Compromised credentials have been a known way for malicious actors to breach security and gain entry into the organization. But a new trend participants of SC Media’s Winners Circle saw this year is malicious hackers attacking supply chains and contractors.
Fran Rosch, CEO of Forgerock, said companies spend a lot of time training employees, but they don’t have control over the employees in their supply chain, adding that just over half of breaches were related to vendors and third parties.
(Editor's Note: This feature is part of SC Media's special 2023 SC Awards coverage. You can view the full list of winners here.)
Yubico’s Josh Cigna agreed with Rosch, adding that his company keeps an eye on CISA and NIST standards that recommend organizations not only strengthen their internal processes, but also their supply chain.
No matter what discipline of security you’re in, Brian McHenry, vice president of web applications and API security at F5, said “it all starts with a good inventory of what you have.”
Of course, no panel discussion would be complete if artificial intelligence wasn’t mentioned.
Rosch said phishing, deep fakes and impersonation attacks have become more effective in tricking people in giving up valuable information.
“I think it’s fundamentally reducing trust on the internet because you can no longer trust what you see, you can no longer trust people’s credentials and I think AI has made that so much harder for companies to protect.”
But Rosch said he also thinks companies can use AI to fight fire with fire. “AI is really shaking things up in making attacks more effective but also giving us new tools in how we protect the enterprise.”
Forgerock was named Best Identity Management Solution, while Yubico was bestowed with Best Authentication Technology. F5 took two honors this year: Best Web Application Solution and Best Security Marketing Campaign of the Year.