CIO & CISO Think Tank

In the evolving landscape of cybersecurity, the imperative to increase transparency takes center stage, driven by new laws and regulations mandating prompt reporting of cyber breaches. A notable example is the SEC's cyber disclosure rule, necessitating companies to report incidents within 72 hours. This shift from voluntary to mandatory information-sharing not only presents challenges but also opportunities. Compliance empowers organizations to construct more comprehensive defenses and actions against cyber risks. Regulatory guardrails provide confidence, allowing companies to explore, experiment, and compete securely. To stay ahead, a tech-enabled approach embedding cybersecurity across the enterprise is crucial. Looking forward, collaboration with the C-suite, particularly the Chief Risk Officer and General Counsel, is vital. Crafting a consistent narrative, setting priorities, and adapting to new cyber risk management practices become essential. Moreover, understanding board expectations, simplifying complex cyber regulations, and extending cybersecurity measures to external reporting teams are key considerations for navigating the regulatory landscape effectively.

Bridging the gap between business and technology is not easy and requires discipline and balance between technology, people, and business. For so many organizations today, technology is the business. Technology needs to be understood as a critical enabler in every part of the organization from the front line to the back office. It creates new value by crunching data to deliver new insights, it spurs innovation, and it disrupts traditional business models.

For business and technology leaders alike, new actions and behavioral changes can help their organizations make this shift. CIOs and CISOs must take responsibility for problems, they should convey that when technology fails, many people typically share responsibility.

Quantum computing is no longer a distant threat—the transition to post-quantum cryptography (PQC) is happening now. With NIST’s announcement of standards based PQC algorithms and government mandates to transition to quantum-safe standards by 2030, organizations can no longer afford to wait. The risk is clear:  quantum computers are advancing, today’s public-key encryption algorithms will be obsolete, resulting in sensitive data being exposed unless action is taken. Security and business leaders must act now to prepare for this shift and communicate its urgency at the highest levels. 

In this session, Chris Hickman, Chief Security Officer at Keyfactor, will share expert insights on the current PQC landscape, what the new NIST standards mean for organizations, and the steps required to achieve quantum readiness. From strategic planning and risk mitigation to board-level communication, this session will provide actionable guidance to navigate the transition successfully. 

In the realm of building cyber resilience, organizations confront increased risk exposure amidst bold moves and evolving external challenges. Despite investments in technology and data, risk leaders, including CISOs, express difficulty in keeping pace with the persistent threat of cyber crises. However, in today's business landscape, discussions of digital transformation or reinvention are inseparable from considerations of cybersecurity. Looking ahead, stakeholders, from the board to frontline cybersecurity operations, pose critical questions about resiliency. This includes inquiries about the adequacy of efforts to safeguard the company and its customers in the face of cyber attacks. The focus shifts to identifying opportunities to minimize the impact on business and shareholder value through effective threat response. Embracing cybersecurity as a whole-of-business endeavor, organizations are urged to align themselves with business owners, adapting to changes in the cyber landscape and fortifying resilience against disruptions. Building confidence in the cybersecurity program becomes paramount in navigating the dynamic and challenging cyber landscape effectively.

In the context of effective cyber risk management, the challenge lies in keeping up with evolving technology, particularly during cloud or technology transformations. The adoption of threat intelligence,GenAI, the metaverse, and machine learning presents both opportunities and challenges, with a need for technology leaders to grasp the security implications. While these technologies enhance cyber risk management, they also offer efficiencies through task automation. Striking a balance between risks and rewards is crucial for gaining trust and staying competitive. Looking forward, organizations must explore innovative approaches to cyber risk management, emphasizing resilience against third-party risks. Collaboration with the leadership team is essential to take an enterprise-wide view of current and future threats, develop action plans, safeguard critical assets, and facilitate quick recovery. Early collaboration with the executive team is encouraged to integrate risk management into transformation strategies and extract maximum benefits from emerging technologies.

In the dynamic realm of artificial intelligence (AI) and machine learning (ML), CISOs play a pivotal role in leveraging these advancements for enhanced cybersecurity. Strategic integration of AI and ML is essential for bolstering security measures, optimizing decision-making, and driving innovation. CISOs must adopt a comprehensive approach, considering the entire lifecycle of these technologies to ensure both efficiency and ethical use. Establishing robust governance frameworks becomes paramount, addressing biases, ensuring transparency, and minimizing unintended consequences.

Looking ahead, as AI and ML continue to advance, CISOs face evolving challenges and regulatory considerations. Proactive engagement involves staying informed about changing regulations, particularly in areas such as data privacy and ethical AI practices. CISOs should strive for a tech-enabled understanding of AI and ML systems, encompassing deployment, impact, and security measures. This approach positions organizations to navigate the regulatory landscape effectively, ensuring responsible and competitive integration of AI and ML into cybersecurity strategies.

This session explores the pivotal role of CIOs in modernizing data to unlock its full value. In the contemporary digital landscape, data stands as a strategic asset, and CIOs are at the forefront of harnessing its potential. The abstract emphasizes the CIO's responsibility in implementing cutting-edge technologies and data management strategies that go beyond mere storage, enabling organizations to derive actionable insights. By adopting innovative approaches, such as advanced analytics, artificial intelligence, and cloud solutions, CIOs can transform data into a valuable resource, driving efficiency, innovation, and informed decision-making across the enterprise. The discussion delves into the evolving responsibilities of CIOs in leading the charge towards data modernization, ensuring organizations remain competitive and agile in an increasingly data-centric world.

Imagine a scenario where your client’s CEO joins a call—and it turns out to be a deepfake. With generative AI making fakes nearly undetectable, social engineering attacks are escalating, as seen in multimillion-dollar losses across industries. The quality, scale and complexity of these attacks are growing exponentially—leaving traditional content-based defenses struggling to keep pace.

Consider recent high-profile incidents: the sophisticated attack on MGM costing $30 million, a video-based deepfake assault on Arup's Hong Kong finance team, resulting in a $25 million loss, and impersonation schemes posing as new hires to compromise critical systems. As GenAI evolves, the challenge is clear: how do we effectively block these advanced threats from the get-go?

Leaders in mission-critical industries are beginning to assess solutions that address the prevention of AI-driven impersonation and classic social engineering scams. Let’s envision a defense framework that integrates seamlessly across all collaboration tools and communication channels—calls, video conferences, messaging, emails—providing real-time, first-encounter verification without cumbersome pre-registration, and doing so with rigorous privacy safeguards.

This session will explore what to do when content based filtering is no longer enough to protect organizations from the escalating risks posed by advanced social engineering generated threats.