Cybersecurity

Cybersecurity

“As the security landscape has become more complex, companies have had to become smarter on new threat actors and attack vectors.” Tony Anscombe, Chief Security Evangelist, ESET Page 05

The “Shark Tank” star and founder of cybersecurity service provider Cyderes shares his top security tips for enterprise

“Technology-minded students and career-changers contemplating potential career paths would be well-served deciding on cybersecurity.”

Harper, Vice Chair of the Board of Directors, ISACA Page 07

Understanding the Concept of Reasonable Cybersecurity

Triggered by prevalent data breaches and a surge in state data privacy legislation, public dialogue now includes mentions of reasonableness alongside cybersecurity.

In its simplest form, reasonable cybersecurity refers to a level of security measures that are adequate and appropriate to protect data from potential risks and vulnerabilities. Think of it as an effective lock on your house door that keeps you safe from burglars. Here’s where it gets complicated:

The term “reasonable” is subjective — there’s no one-size-fits-all solution or standard template to define what constitutes reasonableness due to different types of data, varied regulatory requirements, and unique organizational needs.

Achieving reasonable cybersecurity isn’t straightforward, either. It’s not always about employing expensive high-tech solutions. It can be as simple as keeping your computer systems updated with the latest patches or using multi-factor authentication. The idea is to implement effective measures, commensurate with potential risk levels, based on available resources.

Just as we wouldn’t neglect basic personal safety measures like locking our doors at night or wearing seat belts while driving, we cannot afford to disregard “reasonable cybersecurity” despite its current ambiguity. It is indeed our best line of defense against changing cyber threats.

Written by Curtis Dukes, Executive Vice President and General Manager, Security Best Practices, Center for Internet Security

Navigating Boardroom Concerns: Top 6 Cybersecurity Risks and Challenges

The importance of cybersecurity in safeguarding a business’s assets, fi nancial resources, reputation, and investor confi dence cannot be overstated. As a result, boardrooms are increasingly recognizing the critical role cybersecurity plays in mitigating risks to their organizations.

Let’s delve into the six major concerns that are currently at the top of boardroom agendas regarding cybersecurity, ranging from data breaches and privacy violations to regulatory and legal risks. Understanding and addressing these concerns is essential for business leaders to demonstrate the strategic value of cybersecurity.

1. Data breaches and privacy violations Boardrooms express significant worry over data breaches and the exposure of sensitive data like intellectual property, financial records, and customer data. Failure in cybersecurity defenses can result in regulatory scrutiny, civil lawsuits, penalties, and loss of customer trust. Prioritizing data preparedness to prevent cyberattacks and privacy infringements is a top concern for boardrooms.

2. The SEC’s cybersecurity disclosure rules

The U.S. Securities and Exchange Commission (SEC) Risk Management, Strategy, Governance, and Incident Disclosure rules that came into effect last year have introduced a range of critical considerations for public company boardrooms. Namely, explicitly understanding the SEC mandate, establishing risk management and governance strategies, appointing oversight committees responsible for mitigating cyber risks, and, finally, disclosing “material” security incidents in annual reports.

3. Skyrocketing ransomware costs Ransomware attacks have become a major boardroom concern. Organizations that are victimized by sophisticated ransomware experience major disruptions and downtime, milliondollar extortion demands, legal and insurance implications, potential supply

chain stoppages, and erosion of business reputation. On average, businesses shell out about $5 million in ransomware recovery costs.

4. Evolving geopolitical threats

The Middle East conflict, the war in Ukraine, tensions between the United States and China, and general competitive pressures create conditions where statesponsored threat actors and hacktivists seek to attack organizations in order to disrupt them, steal sensitive data, or conduct espionage. Furthermore, there is a disturbing rise of threats to infrastructure by adversaries from antiWestern nations such as North Korea, Iran, and Russia.

5. The rise of AI-powered threats

Artificial intelligence and machine learning are arming malicious actors with new capabilities, enabling them to execute attacks more efficiently and with a higher degree of precision. Using AI, attackers can target or impersonate business executives and employees, use deepfakes to spread disinformation and undermine democratic institutions, automate cyberattacks, and expose

hidden vulnerabilities. AI introduces greater data security and privacy risks; employees share sensitive data with AI, which can lead to data breaches. Attackers can also prompt engineer AI to override its security protocols and manipulate it to reveal hidden data.

