We asked CISOs to tell us what they think are the biggest challenges facing the cybersecurity industry. From IoT to data privacy and data breaches. CISOs weigh-in to tell us what the cybersecurity landscape of the future will hold:
- “The next biggest #security challenge in today's dynamic world is the IT/IoT network convergence. The next wave of attack is to compromise and take over the control of #IOT devices and disrupt the human life. The biggest shortcoming with IoT devices are that we have less security controls available for these devices however we have higher adoption due to obvious reasons for ease of access and increase productivity.”
Vaibhav Pathak, CISSP - WinMagic https://www.linkedin.com/in/vaibhav-pathak-cissp-6512b71b/
- “Some of the main challenges we face include standard and regulation compliance, continued cloud application security, security by design, awareness of prevention measures and identification of weaknesses”
Tomer Shemesh, CISO - Ex Libris https://www.linkedin.com/in/tomer-shemesh-41357550/
- My biggest concern is the meta-effect. Yes, the security incidents will continue at an accelerating pace and will for the next few years at least, we have not hit "peak breach" by any means. But the longer this goes on the more inured people become to finger pointing and blame finding and the more helpless they will feel. Helpless people won't help themselves and that will make solutions that much harder to implement.
Bill Bonney, Virtual CISO - CISO Desk Reference Guide (1 & 2) https://www.linkedin.com/in/billbonney/
- “The human factor is a significant risk factor, it is not enough to take a specific measure, employee awareness is a continuous process that when done right, turns the origin of the problem into part of the solution. My goal is to no longer hear “this is phishing right? Because I opened the file and…”
Maytal Brooks-Kempler, CISSP - Helena, https://www.linkedin.com/in/maytalbrookskempler/
- Majority of the cyber breaches that made the headlines in 2018 were caused by phishing attacks, gaps in vendor risk management, credential theft, and lack of sophisticated security analytics for continuous monitoring. IMHO companies will continue to adapt their security program to protect against the similar threats in 2019 by tweaking awareness techniques, hardening the supply chain , and leveraging automation/AI/ML for security processes.
Gurdeep Kaur, CISO - PSEG, https://www.linkedin.com/in/gurdeepkaur/
- “In my opinion, an infosec leader’s role is to surface the existing risks the organization faces and manage them in the best way possible for the organizations, in cooperation with management. My main concern is from the fast pace of attacker’s capabilities and the sophistication of them, making it harder to identify threats. I believe infosec leaders need to learn from past mistakes and take a proactive approach”.
Moran Shalom, CISO - AU10TIX http://linkedin.com/in/moran-shalom-070049a8
- “The organization's cyber protection capabilities need to meet today’s existing risks that and anticipate the needs caused by planned business innovation. In order to be prepared in the best way and to foster business innovation, we should foster innovation in the world of cyber protection by using industry startup technologies.”
Shuky Peleg, Head of Cyber Defense and Information Security - MATAF http://linkedin.com/in/shukypeleg
- “One of the challenges for companies providing end-user services (such as Telcom companies) is to keep their customers/members data private and meet with GDPR requirements, and ensure their sub-processors are also maintaining the PII. In addition, data security in a cloud environment is a major challenge for organizations who chose to use hybrid or public cloud infrastructures. Another constant concern for information security leaders is the human factor.”
Ben Afshari, CISSP - Amdocs https://www.linkedin.com/in/benafshari/
- “While many organizations work daily on their level of security in the organization, we discover from time to time new breaches originating from corporate supply chains. Today, organizations are required to protect their information at any given time, including organizations suppliers and sometimes even sub-providers.”
Raphy Bitton, CISO - Comsec https://www.linkedin.com/in/raphy-bitton-cissp-85b23aa1/
- “In 2018, we devoted a serious part of our efforts on being pro-active decision-makers to mitigate supply chains risks. An effective supply chain risk solution depends on compatibility with the organization’s business strategy and mission statement, product families, markets and supply chain third-parties. By mitigating these risks, we allowed our customers to be more confident in our ability to deliver our product/service and therefore they were able to focus their energy towards the core aspects of their business.... saving lives!”
Yaniv A. Milhovitch, CISO - Viz.ai https://www.linkedin.com/in/yaniv-a-milhovitch-cissp-cism-cfr-ciotp-mcse-mcp-b8514b57/
- "The formula is apparent in the IT security; There are bugs… and people that take advantage of the bugs. The main challenges are:
- More inexperienced programmers and hardware developers.
- Billions of new devices (Computers, phones, IoTs [integrated and small devices])
- Much more data worth stealing
- Billions of new, inexperienced administrators and 'homeowners' that do not know how to secure a machine.
- More companies doing 'dumb things' like storing data on another company networked machine (cloud) without taking data protection and data privacy into consideration.
- Most of the companies having the issue with expert’s cybersecurity skills shortage to guard the company's information
In my opinion, information security experts should have:
- A solid technical background that covers as much as possible of the IT security infrastructure
- An intense experience in designing information security programs and operations.
- An aptitude and interest in information security
Take note, as an information security expert, that you have to match up to your attacker's strength or better yet, supersede it (Hunt the Hunter). Keep in mind, once you get the basics right, you can start building your expertise."
Fadi SODAH, IT Specialist - SDC Government https://www.linkedin.com/in/madunix/
We thank all the CISOs who participated and shared their thoughts.
Are you a CISO? Join the conversation and tell us what you think are the biggest challenges you will face this year.