Defending against cybersecurity threats is very expensive, said Michael Rogers, operating partner at venture capital firm Team8 and former director of the U.S. National Security Agency. But the costs for attackers are low, he told Data Center Knowledge. "Prioritizing cybersecurity solutions that provide smart, cost-effective ways to reduce, mitigate or even prevent cyberattacks is key," he said. "Inevitably, as we move to an increasingly digital world, these options are game-changers in safeguarding our society and digital future.” Some areas where cybersecurity automation is making a particular difference include incident response, data management, attack simulation, API and certificate management, and application security. ... "A lot of machine learning is being thrown at huge data sets," he said. "The analytics are getting better. And what do you do with that analysis? You want to do threat detection and response, you want to bring the environment back to a safer operating state. Now, these new tools are able to do a lot of this automatically."
Although D-Wave was the first company to build a working quantum computer, it has struggled to gain commercial traction. Some researchers, most notably computer scientist Scott Aaronson at the University of Texas at Austin, faulted the company for over-hyping what its machines were capable of. (For a long time, Aaronson cast doubt on whether D-Wave's annealer was harnessing any quantum effects at all in making its calculations, although he later conceded that the company's machine was a quantum device.) In the past few years, the company has also had trouble exciting investors: in March, it secured a $40 million grant from the Canadian government. But that came after The Globe & Mail newspaper reported that a financing round in 2020 had valued the company at just $170 million, less than half of its previous $450 million valuation. The company's decision to add gate-model quantum computers to its lineup may be an acknowledgment that commercial momentum seems to be far greater for those machines than for the annealers that D-Wave has specialized in.
As a new CISO, you should evaluate existing policies including cyber insurance, representation from legal teams, connections with incident response (IR) -- and also who is handling the firm's PR. Insurance providers may list recommended or approved IR and legal responders, and so CISOs need to make sure an organization's teams are either on the permissible list, or added to them. What is included in cyber insurance policies should also be explored. For example, does it cover ransomware infections or data theft and extortion, and if so, what is the limit of potential claims? You should also find out if you are covered when it comes to liability should you become part of a lawsuit due to a cybersecurity incident -- and whether or not the same applies to your team. ... Questions should be asked at leadership meetings which will give new security officers a fighting chance to perform well in their roles. This includes what cybersecurity budget is available -- and this is separate or part of general IT budgets -- and has there been an increase year-over-year?
Early cyber insurance policies only required filling out surveys on existing protocols. Now, insurers are moving toward active verification. “We need to be able to have a little more substantive evidence that you've done what you're saying you’re going to do,” says Soo. “This dynamic is causing a much-needed maturation in how the insurance industry is thinking about cybersecurity risks,” McNerny argues. “They are now thinking a lot harder about the kinds of controls they’d like to see in place.” Multi-factor authentication is among the primary cyber hygiene practices that is emerging as an industry standard. Reduction of attack surface, protection of credentials, and network segmentation will likely become necessary to secure coverage as well. And not all these factors will be the responsibility of a given organization’s cyber security team. According to McNerny, implementation will require a cultural shift. All employees need to be educated on how to prevent these attacks. “We often think in terms of technology,” he says.
Quote for the day:
"It is our choices that show what we truly are, far more than our abilities." - J.K. Rowling