6. Supply chain security

The globalization of the supply chain introduces major cybersecurity risks, and this is raising boardroom concerns. Any breach or cyberattack on a supply chain partner can compromise the entire ecosystem. Cybercriminals tend to target weaker links in the supply chain or attack software supply chain vendors to infiltrate larger, more secure organizations.

Demonstrating cybersecurity proficiency to investors and stakeholders is no longer an obligation — it has become a liability. It is imperative that security leaders alleviate boardroom concerns by reframing cybersecurity as a strategic investment and aligning security objectives with business goals.

Written by Steve Durbin, Chief Executive, Information Security Forum, securityforum.org

Taylor Rice introduces privacy risks; with AI, Attackers override manipulate it to chain risks, concerns. supply the entire to target or attack to infiltrate organizations. stakeholders has imperative that boardroom cybersecurity as a aligning security Executive,

Effective Cyber Risk Management — as a Foundation of Enterprise Protection

Effective cyber risk management is essential for protecting enterprises in today’s digital landscape. As organizations increasingly rely on technology, the potential for cyber threats grows, making it crucial to integrate cyber risk management into broader enterprise risk-management strategies.

Transitioning

to risk-based cybersecurity

Many organizations are shifting from a maturitybased approach to a risk-based cybersecurity framework. This transition allows institutions to prioritize their cybersecurity efforts based on the specific risks they face, rather than merely assessing their maturity level in cybersecurity practices. By focusing on risk, organizations can allocate resources more effectively and enhance their overall security posture.

1. Integrating cyber risk into enterprise risk management

Integrating cyber risk management into enterprise risk management (ERM) is vital for comprehensive protection. This integration ensures cybersecurity strategies are aligned with the organization’s overall risk management objectives, leading to more effective mitigation of cyber risks. By evaluating cyber risks in the context of potential impacts on business operations, organizations can better protect critical assets and maintain operational continuity.

2. Governance and compliance

Establishing robust governance structures is a key component of effective cyber risk management. Organizations should adopt an integrated governance, risk, and compliance approach to enhance their cybersecurity maturity. This framework not only helps in managing IT risks, but also ensures compliance with relevant regulations and standards, thereby reducing vulnerabilities.

3. Specialized risk-scoring frameworks

Utilizing established frameworks, such as the FAIR (Factor Analysis of Information Risk) framework, can significantly enhance an organization’s ability to quantify and manage cyber risks. These frameworks provide structured methodologies for identifying, assessing, and mitigating risks, which is essential for informed decision-making.

4. The role of cyber threat intelligence

Cyber threat intelligence (CTI) plays a crucial role in enhancing cyber risk management by providing organizations with actionable insights into current and potential threats. This intelligence can be categorized into three

main types: strategic, operational, and tactical, each serving different purposes in the riskmanagement process.

Enhancing decision-making

CTI supports informed decision-making by equipping security teams and executives with knowledge about emerging threats and vulnerabilities. For instance, strategic threat intelligence helps organizations understand broader cyber threat trends within their industry, allowing them to align their risk-management strategies accordingly. This alignment ensures that resources are allocated effectively to mitigate the most pressing risks.

Improving incident response

Operational and tactical threat intelligence enhances an organization’s ability to respond to incidents. By providing detailed information about specific threats, such as indicators of compromise and attack vectors, CTI enables security teams to triage cyber-attacks more effectively and implement appropriate countermeasures. This proactive approach minimizes the potential impact of cyber incidents on the organization.

