Executive teams from Sprint and Cybereason recently sponsored an on-stage chat between Sam Curry, CSO of Cybereason and Ed Amoroso, CEO of TAG Cyber at the Sprint Executive Briefing Center in New York City. The chat included two dozen senior executives from global enterprise teams. The ground rules were simple: Our experts were to openly address serious issues in cyber security with no holding-back – and they certainly did not disappoint.
Below are some of the main points that our experts made during the conversation, which included questions and pushback from attendees in the room. (To respect the privacy of those in the room, we leave their names and attributions out.) And rather than attempt to transcribe the back-and-forth of the discussion, we decided instead to select the most provocative quotes from Sam and Ed. We reproduce them below for you:
Thoughts on Ransomware
Sam Curry on Ransomware . . .
“I often hear consultants explain that enterprise teams should never pay ransomware fees, but when your critical data is unavailable and this could have serious negative consequences, perhaps even loss of life, are you really not going to pay? I think you should.”
Ed Amoroso on Ransomware . . .
“I agree that paying the fee is sometimes necessary, but it should never be repeated. It’s like that statement – Fool me once, shame on you, fool me twice, shame on me. If you are a victim of ransomware and pay the fee, then you must take appropriate steps to prevent it from happening again.”
Thoughts on CLOUD ADOPTION
Sam Curry on Cloud Adoption . . .
“This is a trend we see every day in our work with clients around the world, where fears of cloud adoption are gradually being replaced with the enthusiasm that comes with any improvement to IT and security infrastructure.”
Ed Amoroso on Cloud Adoption . . .
“There is a growing number of well-known cloud providers you can be certain are excellent at cyber security. You know the names – Microsoft, Google, Amazon, SAP, Oracle, and so on. But when dealing with smaller cloud providers, you should check credentials and ask questions.”
Thoughts on ELECTION SECURITY
Sam Curry on Election Security . . .
“Protecting elections is a difficult technical and operational problem. It doesn’t surprise me that there have been so many successful demonstrations of threats. This is a tough problem that will require the best people in positions to lead the way.”
Ed Amoroso on Election Security . . .
“Election security is certainly tough, but gosh – if we can’t secure an ‘X = X + 1’ transaction, which is really all an election is, then how do we justify controlling power plants, telecommunications, and finance?”
Thoughts on CISOs
Sam Curry on CISOs . . .
“The modern CISO has to deal with so many different issues today, that it’s a wonder they can keep up. It’s a stressful job – one where you get little or no credit when things are done properly, but where you will likely get fired if a serious breach occurs.”
Ed Amoroso on CISOs . . .
“The situation with CISOs reminds me of the avionics industry in the sixties. Jobs were so tenuous that engineers would carpool during the week, but drive their own car on Friday. When asked why, they calmly explained that engineers get fired on Fridays, so it helps to have your own car.”
For more insights and perspectives on cyber issues, join us for a live virtual panel of security leaders next Tuesday, April 15th at 10:30 AM (EDT) | 3:30 PM (BST). Ed Amoroso will be moderating to discuss how the panel is handling the shift to remote work, share their perspectives, take your questions, and help in any way we can.