Most security testing today is purely tactical - we find vulnerabilities and sometimes fix them. We use this process to satisfy compliance requirements and report point-in-time status to regulators, but we rarely learn anything about our overall security posture and use that information to change our strategy and priorities. Strategic, transformational security testing is the solution.

Strategic security testing starts with aligning the testing program to the risk profile of systems and applications. New comprehensive, adversarial pentesting approaches allow business units to innovate at speed and with confidence.

Strategic security testing can also use aggregated data from individual penetration tests to reveal the root cause of persistent weaknesses in security posture due to broken processes and overwhelmed staff. Security and IT management use that data to invest in training and solutions that are specifically targeted at organizational deficiencies. Moreover, a strategic security testing program will track improvements in overall security posture over time so those improvements can be communicated to senior leadership and the board.

Forrester Artificial intelligence (AI) is catching a lot of headlines recently. Large language models (LLMs) like OpenAI’s ChatGPT, Microsoft’s Bing Chat and Google’s Bard AI keep surprising us with their unique language-processing capabilities.

It seems like these projects keep getting better with each passing day, and the fact that anyone can have access to them is a great thing. However, this also brings very concerning threats.

Since everyone has access to these tools, nothing is stopping cyber criminals from utilizing AI’s advanced capabilities to their benefit.

Knowing where and how criminals conduct business allows organizations to monitor and analyze much of their activity, and this information helps defenders assess their organization's risk more accurately and protect themselves against attack.

88% of security breaches have human error at their core, according to research from Stanford University. The human being in the attack chain is seen as an easy, low-hanging no-hack option, to infiltrate a network and carry out a destructive and often financially lucrative cyber-attack.

The challenge is to ensure that anyone who interacts with the digital realm understands how cybersecurity works. The problem then stems from the ‘plug-and-play’ view of technology, instilled in human behavior as digital technology has evolved over the decades. Cybersecurity behavior is then seen as a ‘blocker’, something that adds an extra burden on the human user. Enter Cyberpsychology! The basis of the discipline is to develop human-oriented systems for a given type of technological area. Cyberpsychology applies to home, work and work from anywhere environments.

The modern attack surface is ever-expanding. Organizations are finding it increasingly difficult to keep up with the incredible scale of changes in their IT environment, while the expansion of cloud adoption has enabled businesses to move faster than ever before. However, this also implies that the attack surface is available to attackers and cybercriminals. For global organizations, there is a continuous risk of shadow IT introduction.

Discovering how to adapt to evolving business needs, complex technology landscapes and expanding attack surfaces is extremely important in the current scenario. In the context of expanding attack surfaces, how can organizations strike a balance between innovation and security?

Hackers are leveraging artificial intelligence and machine learning to add an additional layer of sophistication to their attacks, which means organizations need to move beyond the traditional and into the extraordinary when it comes to defending themselves. This includes investing in technologies such as threat detection and response, encryption, and multifactor authentication. But the question is "How can artificial intelligence help cybersecurity strategy today?”

How can organizations strike the right balance between AI automation and human expertise in cybersecurity operations? What are the key decision points for determining when human intervention is necessary?

Irrespective of whether employees are working remotely, in the office, or hybrid, global leaders need to continue to create a culture of collaboration and innovation. Generative AI platforms such as Chat GPT have the potential to revolutionize the world of programming by automating repetitive tasks, improving code quality, and increasing productivity. However, technology also presents challenges, including data privacy, model bias, lack of creativity, and technical difficulties. How can organizations embrace such tools whilst navigating potential risks? Are we faced with limitless possibilities here, or limitless risk?

During this session, two industry leaders will debate the transformative potential and the risks that come with Next-Gen Technology, particularly generative AI, in shaping the future of work.

Security teams spend years trying to roll out products, as data security solutions like DLP, WAF, DSPM, API Sec, etc must deal with an ever changing attack surface and evolving threats. These solutions focus teams on the symptoms as opposed to the root cause: the underlying data stores lacking the right protective controls. In this talk, Solomon will share his experience running security programs that focus on protecting the underlying data stores to achieve extremely high RoI and agility.