AI-powered risk assessment

Artificial Intelligence (AI) also plays a vital role in risk-assessment. By analyzing threat data, organizations can quantify their cyber risks in financial terms, which is essential for compliance with regulations and for evaluating the effectiveness of existing security controls. This quantification helps organizations prioritize their cybersecurity investments and make informed decisions about risk-management strategies. AI systems are adept at identifying threats more quickly and accurately than traditional methods. By analyzing vast amounts of data in real-time, AI can detect anomalies and potential threats that may indicate a cyber-attack. This capability significantly reduces the time it takes to respond to incidents, thereby minimizing potential damage to an organization’s digital infrastructure. One of the core competencies of AI is its ability to aggregate and interpret data, which is crucial for producing predictive insights in risk assessments. By analyzing historical dark web data and current threat intelligence, AI can forecast potential risks and vulnerabilities,

enabling organizations to implement preventive measures before incidents occur.

AI also creates detailed inventories of IT assets, which is essential for effective risk-management. By maintaining an accurate and comprehensive view of all devices, users, and applications within an organization, AI helps identify which assets are most vulnerable and require immediate attention. This asset management is critical for prioritizing risk mitigation efforts.

Resecurity has developed a proprietary AI-driven engine (CONTEXT AI), enabling cybersecurity professionals to leverage the power of data and advanced analytics to protect their critical business assets. The solution has been successfully introduced for C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) and cyber risk-management applications for major insurance providers and Fortune 100 corporations facing new security challenges and advanced threat activity originating from nation-state actors, organized crime, APT, and cyberespionage groups.

In conclusion, effective cyber risk-management serves as a foundation for enterprise protection. By adopting a risk-based approach, integrating cyber risk into ERM, establishing strong governance, and utilizing established frameworks, organizations can significantly enhance their resilience against cyber threats. This proactive stance not only safeguards sensitive information, but also supports overall business objectives in an increasingly complex digital environment.

Robert Herjavec and John Ayers, leadership team members of the cybersecurity service provider Cyderes, share how businesses of all sizes can protect themselves from cyber threats.

The cybersecurity landscape is constantly evolving, with new threats emerging every day. In your experience, what do you consider to be the most significant changes or trends in the cybersecurity threat environment over the last few years?

Robert Herjavec: We are seeing new and emerging threats every day. Over the last few years, we have seen a few things that are most notable: a dramatic rise in ransomware attacks that are now targeting our most critical infrastructure from manufacturing to healthcare, increased sophistication of social engineering tactics powered by AI, the growing threat from IoT vulnerabilities, the widespread adoption of application-based devices leading to new security challenges, and early increasing use of artificial intelligence (AI) by both threat actors and offensive security teams, such as Cyderes, to enhance their capabilities. I believe this is all fueled by the shift toward remote work during COVID.

With the rise of cloud-based infrastructure, how can organizations ensure their cloud environments are properly secured against evolving threats?

John Ayers: The cloud seems to be an area where we think we need different things to protect it, but the same approach we take to protect a local network can be used for the cloud. Some of the ways are:

• Create strong passwords for all accounts and services, especially those with high privileges or access to sensitive information.

• Enable multi-factor authentication (MFA). MFA is a basic but effective way to prevent unauthorized access to cloud services.

• All the big cloud providers offer built-in security services and features to enhance cloud security. Leverage them.

• Monitor for misconfigurations and suspicious activity.

• Stay informed and educated about cloud security trends and changes. Again, most cloud providers have ways to sign up for notifications.

Advanced Persistent Threats (APTs) are some of the most dangerous and sophisticated attacks organizations face today. How can companies detect, defend against, and recover from APTs? What role do threat intelligence and proactive monitoring play in countering these attacks?

Robert Herjavec and John Ayers on the Importance of Cybersecurity in Business Strategy

We designed this service to give clients the ability to “See More, Stop More.” How do we do this? Think of it as a big oil refinery. We bring all that oil (intelligence) and refine it into gas to power services like MDR and EDR to help clients improve the ability to see what battleships are forming, which we call “finished intelligence.”

This intelligence then enables clients to outline how to defend against the potential threat actors that are coming.

Given the cybersecurity skills shortage, why should SMBs consider managed services to bolster their in-house capabilities?

• Encrypt data. Encryption protects data from unauthorized access by transforming it into a code that only those with the correct key can decode.

• Restrict access to cloud services and data to reduce the number of people who could potentially attack.

• Perform regular backups. Backups can run in the cloud or on an in-house physical infrastructure. Use immutable backups to ensure data remains safe even if a server is breached.

