Insights
No match found
Services
No match found
Industries
No match found
People
No match found
Insights
No match found
Services
No match found
People
No match found
Industries
No match found
New
Op Ed: Top Cybersecurity Trends from RSA 2019
Cybersecurity heads and company CEOs sure had their hands full in 2018, with several major data breaches impacting businesses and their bottom lines. Marriott discovered that about 500 million Starwood accounts were compromised; hackers stole information from 100 million Quora users; 37 million Panera Bread customers had their data leaked and the list goes on.
It was no surprise then, when seven of North America’s leading cybersecurity experts got together for a BMO-sponsored panel at the 2019 RSA Conference in San Francisco in March, that the main topic of discussion was how to help clients navigate the increasingly complex, and constantly moving, world of cybersecurity. Plenty of other trends and issues were discussed by the panelists, which included Aman Raheja, BMO’s Chief Information Security Officer; Fran Rosch, CEO at ForgeRock; Michael Loria, IBM’s Security Vice President; Charan Singh, Head of Security Strategy at BMO; Derek Smith, Shape Security’s CEO; Justin Somaini, ex-SAP CSO; Deepak Jeevankumar, a Managing Director at Dell Technologies Capital; and David Eckstein, Menlo Security’s CFO.
Here are some takeaways from the event.
For BMO’s Raheja, keeping his company’s information out of the hands of hackers is, not surprisingly, his number one priority. “We don’t want any Yahoo situations,” he said, referencing the Internet company’s massive 2013 data breach that affected more than 3 billion customers.
Raheja thinks cybersecurity can be a business advantage for BMO. He’d like to incorporate technology and systems with more open architecture structures, as that would allow him to customize tools to his specific business needs. Another priority is to make BMO’s systems easier for employees to use. “We want to enhance the employee experience,” he said.
No matter the company though, executives should be of the mindset that hackers already know how to break into a company’s system. “I manage risk by assuming customer data is already compromised,” he said.
Stay on top of changing regulation
Rosch, whose company manages digital identities and helps businesses interact securely with their customers, agrees that cybersecurity can be a differentiator for businesses. However, enterprise company executives shouldn’t just look at the traditional players for their cybersecurity needs. He thinks the industry is ripe for disruption, with startups creating new security categories that don’t yet exist. “Our goal is to help our enterprise customers make identities a competitive advantage,” said Rosch.
It’s also important for people to understand that cybersecurity isn’t just about firewalls and phishing scams. For businesses to truly differentiate themselves, chief information and chief security officers must be on top of ever-changing data protection regulations. For instance, the European Union’s new General Data Protection Regulation, which looks at how people’s data is used and shared, has been a game-changer for companies. There are also rules around cloud-based data storage that need to be incorporated into any comprehensive security plan, he said.
When asked about the creation of new categories in security software, Rosch said that when it comes down to it, technology must be created first, and the categorization and marketing of the technology comes second.
Automation and the rise of the Machine
As more point solutions come to market, there is a growing desire for these various solutions to talk to each other and take action without much human intervention. What companies decide to implement, though, will depend on the business’ outcomes. “Determining client needs, whether that’s managing firewalls or if they want someone else to take over their entire security and protection process, is important,” says IBM’s Loria.
Identifying and detecting threats, while providing remediation via automation, will also give companies an advantage, as will the ability to integrate and leverage big data, he said.
“A lot of work is being done around frameworks and container technologies, said Somaini, who is also a Malwarebytes board member. “Automation in containerization still needs innovation,” he said, adding, “These technologies are still early and are being rapidly adopted. The Governance, Risk & Compliance (GRC) space is another hotbed for startups innovation.”
Simplify the security experience
Another large challenge companies face is complexity. With so many security options on the market, and with reams of regulation to consider, companies tend to create convoluted systems that can be hard to navigate. BMO’s Singh cautions executives from going down a more complicated route. Rather, customers and employees need a simplified security experience that incorporates automation to better identify and detect potential threats. One area that can be simplified is in the customer buying process, which is what Menlo Security’s Eckstein focuses on.
