What are your top 3 cybersecurity priorities? And have they changed much in recent years?
So, my top three cybersecurity priorities haven't actually really changed over the years. They actually changed in content and severity but not over all. So, a major concern, of course, are we seeing enough, do we know whether we are somehow compromised or not? The second question, of course, are we protected enough to actually avoid this happening in the first place, and as a regulated entity our third thought is already around regulatory compliance because security and regulatory compliance commend each other and build upon each other but doesn't mean that if you are regulatory compliant that you're automatically as well secure.
What are the central gaps in cybersecurity that have been left unaddressed in recent years?
So overall the market overall has changed obviously quite quickly and at all times like tooling and strategies and all this, we had many of them, there were really a lot on the market, and it felt a little bit like the market is fighting more than that we are fighting the adversaries. And it's difficult to keep up with the pace. Because we know that in the meantime we are pretty much attacked by bots, by attack-as-a-service and it's hard as an enterprise to keep up with that development in the pace that this is happening.
How mature are the governance processes to ensure secure software usage in companies today?
First of all, what we see is that vulnerabilities they actually are being created in the moment software is being created, and they are detected whenever they are detected. What we are missing a little bit is a warranty for pretty much all products you have a warranty that actually it functions as designed in all this. The software and the entire IT industry has avoided any kind of cyber warranty to begin with. If you follow that thought that could actually drive to a completely different setup.
How can companies prevent attacks on their supply chains with the help of software?
Supply chain attacks is definitely latest since last year top of the list of course. Because regardless which enterprise you are in, regardless what we are doing, we are always seen as one element in the chain of an end-to-end process. So third-party, in-party cybersecurity is definitely very important. In the recent past what we have seen is that tooling which focuses on GRC (Governance, Risk, and Compliance) and all this have grown into monitoring and scanning tools and the scanning tools on the opposite side moved exactly into the GRC space. So, what we're currently seeing is a merger of third-party, in-party controls and companies who actually offer that as-a-service growing together with internal assessment of the security posture. So, I'm looking forward in probably a year or two from now that we're going to see one set of scanners in all this, we actually establish a security posture for an in-party relationship as well for the end own enterprise.
Which is the bigger factor in cybersecurity: Technology or people?
People, technology, processes and I don't want to weight them against each other. It is all around this triangle and you need to keep it up at all times, all three elements of that. And once one legs behind this becomes important and you need to actually ramp up. So not a big difference but it's still since quite a time, this is a magic triangle.
What can people expect who participate at the round table?
It is all around sharing intelligence, everybody has good ideas, everybody has really thought this term through how to deal with vulnerabilities overall, the value is being created sitting everybody on the table and exchange experience what works, what didn't work. It is all around that. And I think there's definitely some benefit behind this.