Source: Venture Scanner
“The Sony attack was a wake-up call to most of us practitioners,” says John Graham, referring to the 2014 breach of Sony Pictures computer systems when hackers stole a rich trove of confidential documents and posted them online. Malicious and destructive intent increasingly characterizes cyberattacks. And the victims of these attacks could be random: “The [cybersecurity] game has changed,” says Graham, “with what I would call drive-by’s, where the attacks are not targeted specifically at us as a company.”
Graham is chief information security officer (CISO) at Jabil, provider of advanced manufacturing solutions to technology and electronics companies worldwide. Before joining Jabil in 2013, Graham has served in senior cybersecurity, risk management, compliance, and IT management positions at First Data Corporation, McKesson, Capgemini Consulting, SunTrust Banks, and HP. Last year, Graham was selected as the Information Security Executive (ISE) of the Year Award winner for the ISE Southeast Region.
To be a successful Chief Information officer (CISO) today, “you have to be a good translator,” says Steve Martino. This means translating the business strategy to the risk the company is willing to take. Instead of talking about “malware” and “DDoS,” CISOs should explain to their companies’ boards and business leadership what security technologies and trends mean in terms of risk to the business and the resources and processes required to mange that risk.
Martino is vice president and chief information security officer at Cisco. He leads the company’s Information Security organization and has more than 30 years of experience in security, IT operations, product development and operations, marketing, and sales.
Chief Security Information Officers (CISOs), says Roland Cloutier, are becoming “first and foremost business leaders.” The way he sees it, cybersecurity today is an important component of any business’ critical success factors. Cloutier calls the new discipline “operational risk management,” helping his company make good business decisions.
Cloutier is senior vice president and chief security officer at ADP, one of the world’s largest providers of business outsourcing solutions. Before joining ADP in 2010, he has held senior security-related positions at EMC and various consulting and managed security service organizations and served nine years in federal law enforcement. Cloutier was recognized by Security Magazine as one of the most influential people in security and is the author of Becoming a Global Chief Security Executive Officer: A How To Guide for Next Generation Security Leaders.
The job of Chief Information Security Officers (CISOs), says Andy Ellis, is not to eliminate risks. “Our job is to help our companies make wiser risk choices,” is how Ellis describes the new cybersecurity paradigm. The way he sees it, the chief security officer is an educator, helping business executives understand the security risks and trade-offs involved in their decisions and actions.
Ellis is Chief Security Officer at Akamai, provider of Content Delivery Network (CDN) services, ensuring a fast, reliable, and secure Internet for its customers. For the last 17 years, he has worked in various security-related positions at Akamai and today he is responsible for overseeing the security architecture and compliance of the company’s worldwide distributed network. I maybe going out on a limb here, but I would venture to declare Ellis the only business executive ever to be awarded the quadruple crown of the CSO Magazine Compass Award, the Air Force Commendation Medal, the Wine Spectator‘s Award of Excellence, and the Spirit of Disneyland Award.
It is somewhat safe to predict that AI will continue to be at the top of the hype cycle in 2018. But the following 51 predictions also envision it becoming more practical and useful, automating some jobs and augmenting many others, combining machine learning and big data for fresh insights, with chatbots proliferating in the enterprise.
Like death and taxes, there are only two safe predictions about cybersecurity in 2018: There will be more spectacular data breaches and the EU General Data Protection Regulation (GDPR) will go into effect on May 25. But as the continuing digital transformation of our lives entails the ongoing digital transformation of crime, vandalism and warfare, 2018 could also bring a lot of new takes on old vulnerabilities, some completely new types of cyberattacks, and successful new defenses.
The following list of 60 predictions starts with three general observations and moves to a wide range of cybersecurity topics: Attacks on the US government and critical infrastructure, determining authenticity in the age of fake news, consumer privacy and the GDPR, the Internet of Things (IoT), Artificial Intelligence (AI) as a new tool in the hands of both attackers and defenders, cryptocurrencies and biometrics, the deployment of enterprise IT and cybersecurity, and the persistent cybersecurity skills shortage.