Businesses also need to start thinking about how they’re going to protect their data in a more open software era. For instance, in the U.K. and Australia, banks have begun sharing highly personal information, via software APIs, with third-party fintech companies. While this “open banking” structure can be beneficial to consumers who want to share their financial data with various institutions, it presents enormous security challenges. “Information sharing will be very powerful in an open era,” said Singh. “The challenge will be to avoid breaking privacy rules as data is shared in real time.”
For Smith, whose Shape Security ensures that only real people, and not hackers, are using a company’s websites and apps, the top priority is threat detection while still remaining customer-focused. “We get calls from clients like BMO when any new threat actors emerge, and our goal is to respond very quickly,” he said.
Invest in new tech
Companies should also be continuously looking at new technologies and investing in the ones that they think are right for their company. Dell Technologies Capital’s Jeevankumar said that his firm has invested in several security companies, including Netskope, a company that helps businesses protect data in cloud applications, and RedLock, which monitors cloud storage companies for security risks.
A trend that he sees in the security space is increased adoption of the hybrid cloud, which is the combination of public and private clouds. In the future, more companies will store non-sensitive information on cheaper-to-use third-party cloud servers, while keeping sensitive information on their own servers. He’s looking to invest in companies that offer both capabilities, as it’s only a matter of time before companies start moving some data back in house.
For instance, Eckstein expressed a desire to eliminate all types of malware, and thinks we’ll see an increase in email-specific security software. Somaini listed more automation and predictive analytics as a priority, while Loria thinks we’ll see full-service data solution integrations.
All the panelists admitted that cybersecurity threats aren’t going away any time soon – but through new technologies, innovations and a simplification of security, there might come a time when hackers are put out of business.
Yogesh Amle, CFA, is a Managing Director in the BMO Capital Markets Technology and Business Services Group where he leads software banking. Based in San Francisco, he has more than 20 years of corporate finance and enterprise software & systems experience advising high-growth technology companies.
The views and opinions expressed in this article are not necessarily those of BMO Financial Group or its affiliates.
Yogesh Amle is a Managing Director in the BMO Capital Markets Technology and Business Services Group where he leads software banking. Based in San Francisco, he h...
VIEW FULL PROFILE
Cybersecurity heads and company CEOs sure had their hands full in 2018, with several major data breaches impacting businesses and their bottom lines. Marriott discovered that about 500 million Starwood accounts were compromised; hackers stole information from 100 million Quora users; 37 million Panera Bread customers had their data leaked and the list goes on.
It was no surprise then, when seven of North America’s leading cybersecurity experts got together for a BMO-sponsored panel at the 2019 RSA Conference in San Francisco in March, that the main topic of discussion was how to help clients navigate the increasingly complex, and constantly moving, world of cybersecurity. Plenty of other trends and issues were discussed by the panelists, which included Aman Raheja, BMO’s Chief Information Security Officer; Fran Rosch, CEO at ForgeRock; Michael Loria, IBM’s Security Vice President; Charan Singh, Head of Security Strategy at BMO; Derek Smith, Shape Security’s CEO; Justin Somaini, ex-SAP CSO; Deepak Jeevankumar, a Managing Director at Dell Technologies Capital; and David Eckstein, Menlo Security’s CFO.
Here are some takeaways from the event.
For BMO’s Raheja, keeping his company’s information out of the hands of hackers is, not surprisingly, his number one priority. “We don’t want any Yahoo situations,” he said, referencing the Internet company’s massive 2013 data breach that affected more than 3 billion customers.
Raheja thinks cybersecurity can be a business advantage for BMO. He’d like to incorporate technology and systems with more open architecture structures, as that would allow him to customize tools to his specific business needs. Another priority is to make BMO’s systems easier for employees to use. “We want to enhance the employee experience,” he said.
No matter the company though, executives should be of the mindset that hackers already know how to break into a company’s system. “I manage risk by assuming customer data is already compromised,” he said.
Stay on top of changing regulation
Rosch, whose company manages digital identities and helps businesses interact securely with their customers, agrees that cybersecurity can be a differentiator for businesses. However, enterprise company executives shouldn’t just look at the traditional players for their cybersecurity needs. He thinks the industry is ripe for disruption, with startups creating new security categories that don’t yet exist. “Our goal is to help our enterprise customers make identities a competitive advantage,” said Rosch.
