Mind the Tech NY 2022
"In cyber defense, people are the weakest link - resources should be invested there"
This is what Jim Rutt, CIO/CISO at Dana Foundation, said in a panel on the state and future of corporate information security, held as part of the Mind the Tech conference in New York
"When it comes to cyber defense, people are the weakest link. Today there are technological tools that make it possible to educate and prepare them more than before, and there is room to invest there," said Jim Rutt, CIO/CISO at Dana Foundation at a roundtable focused on the state and future of corporate information security, held as part of the Mind the Tech conference in New York. The roundtable was moderated by Yaron Elad, Managing Partner and CEO of Elron Ventures, and Shay Michel, managing partner at Merlin Ventures.
"In terms of the macro environment, educating people is one area that has blatantly not been touched," Rutt continued. "It doesn't cost a lot of money but requires a lot of time. After years of making an effort to explain to directors how we prevent people from clicking on phishing links, I understand that it is necessary to understand where each board member is coming from and to personalize the information about what the cyber security team does in the organization. It is not clear that we are a profit-making unit, so I use different risk models. It will not always match what the board expects, most directors have a background as investors."
Christian Schnedler, CIO at WestCap said: "We have 40 companies in our portfolio. When you think about changes in the workforce, they have all moved to a hybrid employment model. We try to work with them on cost optimization, and a lot of budget cuts come from moving to a hybrid work model. When you think about education and how people are taught to work in a non-secure environment, which could be a home, a cafe or a hotel lobby, it requires them to understand security considerations more and it is necessary to allocate resources to work in an environment that has zero trust. Everyone brings their own devices, switches between devices at a high rate, we ask organizations to make budget conscious decisions, but the only place we want to see a reduction in spending around security is in intelligence. It is possible to bring together 20 or 30 entities and jointly acquire information on possible risks. No one is doing less than before, but rather concentrating on what they are doing today."
According to Seth Spergel, Managing Partner at Merlin Ventures: "Today there is a significant fear of supply chain attacks. A while ago this was an area that people did not look at, but after recent attacks it is creating a lot of interest. This will make software much more secure. In addition, there is a lot of talk about how you can't increase the manpower, but you can't decrease the budget either. You have to ask yourself how to combine tools and what can be done to get the same efficiency from existing products. I don't want separate products for every need, but to have one solution that meets all of them. It makes life easier, you don't need many people to manage different things and it prevents things from falling through the cracks."
Leon Lerman, founder and CEO of Cynerio, addressed the labor shortage and layoffs and said: "Speaking of startups, last year was like a party, entrepreneurs raised a lot of money at high valuations and spent a lot of money on recruiting people. Now we are seeing a correction, and companies that expanded aggressively are also correcting aggressively. But there are companies that took the money in 2021 and invested it in stable growth, and in these cases you see fewer layoffs. From our experience in the U.S., Israel and London, the demand for good people, the top-tier players, still exists. It is difficult to recruit them. Those who are fired are not necessarily the best quality, but if they are in cyber, they find a new home very quickly."
Boris Gorin, CEO of Canonic Security, agreed: “Quality talent is always in short supply, our clients are looking for people with the right skills. There is a shortage of people."
Mitchell Kleinhandler, Managing Partner at Differential Ventures, said: "One of the cyber companies we invest in has difficulty finding salespeople, and they rely more on external marketers and intermediaries. But this requires a lot of time from a cyber company, because they have to make sure that the people who sell for them are trained and skilled. Companies need to hire the best sales people they can and sell the products themselves. From a corporate perspective, many CIOs don't have a strategy for three or four years forward, and the board is not interested in such a strategy either. It makes it difficult for CIOs to work."
Roi Karo, Chief Risk and Strategy Officer at Fireblocks said: "Blockchain technologies are no longer only used for trading and profits. We are seeing more and more uses from other worlds: payments, institutions that tokenize assets such as securities, currencies and even real estate, and all the web3 worlds, which also include real uses that are starting to change the world. Because of this, everyone involved in cyber defense needs to learn the new technologies, to understand how they affect their organization and in what sense they are at risk as a result of exposure to a third party."
Elad himself said: "In the growth environment we were in in 2020 and 2021, businesses grew and budgets grew, the corporate workforce that dealt with cyber defense grew and everything was perfect, today the dynamics are different, things are changing. IT expenses are decreasing and so are security expenses. , As a result, information security managers need to think about cost structures and develop efficiency metrics that will justify purchases of security products."