The World Economic Forum ranked cybercrime among the top seven risks of highest concern to organizations in its Global Risks Report 2020. While there is still a broad spectrum for cyber attacks—ranging from the simple and mundane, to more sophisticated advanced persistent threats, to complex nation state attacks, attackers continue to raise the bar in terms of techniques and exploits. The COVID-19 pandemic and quarantine efforts around the globe provided even greater opportunity for attackers to prey on the chaos and confusion. The constantly evolving threat landscape requires that organizations continually adapt new approaches to cybersecurity.
Qualys addressed this issue during a CISO panel discussion at the Qualys Security Conference (QSC) EMEA 2021 earlier this year. Giuseppe Brizio, CISO EMEA for Qualys facilitated the roundtable, which included former Qualys CEO Philippe Courtot, and current interim CEO and Chief Product Officer Sumedh Thakar, along with Jared Carsten, CISO at CRH, Bruno Laurent, Cyber Defense Head for AXA, and Alain Simon, Corporate VP and CISO for Amadeus. The panel talked about the challenges organizations face today with cybersecurity, and shared strategies for reducing threats in the digital world.
Giuseppe set the stage for the conversation—kicking things off by addressing the dramatic acceleration of digital transformation that many organizations experienced as a response to the COVID-19 pandemic and the need to very quickly shift the entire business model to enable and support productivity for an entirely remote workforce. He then asked the panel to describe the reality of the cybersecurity challenges they are facing today.
Jared Carsten responded by describing just how different the world looks now as opposed to the very beginning of 2020. Business needs and IT security priorities shifted significantly and the attack surface quickly became broader and more challenging when COVID-19 hit. He explained, “It was something that I don’t think any of us could have foreseen or could have planned for. It was—for the lack of a better phrase—the ‘ultimate disaster recovery’, or remote security exercise that we could have been put into.”
Further into the discussion, Giuseppe stresses the advantage of a risk-based approach to cybersecurity and points out that cybersecurity risk is business risk and that organizations need to treat it as such. Sumedh weighs in to describe the importance of core fundamentals and focusing on three critical things—comprehensive visibility of the assets in your environment, effective security posture and patch management, and continuous monitoring to detect and respond to suspicious or malicious activity.
The attack lifecycle is also moving faster—which means that security has to be able to respond more quickly. Sumedh emphasized, “You want [security] to be more real-time—you want it to be immediate. You want to be able to respond much quicker than what we have looked at in the past.”
This is just the tip of the iceberg. The panel shares a number of valuable insights that can help other organizations embrace digital transformation and adapt to the post COVID-19 world without sacrificing security. The full panel discussion is approximately 45 minutes long. You can watch the recording of the QSC EMEA CISO panel discussion here: Cybersecurity in the Digital Age…It’s a New Dawn!