It’s also important for people to understand that cybersecurity isn’t just about firewalls and phishing scams. For businesses to truly differentiate themselves, chief information and chief security officers must be on top of ever-changing data protection regulations. For instance, the European Union’s new General Data Protection Regulation, which looks at how people’s data is used and shared, has been a game-changer for companies. There are also rules around cloud-based data storage that need to be incorporated into any comprehensive security plan, he said.
When asked about the creation of new categories in security software, Rosch said that when it comes down to it, technology must be created first, and the categorization and marketing of the technology comes second.
Automation and the rise of the Machine
As more point solutions come to market, there is a growing desire for these various solutions to talk to each other and take action without much human intervention. What companies decide to implement, though, will depend on the business’ outcomes. “Determining client needs, whether that’s managing firewalls or if they want someone else to take over their entire security and protection process, is important,” says IBM’s Loria.
Identifying and detecting threats, while providing remediation via automation, will also give companies an advantage, as will the ability to integrate and leverage big data, he said.
“A lot of work is being done around frameworks and container technologies, said Somaini, who is also a Malwarebytes board member. “Automation in containerization still needs innovation,” he said, adding, “These technologies are still early and are being rapidly adopted. The Governance, Risk & Compliance (GRC) space is another hotbed for startups innovation.”
Simplify the security experience
Another large challenge companies face is complexity. With so many security options on the market, and with reams of regulation to consider, companies tend to create convoluted systems that can be hard to navigate. BMO’s Singh cautions executives from going down a more complicated route. Rather, customers and employees need a simplified security experience that incorporates automation to better identify and detect potential threats. One area that can be simplified is in the customer buying process, which is what Menlo Security’s Eckstein focuses on.
Businesses also need to start thinking about how they’re going to protect their data in a more open software era. For instance, in the U.K. and Australia, banks have begun sharing highly personal information, via software APIs, with third-party fintech companies. While this “open banking” structure can be beneficial to consumers who want to share their financial data with various institutions, it presents enormous security challenges. “Information sharing will be very powerful in an open era,” said Singh. “The challenge will be to avoid breaking privacy rules as data is shared in real time.”
For Smith, whose Shape Security ensures that only real people, and not hackers, are using a company’s websites and apps, the top priority is threat detection while still remaining customer-focused. “We get calls from clients like BMO when any new threat actors emerge, and our goal is to respond very quickly,” he said.
Invest in new tech
Companies should also be continuously looking at new technologies and investing in the ones that they think are right for their company. Dell Technologies Capital’s Jeevankumar said that his firm has invested in several security companies, including Netskope, a company that helps businesses protect data in cloud applications, and RedLock, which monitors cloud storage companies for security risks.
A trend that he sees in the security space is increased adoption of the hybrid cloud, which is the combination of public and private clouds. In the future, more companies will store non-sensitive information on cheaper-to-use third-party cloud servers, while keeping sensitive information on their own servers. He’s looking to invest in companies that offer both capabilities, as it’s only a matter of time before companies start moving some data back in house.
For instance, Eckstein expressed a desire to eliminate all types of malware, and thinks we’ll see an increase in email-specific security software. Somaini listed more automation and predictive analytics as a priority, while Loria thinks we’ll see full-service data solution integrations.
All the panelists admitted that cybersecurity threats aren’t going away any time soon – but through new technologies, innovations and a simplification of security, there might come a time when hackers are put out of business.
Yogesh Amle, CFA, is a Managing Director in the BMO Capital Markets Technology and Business Services Group where he leads software banking. Based in San Francisco, he has more than 20 years of corporate finance and enterprise software & systems experience advising high-growth technology companies.
The views and opinions expressed in this article are not necessarily those of BMO Financial Group or its affiliates.
Yogesh Amle is a Managing Director in the BMO Capital Markets Technology and Business Services Group where he leads software banking. Based in San Francisco, he h...
VIEW FULL PROFILE