JA: The biggest advice here is to adopt a defensein-depth approach. This approach helps clients detect, alert to defend, and recover from APTs.

Some of these approaches include advanced threat detection tools like MDR (Managed Detection and Response), EDR (Endpoint Detection and Response), the adoption of regular penetration testing, employee security awareness training, and a well-defined incident response plan, allowing for swift identification and containment of potential breaches.

You also asked how threat intelligence plays a role in this effort. Cyderes recently launched a service called DARC4 Threat Research Labs.

RH: The first reason is cost savings. Managed services can help reduce not only operational costs and IT operating expenses, but also people costs, in that this reduces time combating cyberattacks and allows them to focus on their core business.

Also, improved security. Managed services improve security outcomes by providing consistency such as network monitoring, regular updates, and maintenance. This can increase productivity by allowing an SMB client to focus on managing the business and letting Cyderes help manage the ever-changing cyber regulations and threat landscape while reducing the risk. More important is the access to expertise and resources that an SMB may not have in-house.

Strengthening the Cybersecurity Skills Gap in Southern California

A global leader in cybersecurity is helping arm local businesses against advanced cyberattacks.

Aglobal leader in cybersecurity is helping arm local businesses against advanced cyberattacks.

For more than three decades, digital security company ESET has shielded organizations and governments worldwide from cyberthreats. Dedicated to educating businesses and local communities on cybersecurity best practices, ESET has established itself as a trusted partner from its San Diego local headquarters, and this Southern California connection only strengthens its commitment to promoting digital safety.

It’s complicated

As an advocate for cybersecurity education, ESET chief security evangelist Tony Anscombe knows the importance of enlightening online users about cyber risk, and the benefits of threat intelligence and the need for continuous monitoring.

“As the security landscape has become more complex, companies have had to become smarter on new threat actors and attack vectors,” Anscombe said. “Threat intelligence services provide data feeds that allow cybersecurity teams to make informed decisions about potential risks and attacks, and to take the necessary measures to detect and respond to them, automatically or through further investigation.”

ESET offers AI-powered solutions that are underpinned and strengthened by real-time threat intelligence, malware identification and detection, and incident response backed by researchers in 11 R&D centers around the world. These threat-hunting researchers

are actively detecting emerging and zero-day threats, tracking global threat actors and disrupting cyberespionage operations.

Addressing the talent shortage Cybersecurity defense against today’s sophisticated cyberattacks require experts to monitor systems 24/7, something that can prove too complex for most companies to manage, Anscombe notes.

“It’s important the environment remains under constant scrutiny so incidents are dealt with quickly and efficiently,” he explained. “If a security incident is not quickly responded to, it can escalate to something more serious, potentially stopping the business from operating or posing a reputational risk.

According to ISC2, two-thirds of organizations struggle to fill critical positions. For larger enterprises, securing and retaining staff with these abilities may be achievable.

“For smaller or mid-size companies, building a team may be challenging,” Anscombe noted, “which is why they are finding value in outsourcing and using managed detection and response (MDR) services where experts monitor and manage customers on a 24/7 basis.”

MDR can fill a huge gap here, providing companies of all sizes with specialized experts to manage more advanced cybersecurity operations and continuous monitoring for incoming alerts and potential threats. Choosing the right partner and establishing a trusted relationship can provide an extension of the internal team, allowing companies to focus on growing their core business while leaving the security operations to the partner.

Going the extra mile ESET launched ESET MDR in 2024, a right-sized offering for small businesses that combines AI-powered automation with human expertise and comprehensive threat intelligence, enabling organizations to immediately respond to incidents and enhance their security posture.

“Adversaries increasingly target SMBs who are vulnerable due to their lack of expertise, capacity, or both,” said Ryan Grant, senior vice president of sales and marketing at ESET North America. “ESET’s approach significantly reduces the risk of SMBs falling victim to ransomware attacks and other forms of security incidents, and can help them meet increasingly stringent cyber insurance and compliance regulations.”

For larger, more sophisticated companies requiring more customized support, ESET MDR Ultimate provides complete cyber risk management, robust threat hunting, and world-class ESET expertise on call, available 24/7.

