Darrin Reynolds, chief information security officer (CISO) at Edgio, recently attended the Gartner Security & Risk Management Summit, an annual event that brings together industry leaders to discuss emerging trends and best practices in cybersecurity. In an interview with Saudi Gazette, we sat with Reynolds to get his insights from the summit, including the key challenges facing CISOs today, the latest cybersecurity technologies, and strategies for mitigating cyber risks. As a seasoned cybersecurity professional with over 20 years of experience, Reynolds brings a wealth of knowledge and expertise to the discussion, offering valuable advice to organizations seeking to strengthen their cyber defenses.
What are the main pointers that came out of the Gartner Security & Risk Management Summit this year? Can you share regional examples?
A: The main takeaway, almost a mantra of sorts is that change is not the same as progress. The pace and volume of improvements continues to accelerate in the industry. Businesses must begin to learn to accept the gaps in their risk postures and adapt accordingly because there’s too much to do and not enough people to do the work in the security world. Cybersecurity personnel are still underappreciated, undervalued, discounted and yet in highly in demand.
What new technologies can we see emerging within the cybersecurity space in the year ahead?
A: Not strictly speaking in terms of technology, one of the trends we are going to see is ransomware payments becoming illegal. Governments will start to ban payments to hackers and ask companies to exercise enough cyber hygiene and enough foresight so that such that ransomware won’t be an issue for the company.
We are learning that hackers are weaponizing operational technology. This will hit manufacturing and construction and affect water supply or electrical grids. The goal will be to harm and cause human losses and that is something we are not prepared for into terms of cybersecurity.
Zero Trust Network Access (ZTNA) is going to be one of the buzzwords for the year but its still maturing and its not what people hope it will be. It is the same thing with AI. We need to get used to it because it’s going to become less obvious and more ubiquitous. We will be using it without realizing it, just like Wifi. We’ll reach a point where if there’s no AI it will be considered negligent.
How is the emergence of new technology like AI going to influence security at an individual, enterprise and government level?
A: We need to recognize that where it is ubiquitous and transparent, it will also become assumed. In the security world, we will need to maintain secure processes at all levels. It requires a breadth of information collection that is al already overwhelming. More data points are not going to improve security insight unless there is a congruent amount of automation, intelligence and response to process it. AI offers an expanded universe of possibilities for turning increasingly complex data stores into actionable intelligence. AI changes the game in terms of acceleration and automation.
Human beings want automation to free up our time but where we are now in the precarious position of babysitting automation. AI is not going replace people, it may displace people into more reasonable jobs and where humans need to show up is with creative problem solving and implement new solutions which AI cannot do.
How far are regional players in adopting a scalable, holistic security platform amidst new regulatory, compliance, privacy requirements globally?
A: To have comprehensive data protection, we need to bring security closer to privacy. They are related and needed. Security is about how and what we need to protect, and privacy is about why we need to protect it.
The challenges are definitely daunting, but the world has also changed to allow a company to pivot on technological implementations. GCC will be able to take advantage of improved contemporary technological adoption facilitated by cloud and edge providers, but they will have to work a lot more and lot faster than companies or countries that have already been through this cycle. Luckily, the world has stepped up to match this challenge by giving them the tools to do it.
What sectors do you see as most vulnerable? What is the threat landscape for 2023 in your view?
A: As per the cyber-attack traffic that we see today, the sectors that are most vulnerable is manufacturing, which is different from what we used to see in the past. The loss of human life will be associated with it. Ten times as many attacks are waged against the manufacturing world as any other sector.
Next is business processes and business professional services, including doctors and lawyers. Any company that has valuable personnel like doctors and lawyers and/or hold sensitive information, will be vulnerable. Retail is always high on the list and so is healthcare where the consequences could be catastrophic.
