Last week’s New York Cyber Security Summit brought together around 900 security leaders and professionals to discuss today’s top cybersecurity trends, challenges, and solutions. The excitement was running high, and thought-provoking sessions and valuable insights were exchanged at every booth. The buzz at Confidencial's booth was energizing, and the discussions we held were intellectually stimulating, to say the least.
Beyond the engaging discussions and invaluable networking, one of the event's standout features was that it gathered top security challenges from each of the individual attendees. Attendees provided candid and diverse responses, offering a sneak peek of the issues they’re grappling with and hoping to address as they head into 2025.
While some challenges were particular – such as navigating insurance decisions or balancing open-source software with security – many shared common threads. After analyzing all of the almost 900 responses, we’ve identified an apparent convergence around a few critical themes:
1) The Changing Tech, Threat, and Compliance Landscape Is Keeping Security Leaders on High Alert.
“Meeting regulatory requirements like GDPR, HIPAA, and others while maintaining data security is a continuous challenge. Ensuring compliance with an ever-changing set of global regulations can be complex.”
An overwhelming majority of attendees expressed difficulty in maintaining updated threat intelligence to anticipate new attack vectors while ensuring compliance amid changing regulations. Keeping up with audits, maintaining policies, and implementing patches can quickly become overwhelming.
A recurring concern was the threats posed by quantum computing and their impact on current encryption methods. It was evident that many are already planning to adopt large-scale post-quantum cryptography (PQC), especially since NIST recently announced its first four PQC standards.
2) Tool Sprawl Is a Problem, but Consolidation Isn’t Always Straightforward.
Across industries and roles, people are grappling with disparate tools and separate credentials, making consolidation necessary. While this would simplify processes for admins and end-users, security leaders pointed out they were trying to anticipate and prepare for the threats associated with consolidation, such as single points of failure, blind spots, vendor dependency, and more.
One of the attendees noted they would greatly appreciate single-pane-of-glass visibility but feel hesitant to let go of their multiple scanning tools, as “no single tool is perfect.”
3) Data Governance Amid Cloud Migrations and AI Adoption Tops Other Concerns.
Data security and governance in the era of cloud and AI had to be a significant concern. With cloud deployments – especially multi-cloud and hybrid setups – data could be stored anywhere, making visibility and control over all this data a common challenge. Understanding security governance across different regions adds another layer to that challenge.
On the AI front, adversarial AI, data security, and AI governance were burning issues across all booths and sessions. Security stakeholders were keen to maintain data security and governance without stifling innovation.
Confidencial’s mantra of balancing data security with usability struck a chord with attendees and visitors to our booth. There were countless insightful discussions about how our features – such as automated data discovery across clouds and selective encryption of only the most critical data – can tackle this challenge.
4) The Uphill Battle to Get Everyone to Take Cybersecurity Seriously Is Still On.
The business value of cybersecurity remains contentious. Despite growing awareness, CISOs and CSOs still need help securing business leadership's buy-in regarding cybersecurity objectives. As a result, they face a lack of resources and find it challenging to recruit and retain the talent they need to cover all bases.
On the other end of the spectrum, employees and end users face burnout from excessive controls. Attendees resonated with the sentiments of both the board and end users. They recognized that balancing data security and compliance with functionality, performance, and operational efficiency is no small task.
5) Insider Threats Remain Elusive Despite Zero Trust Architectures
A surprising number of attendees identified insider threats as their primary concern despite their Zero Trust initiatives. Issues such as poor cyber hygiene and employees circumventing security controls popped up repeatedly. Even at our booth, our unique take on the Shift Up Zero Trust paradigm, particularly for accidental data leaks and insider threats, sparked exciting conversations.
6) Securing Complex Supply Chains is a Critical Priority
“Being in the education industry, we face numerous challenges. Some of the most pressing cybersecurity concerns involve third-party vendors and vulnerability management." – NYC Cyber Security Summit 2024 attendee.
Third-party risks can be the most difficult to navigate. With high-profile incidents like the SolarWinds hack and the CrowdStrike outage fresh in mind, attendees were acutely aware of the treacherous path they’re navigating, mainly since many rely on dozens, if not hundreds, of software and SaaS applications. Our concept of data-blind SaaS also prompted numerous questions and discussions at our booth.
7) Older Tactics Hold Ground Amid Emerging Threats
In addition to these overarching themes, the responses reveal that old threats remain relevant today. Ransomware and immutable backups were frequently mentioned, as were phishing, spear-phishing, business email compromise (BEC), and payment fraud, which continue to plague employees, end-users, executives, and security teams alike. Concerns about rogue nation-state attacks, OT security challenges, IAM complexities, zero-day vulnerabilities, patch management, and IoT security also surfaced.
Security challenges seem endless. As one attendee aptly puts it: "Everything these days!"
That’s all for the latest NYC Cybersecurity Summit. Don’t forget to follow us on LinkedIn to catch us at our next event.
Comments