A milestone event ESET recently cut the ribbon on its state-of-the-art headquarters in downtown San Diego.

“At ESET, we’re committed to making a difference, not only in the

cyber world, but in the everyday lives of the communities where we operate,” noted Grant. “We have an established history of local engagement and cybersecurity awareness in San Diego, and this was a key factor in our decision to double down on our local presence.”

Based on the company’s unwavering commitment to Southern California, the San Diego Business Journal awarded ESET a 2024 Cybersecurity Stewardship Award for Cybersecurity Awareness in the private company category.

Involved with numerous foundations in the region, the company will support more than 200 employees at its new headquarters. The office is home to ESET’s North America customer support team, which provides business customers with localized support via email, phone, and live chat.

ESET also offers online support forums to foster engagement with company experts on trending topics and emerging product issues. This high-touch support operation captured a 2023 SC Award in Excellence for Best Customer Service, one of the cybersecurity industry’s most prestigious accolades.

Written by Cindy Riley

To learn more, visit eset.com

Zero Trust and AI: Essential Cybersecurity Strategies for Modern Enterprises

Our panel of experts shares their insights on recent data breach trends and what organizations must learn to bolster their defense strategies.

Ransomware continues to be a significant threat. What are the most effective strategies for defending against such attacks?

Tony Anscombe: The majority of ransomware attacks involve social engineering, the exploitation of vulnerabilities, or a mix of both, providing cybercriminals access to business assets prior to any malware infection. Detecting this unauthorized access requires advanced technologies, such as Endpoint Detection and Response (EDR).

As cyberattacks have become more sophisticated, businesses need to understand their attack surface and implement technologies designed to detect unauthorized incursions and zero-day threats. Advanced technologies, such as EDR, vulnerability and patch management, cybersecurity awareness training, and backup and restore systems, are essential to protect a business from cyber threats.

With advancements in technologies like AI and machine learning, how can companies leverage these tools to improve their cybersecurity defenses against sophisticated attacks?

Joseph Steinberg: AI and machine learning are double-edged swords vis-à-vis cybersecurity. On the one hand, they can help defenders — for example, by allowing defenders to prioritize alerts far more effectively than

was possible before the AI era.

On the flip side, AI also improves the capabilities of attackers — for example, by allowing technologically unsophisticated criminals to generate attack code by feeding the AI a vulnerability report.

Ricardo Amper: To remain competitive, companies must employ AI-driven models capable of learning and adapting in real-time. This enables swift anomaly detection, proactive fraud prevention, and precise targeting of emerging threats. Beyond traditional static measures, advanced identity verification systems — such as biometric and liveness detection — are becoming indispensable. These technologies ensure highly accurate identity verification while preserving a seamless user experience, which is crucial for combating sophisticated threats like deepfakes and credential theft.

With remote work on the rise, secure authentication has become even more critical for managing access to corporate systems. What are the most effective solutions for ensuring secure identity verification in remote and hybrid work environments?

RA: The shift to remote and hybrid work has amplified the demand for secure, scalable identity verification. Traditional static credentials, such as

passwords, are insufficient for safeguarding decentralized workplaces, where security threats have significantly increased. Effective solutions must combine rigorous security measures with a seamless user experience to prevent unauthorized access. Layered biometric authentication offers a superior solution by establishing a secure and reliable baseline for identity verification.

What are your thoughts on the Zero Trust security model? How can enterprises effectively implement it?

RA: The Zero Trust model is grounded in the principle of continuous verification, requiring all users and devices to be authenticated, regardless of location. However, its effectiveness depends on implementing robust and adaptable identity verification systems. Traditional multi-factor authentication alone falls short in addressing advance threats like AI-driven fraud, deepfakes, and social engineering attacks. To meet these challenges, companies must integrate advanced biometric technologies, ensuring higherlevels of security.

JS: Achieving Zero Trust requires a major technological transformation that involves a significant investment of time, energy, and money, as well as robust planning in advance of implementation. From a practical standpoint, therefore, achieving Zero Trust is a process or a journey, not an

overnight change or a binary “have or have-not” destination.

