Fortinet Summit 2024: Experts Discuss Cyber Trends, Risks, & Diversity

Cybersecurity is a shifting landscape that frequently sees emerging technologies coming in to disrupt the status quo and change the way we approach security. Whether that’s AI or quantum computing, these technologies can advance cybersecurity to new heights but also can provide threat actors with new means to coordinate and execute breaches.

In addition to emerging technologies, regulations and data privacy play key roles in cybersecurity that organizations must continuously consider. During Fortinet’s Cybersecurity Summit 2024, a panel of experts from differing organizations discussed the various aspects of cybersecurity and digital transformation.

In addition to discussing the advancements and challenges in cybersecurity, the panel also touched on the importance of hybrid work models, the need for diverse representation in cybersecurity, and the challenges of maintaining security in a decentralized environment.

Cyber risks and compliance in various industries

One of the biggest hurdles regarding cybersecurity can appear through the merger and acquisition process. Due diligence is required to ensure cyber posture remains strong, as companies can have their own respective policies or strategies around cybersecurity.

“We do use a wide variety of tools that are out there and we try to do external scans to get as good of a picture as we can before we acquire those companies,” said CEO of Constellation Software Ka-On Tong, when discussing his company’s acquisition process. “But sometimes you don’t know what you don’t know until you get the organization.”

Tong’s company acquires close to 100 companies a year and continues to grow. With around 2,000 companies worldwide, Constellation Software relies on in-depth assessments of the security posture as part of the due diligence process.

The healthcare industry must consider various cybersecurity, regulatory, and data privacy hurdles. Kevin Watkins, director of cybersecurity at TELUS Health, said that they aim to balance regulations, innovation, and customer needs through a robust framework.

“There’s a lot of scope for really putting automating, digitizing, and using AI across healthcare, but we need to do so against the backdrop of those regulations,” Watkins said during the panel. “Within TELUS Health, we’re trying to balance that. We have a very robust data privacy AI framework which looks at the intent of the concept. What are you trying to do with the data? Does it meet the requirements for accountability? And we take everything through that at a very early stage, but in the background.”

AI, quantum computing, and fusion centers

According to Watkins, TELUS Health has a team of AI experts to keep pace with emerging technology specifically within security use cases. However, it takes a level of responsibility when utilizing the technology to ensure customers’ data is protected and maintained.

“I think we’re in the Victorian era of AI. In the Victorian era, no solution was good unless it involved the steam train. Now, no solution is good unless it involves AI,” said Watkins “The challenge that we have across security and healthcare is: how do we use it? We don’t want practitioners becoming overly dependent on AI because it’s still the practitioner who’s accountable.”

Along with AI, quantum computing is another advanced technology that has invaded the cybersecurity space– both as a resource and as a possible threat.

There are a number of potential benefits to using quantum computing, including solving complex problems and supply chain optimization. However, the threats, including those to encryption and dark web attacks, can be significant to an organization.

“There’s a real threat that is happening right now and that’s called ‘harvest now, decrypt later,’” Atty Mashatan, Head of Rogers School of Business explained. “Attackers are sitting on a vast volume of encrypted data just waiting for the opportune time that they can break it and much of that data may be obsolete, but if it’s customer data, health data, financial data, social security numbers, we want them to be kept confidential for the life of the entity that owns it.”

Mashatan explained that with advancements in quantum computing over the next few years, threat actors will be able to decrypt that information and have access to it. And that it might already be too late for some of that data.

Lastly, fusion centers are a combination of pillars that typically would be very siloed to each other and bring the data between them together to improve the visibility of incidents that are occurring across these siloes.

“Essentially, a fusion center is a combination of pillars that typically would be very siloed to each other. In banking, which is the industry that I work in, you have your fraud department, corporate security, and cyber functions,” explained Elena Carroll, Director, Information Security, at DAVIES WARD PHILLIPS & VINEBERG, during the panel discussion. “And fusion centers seek to bring the data between all of those groups together and kind of unify that so you can actually have good visibility of incidents that are occurring across all three.

 “You typically don’t have a fraud incident that also doesn’t impact cybersecurity anymore, especially as fraud techniques evolve, so having that visibility across is very critical.”

Diversity in cybersecurity

Traditionally, cybersecurity draws from non-diverse fields, leading to the underrepresentation of women and minorities in this field. This stagnation can lead to a small pool of cybersecurity professionals.

According to Mashatan, we’re not just seeing a glass ceiling with the cybersecurity profession but a sticky floor.

“We’re not looking at the entry level because there’s a lot of companies that are doing great work in recruitment to hire more diverse talent and that’s great,” Mashatan said. “Now, it’s time to move on and look at the board, look at the C-suite, and ask why those are not diverse?”

The sticky floor that Mashatan refers to is that while underrepresented groups are being included in the cybersecurity field, they’re unable to advance and get passed over for promotion, creating a pipeline issue.

Carroll recommends that those looking to continue an upward trajectory find people internally and externally who will advocate for them and push them out of their comfort zone.

“My biggest piece of advice is just to really make space for yourself, identify those mentors, and find people who will advocate for you and push you into some of those roles and push you to do things that you’re not comfortable with,” Carroll said. “I see so many women who are totally qualified and they’re doing amazing work, and they’re being recognized for that work, but they’re not necessarily comfortable in doing the uncomfortable piece about pushing themselves up and maybe having those conversations and asking for those roles as well.”

Fortinet’s Cybersecurity Summit served as a significant platform for experts around the channel to discuss cybersecurity best practices and solutions. Discover more about global cybersecurity challenges discussed at the event and their impact on the future of business.