Three key takeaways from SecureWorld Charlotte

Generative AI, technology spending, and foundational security principles were key themes at the information-packed conference.

If you guessed that a dominant theme at SecureWorld Charlotte would be Artificial Intelligence, you would be correct. But while AI is demanding attention from all security professionals, conversations about security fundamentals and funding are still center stage. Here are our three key takeaways from the event:

We Can’t Forget the Basics

Cyber threats may be evolving, but traditional attack methods aren’t going anywhere.
While much attention is now drawn to the challenges new tech may pose, cybersecurity leaders from various industries emphasized the ongoing relevance of traditional hacking methods such as brute force attacks, social engineering, and malware.

These strategies, though considered “old”, are surprisingly effective due to human vulnerabilities. The continued use of weak passwords is a shining example of such a vulnerability. As is the susceptibility of humans to sophisticated phishing scams. These simple, but clear vulnerabilities perpetuate the use of traditional tactics.

As we fortify defenses against new threats, it’s critical not to overlook safeguarding against traditional attack methods. The key lies in maintaining vigilance against the full spectrum of cybercrime, both old and new.

Strategies for combating traditional cyber threats:

• Employee Education: Conduct regular training sessions to make employees aware of different types of threats, how to identify them, and how to respond.
• Routine Audits: Perform routine security audits and vulnerability assessments to identify and rectify weak points before exploitation.
• An External Point of View: Engage a trusted consultant or partner to look at things from a new point of view and catch vulnerabilities you may not have visibility to.

AI Roadblocks Are Real, But Surmountable

There is no doubt that AI has the potential to create cyber superheroes. However, many cybersecurity professionals are struggling with adoption and usage.

The lack of industry agreement on a framework for AI use, governance, and standardization are huge roadblocks to adoption and utilization because organizations are left to independently develop essential guardrails.

Cybersecurity professionals are also struggling to trust AI – can it assist them without displacing them at the same time?

This fear, coupled with a lack of governance and standardization, makes for a challenging AI journey. But that journey can be made much less arduous if it starts on solid ground.

Unlocking the value of AI while creating the right protections is possible. If the right actions are taken up front, roadblocks can be overcome.

Essential actions to effectively leverage AI:

• Make Continuous Learning and Awareness a Priority: Actively stay informed about the direction of AI development, understand its trajectory, and recognize factors that can hinder its success.
• Education on AI Models: Invest in understanding the distinctions between various AI models to avoid compromised performance.
• Prioritize Data Quality: Ensure that high-quality data is fed into AI models to avoid compromised performance.
• Address Diversity and Inclusion Risks: Stay vigilant about potential biases and discriminations in AI outcomes; be proactive in addressing diversity, equity, and inclusion risks associated with AI technologies.
• Implement Prompt and Output Analysis: Develop processes to capture and analyze prompts and outputs for accuracy; leading to new guidelines and potentially finding malicious intent.
• Evaluate Hiring vs. Upskilling: Assess the cost and benefits of hiring AI expertise versus investing in upskilling talent within your organization.
• Comprehensive Training Programs: Provide training for those involved in utilizing and creating AI models to enhance understanding.

Funding for Cybersecurity Relies on Return

Four years ago, when the world grappled with the impact of COVID-19, investments in workplace technologies surged. Soon after, ransomware evolved, affecting business continuity in unprecedented ways. This prompted another wave of technology investments, primarily in cybersecurity.

Those investments have now changed.

Because some previous investments were made in haste, neglecting strategic integration or long-term sustainability, budgets are now under scrutiny, and organizations are evaluating their technology spending.

Showing return is critical, even for essential investments like cybersecurity.

To increase funding for cybersecurity initiatives, Chief Information Security Officers (CISOs) must not only quantify cyber risks but also articulate and quantify the benefits of their initiatives. The C-suite recognizes the critical nature of cybersecurity but now demands increased proof of performance.

Strategies to support increased cybersecurity funding:

• Identify “Table Stakes” Investments: Classify the foundational cyber capabilities that every enterprise organization requires and leverage that baseline data to justify investments in those areas.
• Tool Rationalization: Assess tool capabilities and interoperability to identify opportunities to maximize existing investments.
• Metrics and KPIs: These should include strategic, operational, and financial aspects related to cybersecurity. There are two primary stories you want to be able to tell with these KPIs:
  • The effectiveness of the investments in mitigating risk.
  • How the investments enabled the business to be more effective and efficient.

Between the innovation opportunities that lie with AI, and the continued prioritization of cybersecurity by the C-suite, it was clear that SecureWorld attendees and speakers all agree the future for cybersecurity is bright. They also agreed that while new challenges may arise, applying foundational principles and tactics can be extremely impactful. Do you agree?