Hundreds of IT professionals, business leaders, and Chief Information Security Officers joined us for a Fireside Chat with renowned Cybersecurity Journalist Brian Krebs on Thursday, November 17. During this 45-minute webinar hosted by Andrew Baird, TierPoint’s VP of Marketing, and moderated by Paul Mazzucco, TierPoint’s CISO, Krebs provided insight into a multitude of questions relating to cybersecurity.
Miss this virtual event or need a refresher? Here’s a quick recap of the Q&A.
Pressing headline relating to cybersecurity
Paul and Brian began the webinar with a big topic in tech: the recent executive conviction after the Uber data breach.
The Uber data breach conviction
- How did the data breach impact the modern CISO and who is ultimately at fault? According to Krebs, this primarily impacted CISOs by making them feel a little more hesitant in this role. Overall, it was a good reminder of the importance of maintaining transparency as a leader as “it’s the cover up” that gets companies and individuals in trouble.
All in all, it’s hard to pinpoint exactly who was to blame for this breach because there’s still so many unknowns. For example, how good was the person in charge of security at the organization when it came to the documentation of security challenges, what was broken, and the timeline for resolving issues? How effective were they at communicating these known challenges and plans to key stakeholders and leaders? How did the leaders make decisions based on the information they received from the CISO?
In Krebs’ opinion, “It’s not the job of the CISO to assume all the cyber risk of the organization, but to inform higher-ups of the risks,” as well as make business and risk cases for additional investments in security.
- Will this conviction make organizations outsource their CISO? Krebs noted that he wouldn’t be surprised if this is one of the outcomes, however, many organizations were already outsourcing at least some of these job functions before the 2022 Uber breach.
Ransomware trends and challenges
During this segment, Krebs provided his thoughts on a critical topic and growing threat for many organizations: ransomware.
- How has ransomware changed in the last year? According to his research, Krebs noted that ransomware has mainly changed by “groups shifting to data exfiltration as their main source of revenue,” however, they’re still interested in getting as much access to sensitive data as possible.
Interestingly, Russia’s war against Ukraine has also caused some shifts in the cybercrime industry. How? Many hackers based in these areas have fled to neighboring countries and sanctions have made it more difficult for them to get paid. - What is the future of ransomware? In 2023, Krebs forecasts that we will see a rise in destructive attacks, such as data deletion and data corruption/manipulation rather than simply data encryption. It’s possible that often, after companies gain access to their data after a ransomware attack, they may question the integrity of their data files.
Responsibilities of the modern CISO
These days, CISOs are adopting more business-related responsibilities and tend to be responsible for providing education in the cyber security space, business growth, and securing stakeholders.
- What do you think the future role of a CISO might look like? According to Krebs, “CISOs need to understand that part of their job is being a translator;” and this will be a primary function in the future as discussions around security improvements and cost justifications continue to grow alongside the rise of cybercrime.
In his opinion, one of the best ways to discuss cyber security is by shifting the conversation away from security to resilience and availability; and convert the risk of downtime to monetary figures. How much would is cost the organization if they were unable to access data or use equipment for a week vs. How much do they need to spend on security-related investments?
After the primary fireside chat, Krebs and Mazzucco also covered a few of the most pressing questions submitted by attendees.
Stay tuned for more webinars in the future
Thanks to Brian Krebs for joining us and providing insight into such important topics! We’re also appreciative to everyone who tuned in. Be sure to keep an eye out on LinkedIn, Twitter, and Facebook for our upcoming events.