A SecurityWeek Event

A VIRTUAL EVENT FOR 2023

An Exclusive Forum For
Information Security Leaders

June 13-14th, 2023

2023 Diamond Sponsor

https://www.cisoforum.com/wp-content/uploads/2020/09/Palo_Alto-Networks-logo.png

2023 Platinum Sponsors

https://www.cisoforum.com/wp-content/uploads/2023/05/Abnormal-logo-black.png
https://www.cisoforum.com/wp-content/uploads/2023/05/CardinalOps_Logo.png

2023 Gold Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/ReversingLabs_logo.png

ReversingLabs

https://www.cisoforum.com/wp-content/uploads/2023/05/Uptycs-Logo-1-320x95.png

Proofpoint

https://www.cisoforum.com/wp-content/uploads/2023/05/Lacework-Logo-320x53.png

Eclypsium

https://www.cisoforum.com/wp-content/uploads/2023/05/Saviynt-Logo.png

Synopsys

2023 Featured Speakers

Adam Ely

Adam Ely

Fidelity
CISO

Shaun Marion

Shaun Marion

McDonald’s
VP, CISO

Kathy Wang

Kathy Wang

Discord
CSO

Lena Smart

Lena Smart

MongoDB
CISO

Jason Shockey

Jason Shockey

Cenlar FSB
SVP, CISO

Igor Varnava

Igor Varnava

Five9
SVP, CISO

Brian Markham

Brian Markham

EAB
CISO

Chris Castaldo

Chris Castaldo

Crossbean
CISO

Michael Piacente

Michael Piacente

Hitch Partners
Managing Partner

Evan Wolff

Evan Wolff

Crowell & Moring
Partner

Evan Wolff

Jonathan Jaffe

Lemondade
CISO

2023 Agenda is Coming Soon

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event.

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.


An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Previous CISO Forum Speakers

Adrian Stone

Adrian Stone

Peloton
VP, CISO

Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

Mastercard
VP, Security Engineering

Caleb Sima

Caleb Sima

Robinhood
CISO

Allan Friedman

Allan Friedman

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI
CISO/CIO

Fredrick Lee

Fredrick ‘Flee’ Lee

Gusto
Chief Security Officer

Shaila Shankar

Shaila Shankar

Cisco
SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe

Lemonade
CISO

Aanchal Gupta

Aanchal Gupta

Microsoft
VP, Azure Security

Lena Smart

Lena Smart

MongoDB
CISO

Sounil Yu

Sounil Yu

JupiterOne
CISO

Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert

Industry is Not Ready IIoT Attacks That Have Already Begun

05/30/2019 0

(Kevin Townsend – SecurityWeek) – Industrial Internet of Things (IIoT) is an essential part of business transformation and the Industry 4.0 revolution. Its use is burgeoning, with more than 7 billion devices in use worldwide. This is expected to grow to more 20 billion by 2025 — and does not include phones, tablets or laptops. It is a journey just beginning, and nobody yet knows the destination or route.

Cybersecurity complications are expected, but the most common perception is that so far this has been limited to the rise of massive DDoS botnets able to deliver huge attacks — like Mirai — from thousands of compromised IoT devices. A new survey now shows that direct cyber-attacks against IIoT have already started, and that DDoS is not a primary concern to security teams.

The survey, conducted by Vanson Bourne for Irdeto, questioned 700 security decision makers across Connected Health, Connected Transport and Connected Manufacturing, and the IT and technology firms that manufacture devices. Data was gathered in March and April 2019 from China, Germany, Japan, the UK and the U.S.

Eighty percent of these organizations experienced a cyber-attack against their IoT over the last 12 months. The highest rate was in the UK at 86% (three other regions had attacks against more than 80% of respondents), with Japan at the relatively low 60%. Within the industry verticals examined, 82% of healthcare organizations, 79% of manufacturing and production organizations, and 77% of connected transport organizations have experienced an attack.

While attacks against IIoT have already started, organizations have little confidence in the immediate future. Globally, 83% of organizations are concerned about their IoT systems suffering a future cyber-attack (with 32% being ‘very’ concerned). Concern is highest in the UK (91%), with the U.S. at 87%. Japan and China show the least concern at 76% and 77% respectively.

Coupled with these concerns, there is little confidence in the existing device security. Globally, 33% of user organizations believe that device security could be improved to a great extent. Only 2% felt that security could not be improved. Even among the IoT manufacturers, there is little confidence. Forty-one percent of the IoT device manufacturers feel their own device security could be improved to a great extent. This was highest in Germany (49%) and lowest in Japan (32%).

The degree of concern differs between the verticals. Connected transport is most concerned about compromised customer data (35%) followed by loss of customers and operational downtime (both at 15%). Healthcare is most concerned about compromised customer data (39%) followed by compromised end-user safety (20%). Manufacturing and production is primarily concerned with compromised end-user safety (21%) followed by operational downtime (19%).

None of these figures are surprising given the nature of the verticals — except, perhaps, that healthcare is more worried about loss of data than end-user safety (presumably patients). This may reflect the success and effect of HIPAA.

The average cost of an IoT security incident has been relatively low in cyber breach terms — just $330,602. It is highest in connected transport, and lowest in manufacturing and production. This surprises Irdeto. “Itís possible that these organizations may not be taking into account all of the costs associated with a cyberattack, including lost business, costs to correct any vulnerabilities that led to the attack, etc,” it writes. “It is also possible that with IoT proliferation in these industries being in its relative infancy, the current cost of cyberattacks on these devices is not as catastrophic as in other parts of the business. However, if this is the case, the costs will surely skyrocket as IoT devices become more abundant and connectivity continues to increase throughout the business.”

It is fair to say that as IoT becomes more deeply embedded in manufacturing — especially in the operational side — the cost of a serious attack could increase dramatically. When a variant of WannaCry got into the OT network of the Taiwanese TSMC chip fabricator in 2018, it resulted in costs of around $170 million.

The Irdeto survey demonstrates that direct cyber-attacks against IIoT have already started, and that industry is not yet well prepared. In fact, Irdeto found only one promising response: 99% of the respondents agree that a security solution should be an enabler of new business models, and not just a cost. It took IT security many years to come to the same position. It demonstrates, says Irdeto, that “The previous mindset of security as an afterthought is changing, and one of the most promising results of the study found that today’s organizations are thinking even more strategically about security.”


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe for Event News