January 24, 2023
As we look towards 2023, it is important to gain insight from top cybersecurity experts on the emerging threats and trends in the field. In this interview series, we spoke with four leading CISOs in order to gain their perspective on the threats, trends, and their personal goals as CISOs in 2023.
Meet our panel of distinguished CISOs who will impart their foresight and guidance on the future of cybersecurity in 2023.
Bradley Schaufenbuel is Vice President and Chief Information Security Officer at Paychex. He is a prolific author and speaker and advises several venture capital funds and startups.
Nicole Darden Ford is the VP of Global Information Security and CISO at Rockwell Automation. She is responsible for protecting the company's IT assets with scalable, future-ready platforms. She has over 20 years of IT strategic leadership experience in the corporate sector and federal government, including the Joint Chiefs of Staff. Nicole has guided complex organizations through security transformation journeys, built best-in-class cybersecurity programs, and led high-performing teams. Nicole has held similar roles at Carrier Global Corporation, and is known as a future-focused technology executive. She also serves on several cybersecurity and technology advisory boards and is an advocate for diversity and inclusion initiatives. Nicole has received multiple awards for her work in the field, such as the Top 100 CISO Award and CSO50 recognition.
An Information Security executive with over 17 years of experience heavily focused on empowering end users, securely. Ty currently serves as Vercel’s Chief Information Security Officer (CISO). Ty’s career was focused on developing application and product security programs for Capital One, JPMorgan Chase, LendingClub, and Target. Key areas of knowledge include developing security champions, threat modeling, secure code training, static code analysis, component analysis, dynamic analysis, penetration testing and red teaming. Outside of being a CISO, Ty is an active angel investor as part of Silicon Valley CISO Investment Groups (SVCI) and actively advises security start-ups. Ty graduated from Penn State University with a B.S. in Information Science & Technology and from Norwich University with a M.S. in Information Assurance. He currently holds a CISSP, CEH, CCSK and CPT.
Author and distinguished leader in information security. Chris brings many years of professional experience in operations management, project management, enterprise governance and information security in global teams. Chris is adroit at strategic acquisition and deployments within the enterprise IT environment and an expert leading cross-functional teams to maximize efficiency and productivity.
As we begin this series, we asked our panel of CISOs to share their expert predictions on the most pressing cybersecurity threats organizations will face in the year 2023.
"The top cyber security threats in 2023 will continue to be ransomware attacks. This is just simple economics.
Ransomware is so lucrative, it will continue to drive up the number of attacks. Similarly, the successes of ransomware will push more and more innovation in techniques and methods for executing this type of hack."
"There are a few threats I see looming up ahead for 2023.
The first has to do with the growing proliferation of AI and how that enables user impersonation. Verifying identities is central to authentication across various platforms and services. There are tools that everyone has access to that can help them deceive others. We see this already with ChatGPT, a tool that can allow individuals to create work on the fly, but in some cases ‘fake’ their work in a way that management won’t know that the person they hired wasn’t actually the one that did it. We are already seeing it in the media industry."
"Another point worth highlighting is the need to teach proper responses to cyber risk scenarios.
So many of the breaches we see today, perhaps the vast majority, originate with some form of human error or someone who is quick to click or respond to a text. How do we make sure our team knows how to identify phishing attempts? For a start-up with seven employees it may be easy to teach cyber hygiene and keep communication practices tight. But when a company wants to grow, it means that all of its practices need to be able to scale. Businesses are going to have to put a lot more energy into making sure their own users are doing their part to ensure the operating environments stay safe and secure."
"From my perspective, the most pressing concern right now as far as data security is supply chain and third party risk management (TPRM).
This is a trend I’ve seen developing not just over the past several months, but over years in the field. What’s unique about this threat is that we’re seeing it affect firms across the spectrum, from SMBs to Fortune 500 companies.
Thankfully, there's a lot of good work being done in both developing software tools that help automate the risk management workload, and also creating frameworks and standards for the data sphere as a whole. Dealing with the friction between security and business continuity however, is going to be tough. Securing the supply chain is useless if by doing so people are driving their business processes to a halt. This, in my opinion, is going to be the main challenge enterprises will face, namely incorporating sound TPRM protocols but doing so in a way that integrates smoothly with efficient and profitable business."
"A top concern is the threat to critical infrastructure and manufacturing. We know the cost of a ransomware attack for the critical infrastructure sector is the highest and can also have implications on national security, economic security, public health and safety. The growing number of attacks we’ve seen in this sector will not slow down, especially when considering geo-political tensions in the world and how nation-states use cyber-attacks as a weapon. There needs to be timely action on the part of critical infrastructure providers and manufacturers to accelerate their Operational Technology (OT) cybersecurity efforts to mitigate cyber risks."
May 2, 2023
Highlighted breaches in the Healthcare and retail industries including a recent FBI seize of a popular dark web forums
April 24, 2023
Boards can improve their visibility and ownership of corporate cyber risk management programs by following these best practices.