatory Attacks From Russia

Anna Delaney •  June 29, 2022

"I'm concerned that at some point the Russians are going to launch cyber retaliatory attacks against the United States at election infrastructure and the transportation, financial and energy sectors," says Elvis Chan, supervisory special agent at the San Francisco Division of the FBI.

The Future of Corporate Network Security on the Internet

Anna Delaney •  June 29, 2022

The emergence of remote working, the cloud, and digital transformation initiatives are prompting companies to look toward replacing traditional on-premises firewalls, say Perimeter 81 co-founder and CEO Amit Bareket and CMO Gily Netzer. They discuss the future of securing hybrid work environments.

Move From a Reactive to a Proactive State With Intelligence

Michael Novinson •  June 29, 2022

Building out a threat intelligence program is no easy feat for even the largest and most resource-rich organizations, and the challenges are only amplified for smaller companies that have limited budget or personnel, according to AJ Nash, ZeroFox's vice president of threat intelligence.

Mitigating the Impact of Ransomware With Data Science

Anna Delaney •  June 27, 2022

Unlocking the data generated by ransomware attacks is helping organizations better understand the risks, adopt defensive technologies and prepare for future attacks, says Wade Baker, partner at Cyentia Institute. He discusses new data on how quickly organizations are remediating vulnerabilities.

Strategies for Reskilling and Filling Cybersecurity Jobs

Anna Delaney •  June 27, 2022

The gap between cybersecurity workforce demand and the number of skilled workers available to fill those jobs widened during the pandemic. So organizations need to take a multi-pronged approach to attract, reskill and retain employees, says Vishal Salvi, CISO and head of cyber practice at Infosys.

Bridging the Divide Between Digitization and Cybersecurity

Anna Delaney •  June 27, 2022

The move to remote working has created two sets of tools, policies and personnel that are making it harder for security teams to protect the enterprise, says Airgap Networks CEO and co-founder Ritesh Agrawal. He discusses how Airgap is addressing the challenges of hybrid work.

Profiles in Leadership: John McClure

Mathew J. Schwartz •  June 27, 2022

Emerging cybersecurity guidance from the U.S. Securities and Exchange Commission is helping to make boards of directors more informed and more eager to discuss cyber risks and how to mitigate them, says John McClure, CISO of Sinclair Broadcast Group.

Profiles in Leadership: Ankit Patel

Michael Novinson •  June 27, 2022

Humana Business Information Security Officer Ankit Patel says the doctors, physician assistants and leaders that he deals with on a daily basis are laser-focused on providing care to patients and consider technology and security only as it relates to providing patient care.

Profiles in Leadership: Jeff Farinich

Anna Delaney •  June 27, 2022

It was the ultimate challenge: Build a cybersecurity program from scratch. Three years later, Jeff Farinich, CISO of New American Funding, talks about the transformation, aligning security with business needs and helping raise the bar on the enterprise's security maturity.

Latest Blow Falls on the 'Scourge of Passwords'

Information Security Media Group •  June 27, 2022

Tired of keeping track of passwords? Recent announcements by major platform vendors Google, Apple and Microsoft could have passwords down for the count in the next six years, says Andrew Shikiar, executive director of the FIDO Alliance, which has been on a 10-year mission to eliminate passwords.

Profiles in Leadership: Rich Lindberg

Anna Delaney •  June 24, 2022

Rich Lindberg, CISO of JAMS, didn't set out to have a career in cybersecurity. Instead, he sought to make a living at what he enjoyed - programming. "I embraced fun," he says. Now he wants to help others do the same by growing the diversity of the industry workforce.

'When, Not If': Crafting Cyber Resilience Plans That Work

Mathew J. Schwartz •  June 24, 2022

To excel at cybersecurity incident response, start with planning, preparation and, ideally, regular tabletop exercises, say Kevin Li, CISO for MUFG Securities Americas, and Rocco Grillo, managing director of Alvarez & Marsal's Disputes and Investigations Global Cyber Risk Services practice.

How Security Risks Might Halt the Use of AI in Applications

Michael Novinson •  June 23, 2022

Modern applications and architectures are permeating more deeply into organizations to transform back-office functions as well as those that directly affect the customer experience, according to Kara Sprague, F5's executive vice president and general manager of application delivery.

How to Mitigate Emerging Security Threats Against the Cloud

Michael Novinson •  June 23, 2022

The need to secure cloud workloads and environments isn't new, but a surge of funding and attention has come to the sector over the past year. One of the most acclaimed cloud security startups has been Wiz, which in October raised $250 million on a $6 billion valuation.

How Ransomware Has Changed the Nature of Risk

Anna Delaney •  June 23, 2022

Ransomware has changed the risk landscape for suppliers and is forcing companies to reconsider their risk relationships, says Kelly White, co-founder and CEO of RiskRecon. He discusses the correlation between cyber hygiene, ransomware and data loss.

The State of Phishing and Email Security

Anna Delaney •  June 22, 2022

"Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.

Why Diversity Is the Defender's Greatest Weapon

Anna Delaney •  June 22, 2022

CISO Patricia "Patti" Titus says the cybersecurity sector is "still struggling" with the diversity and inclusion it requires. "The things we do really impact all of our end users, employees and customers," she says, so you need "the broadest skill set possible when you're making decisions."