Mastercard is a technology company in the global payments industry which operates the world’s fastest payments processing network, connecting consumers, financial institutions, merchants, governments and businesses in more than 210 countries and territories. Mastercard’s products and solutions make everyday commerce activities – such as shopping, traveling, running a business and managing finances – easier, more efficient and secure for everyone.
As Mastercard’s Executive Vice President and CISO, Ron Green is responsible for upholding that mission. In this podcast, Green, a security visionary responsible for both cyber and physical security, speaks with David Cass, Global Partner, Cloud Security and FSS CISO at IBM, about what Mastercard is doing to ensure the promise of security not only today but in the future. Green talks about new technologies and processes, what keeps him up at night, and he provides recommendations to his peers.
Nikolay Chernavsky, SVP & CISO Financial Services
Hardly a week goes by without a major cyber security event affecting millions of users – and the financial industry is particularly vulnerable.
The 2017 Verizon Data Breach Investigations Report identified “Insider and Privilege Misuse” as a major incident pattern resulting in confirmed data breaches. According to Verizon, 62% of all breaches featured hacking, and of those, 81% leveraged stolen and/or weak passwords—giving the attacker the same privileges as a trusted insider.
While many tools have been developed to address Least Privilege issues on Windows-based systems, Linux/Unix systems were largely neglected. Unix/Linux systems are serving critical roles for many financial organizations, from storing highly sensitive information to processing millions of transactions between institutions. Being able to tightly control access to these systems is a critical security need.
This webinar will provide CISOs in financial services and other sectors:
Daniel Conroy never expected to be a CISO. He never expected to be in America. He was a rugby playing, triathlon-competing lad from Ireland, who came to the United States for a brief stint with a semiconductor company, using his background as an electrical engineer. Seventeen years later, Daniel, his wife and children are living in Stamford, Connecticut where he is a much sought after CISO in the industry.
The Triathlon of Cyber Security
As his background in rugby and triathlons attest (he took up triathlons because they were easier on his knees), Conroy is fiercely competitive. As a CISO, he realizes that his opponents are trained well-funded and well-connected cyber criminals – and that’s an understatement.
Conroy’s past harkens back to the days when information security, or the more archaic term “computer security,” was part of a job function, and not its own function. “Back then,” Conroy said, “using a Super Bowl analogy, it was 11 defenders facing 11 attackers. Things have changed. It’s still 11defenders but now they have to face the entire stadium. Our approach to security has had to change.” Conroy said.
By David Sheidlower
Security professionals feel no great joy in being right about patching. The past two months have been a period of “I told you so” moments for anyone who has ever had to have the conversation with a sys admin about the importance of patching. (It’s been a long time for me but the memory lingers.)
Still security professionals care more about being safe than being right so, as I say, there’s no great joy. But, now that we’ve had two months of ugly exploits that were very much enabled by unpatched systems and everyone appears to be paying attention, we should take a few moments to review the excuses we’ve heard for why it was not important to patch.
CISOs award Verodin third consecutive win, noting its innovation and importance to the industry
Security Current, the premier information and collaboration community by CISOs for CISOs, selected Verodin as the winner of its Security Shark Tank Palo Alto competition. The event brought security solution providers face-to-face with potential security buyers.
“The Verodin solution addresses a key industry challenge of identifying the effectiveness of our cybersecurity tools,” said Matt Hollcraft, Maxim Integrated Chief Cyber Risk Officer. “Verodin’s innovative approach stands out for its potential value to the industry. Congratulations on winning three Security Shark Tanks in a row.”
Participating vendors were given 15 minutes each to pitch their solution in a rapid-fire question and answer format to a panel of information security executives interested in innovative technologies. The executives scored each vendor based on innovation and vision, ease of use and implementation, value to the industry, and the presenter’s ability to clearly and effectively articulate their solution’s value.
GoPro CISO Todd Barnum served as the event host and moderator of the panel.
The panel included:
Alameda Alliance for Health CISO Scott J. Wright
CalPERS Privacy Officer Tom McCreary
Contra Costa County Health Services CISO Patrick Wilson
DocuSign Senior Director of Security Engineering John Heasman
Federal Home Loan Bank AVP of Information Security Van Nguyen
GE Digital Senior Director of Cyber Security Al Ghous
Hitachi Vantara VP and CISO Chris Jacquet
Maxim Integrated Chief Cyber Risk Officer Matt Hollcraft
Maxim Integrated Chief Information Officer Walter Curd
Ross Stores Chief Security Architect (CSA) BG Badriprasad
Samsung Semiconductor CISO Jay Gonzales
Square Security Engineer Neal Harris
Visa CSA Bill Yue Chen
Whisker Labs CISO Anshu Gupta
“It was my pleasure to host the Security Shark Tank Palo Alto event,” said Todd Barnum, GoPro, Inc. CISO. “The fast-paced interaction between the CISOs and the security solution vendors created a great platform to learn new ways to protect the enterprise. Security Current, the event sponsor, has a winning format making the event educational and enjoyable for everyone in attendance.”
Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.
Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.
A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower
Feris Rifai Speaks with CISO David Cass
CISOs are increasingly looking to User Behavior Analytics (UBA) as a key security tool to help combat threats by identifying anomalous behavior.
According to the report, CISOs Investigate: UBA, authored by more than a dozen CISOs, by quickly providing actionable intelligence, UBA enables them to potentially reduce loss to their organizations by identifying and thwarting attacks earlier.
Feris Rifai, CEO of Bay Dynamics, a provider of analytics and UBA solutions, says CISOs are realizing that to effectively protect their organization they need to add a UBA component to their security arsenal.
In this sponsored podcast, Rifai and David Cass, the Global Partner, Cloud Security and FSS CISO at IBM, discuss what UBA offers and how it is helping organizations across industries.
By Daniel Conroy
Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.
There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.