That said, investing in migrating toward a Zero Trust model can be well worth it. The industry-standard “castle-and-moat” approach was never ideal, and today, it is, at best, obsolete, if not downright impotent.

What trends have you observed in data breaches over the past few years, and what can organizations learn from these incidents?

TA: Data breaches are, unfortunately, a common occurrence as cybercriminals understand that exfiltrated personal data has value and can either be exploited directly or used as part of a broader extortion threat. It’s important that companies continually secure data. For example, regular assessments should be carried out to determine who has access and whether they need access.

JS: I serve as an expert witness on many cases involving data breaches. One observation that may surprise many people is that so many costly breaches were easily preventable if only the teams that designed and implemented security had taken into account the realities of the modern world. In the modern era, for example, it is common knowledge that user credentials are regularly compromised and that multi-factor authentication suffers from all sorts of vulnerabilities. Organizations that adopt such models are effectively asking for problems.

Cybersecurity: A Dynamic and Impactful Career Field

Strengthening cybersecurity has become one of the most urgent — and universal — needs for both corporations and nationstates in recent years.

Regardless of geography, the size of the enterprise, the type of industry, or whether it operates in the public or private sector, organizations must tackle an increasingly challenging security landscape with phishing, ransomware, supply chain attacks, and a variety of artificial intelligence-powered attacks all posing significant threats. Countries face similar adversity with the complex and fast-changing threat environment. Not only do cybersecurity incidents often result in major financial, political, and legal distress, but they also undermine stakeholder trust, which can be even more damaging in the long term. Consequently, the board of directors and cabinet-level public sector leaders must develop capabilities to aptly manage cyber risks.

It is not high-level leadership, however, that must do the hands-on work of fending off attackers, and there remains a pressing need for reinforcements in the cybersecurity ranks. Despite organizations increasingly recognizing the importance of cybersecurity, longstanding skills shortages persist. According to ISACA’s 2024 State of Cybersecurity report, the majority of organizations (57%) have

understaffed cybersecurity teams, and 38% report they do not have cybersecurity positions that need to be filled. There is also a definitive need to attract more women and other underrepresented populations to address some of these gaps in the field.

Not only are cybersecurity roles generally in-demand, good-paying, and highly impactful, they also are intellectually stimulating.

Flexible job requirements

The good news is that there are plenty of legitimate selling points to attract more practitioners to the profession. Not only are cybersecurity roles generally in-demand, good-paying, and highly impactful, they also are intellectually stimulating. Succeeding in today’s cybersecurity discipline means constantly being vigilant for new

threats, keeping abreast of the latest developments in emerging technologies such as artificial intelligence, and becoming conversant in business concepts so that cyber risk can be adequately communicated to enterprise leaders. Cybersecurity also requires uniquely human traits which continue to make practitioners indispensable even in an era of increased automation. In fact, the automation of many mundane tasks frees up time for human practitioners to make their work more engaging by focusing on how to apply critical thinking, ingenuity, and problem-solving skills in their roles.

While many teams have open roles, the percentage of organizations with open cybersecurity roles has declined overall. Credentials, especially those that test both hands-on experience and knowledge, are an excellent way for candidates to distinguish themselves.

Career advancement

A cybersecurity career can also be leveraged toward leadership opportunities. While many cybersecurity practitioners start out in more operationally focused roles, cyber risk is also a business risk, and security is a

key enabler of digital transformation and digital trust, creating natural pathways to senior management roles such as information security managers and chief information security officers. Taking on important activities such as developing and executing a business’ cybersecurity roadmap and reporting cyber risk to the board and executives provide excellent opportunities for security professionals to advance their careers.

Technology-minded students and career-changers contemplating potential career paths would be well-served deciding on cybersecurity. Even as technological advancements continue, the human element in cybersecurity — complementing AI, and other tools and technologies — remains essential for entities to adequately defend their valuable assets and preserve customer trust. Those looking for a career in which they are likely to be in high-demand, well-compensated, intellectually challenged, and have the opportunity to play a critical role in their employer’s wellbeing are excellent candidates to fill the cybersecurity pipeline.

Written by Niel Harper, Vice Chair of the Board of Directors, ISACA