ICYMI: 2020 Cybersecurity Summit
In the tumultuous year of 2020, many organizations are still struggling to maintain day-to-day operations while defending themselves from advanced ransomware, zero-day threats, phishing campaigns and other IT disruptions that may cause business-threatening downtime.
The 2020 Cybersecurity Summit provided an opportunity for government and business leaders to learn about the latest threats, vulnerabilities and consequences related to data security and privacy matters, as well as the available resources, products and services to help protect your intellectual property and customer data and build cyber resiliency.
 |
 |
 |
OPENING REMARKS FROM ARIZONA COMMERCE AUTHORITY
Kicking off the 2020 Cybersecurity Summit, Arizona Commerce Authority Chief Innovation Officer Brian Sherman delivered opening remarks on behalf of CEO Sandra Watson and its board of directors. As businesses moved to a remote work environment earlier this year, Arizona was well-positioned to transition to the digital space safely, thanks to its established success as a national leader in cybersecurity. Taking the lead in Arizona’s cyber-preparedness is Gov. Doug Ducey, who has made it a top priority for Arizona. Additionally, Sherman shared insight on the launch of Arizona’s cybersecurity team in 2018 led by Ducey and a diverse set of leaders from both the public and private sector.
[embedyt] https://www.youtube.com/watch?v=CNKTV7tf-xA[/embedyt]
OPENING PRESENTATION: PRACTICAL RISK MANAGEMENT
When it comes to protecting your company’s data, infrastructure and networks, helping key executives and leaders understand the risk of doing business and the real scenarios for decision-makers is of the utmost importance. While company executives talk about risk all the time, justifying the cost of data security to effectively mitigate against cyber threats and vulnerabilities is not always top of mind. Moderated by cStor Chief Cybersecurity Strategist Andrew Roberts, Acronis Cybersecurity Analyst Topher Tebow and Alagen Security Consultant Thomas LeNeave discussed the role that cybersecurity frameworks play in risk management, how companies can effectively benchmark against industry competitors, what threats should companies be prepared for, as well as how to manage expectations to reduce risk for your organization.
KEYNOTE PRESENTATION
From Compliance to Security: An Engaging Journey to Adopting a Zero-Trust Architecture
Many organizations are stuck in a compliance based approach to cyber. These organizations need to consider a movement towards a risk based approach, which lays the foundation for eventually getting to that much-talked-about zero-trust architecture.
In this engaging keynote presentation, John Evans, Former Chief Information Security Officer (CISO) for the State of Maryland and current Chief Technology Adviser (CTA) of World Wide Technology, took attendees on a journey that explored real-time visibility, threat correlation and other requirements prior to adopting a zero-trust architecture.
In his keynote, Evans stressed the importance of a compliance-based approach to cybersecurity and some of the related issues with that approach.
“Zero trust is not just a widget to install in your environment,” Evans said. “It’s as much an art as it is a science for a true risk-based approach. High-level thought leadership is needed to make the transition. It’s not insurmountable.”
Evans also shared his tested strategic roadmap for a successful journey to zero-trust framework, as well as what scares the hell out of him.
“The amount of data we have flowing is exponentially growing, and that’s not going to stop,” Evans said. “You have to realize that bad actors who have already found a way into your network once will get in again. Organizations should focus on how to limit damage and operate through an attack with a multifaceted, layered-onion approach.”
SPOTLIGHT EXCHANGES
Cybersecurity Litigation Case Study and “Gotchas” in Cybersecurity Insurance Policies
According to Polsinelli Shareholder Jonathan Brinson, 78% of risk managers now purchase some form of cyber insurance, which are mostly stand-alone policies that are not tied into other organizational insurance policies, unfortunately.
“Cybersecurity insurance is a fairly new product,” Brinson said. “You can’t treat them as binary…they don’t have on or off buttons. Company executives need to be directly looking at their organization’s risk analysis.”
Brinson shared the big gotchas that company execs should be aware of regarding cybersecurity insurance policies:
– Pay attention to retroactive dates. Many times, companies find out they’ve been breached is months after the fact.
– Eroding policy limits. If you get sued, that will go against your policy deductible.
– Look at the allocation amounts in your cybersecurity policy.
– The prevalence of sub-limits are in a lot of policies, giving a false sense of coverage you thought you had.
– Pay attention to the details and the fine print.
– Be cognizant of the company names on policies. If sister companies are not named in the policy, they are not covered.
Aligning Risk Management with the Budget (aka Risk Appetite)
In this informative session, Grand Canyon Education CISO Mike Manrod and ACTRA CEO Frank Grimmelmann discussed how to translate risk appetite into a successful security strategy, how to quantify cybersecurity success with your organization’s senior executives, and provided useful advice to security teams on tight budgets to guard against the cyber risks we’re facing today.
Practical Cybersecurity Issues Faced by Governmental Bodies
Like many organizations in early 2020, Pima County leadership was not prepared for the disruption of a pandemic to day-to-day business. In this informative session, Pima County CIO Dan Hunt shared the obstacles and challenges to secure devices and network with a remote workforce, as well as discussed the importance of implementing continuity plans.
Practical Cybersecurity Issues Faced by Nonprofits
The 2020 pandemic proved that organizations of all sizes across every industry sector were effected…even nonprofits.
“There’s a notion that nonprofits don’t get hacked,” said Make-a-Wish CIO Bipin Jayaraj. “That’s a big misnomer.”
Jayaraj added, “Nonprofits are a soft target. It’s imperative to keep in mind our mission while also protecting our data.”