Rani Lofstrom, Director of Security Incubations at Microsoft
“Passwordless authenticators will keep you safer
and improve productivity”
“You are only as strong as your weakest link. And if your weakest link is anything
like my mother, then you had better update your password security. Stat. Or better yet, get rid of
passwords altogether. Password management is frustrating and time-consuming for busy employees. Moving
to a passwordless authenticator will increase productivity by taking password policies and reset sup
Stephanie Scere, Cyber Security & Compliance
Manager
at CountryMark
“IT and OT are not the same and should have different
plans of protection”
“Stay vigilant on what you already know and actively train your users. Business email
compromise attack losses totaled nearly $2.4 billion in 2021 according to the FBI's Internet Crime
Complaint Center. The emails are more sophisticated than in previous years and training your users on a
regular basis is crucial to them not falling victim to one of these emails. Phishing campaigns also
opens a line of
Oren Helman, Senior Vice President - service,
marketing &
regulation at IEC - Israel Electric Corporation
“Always confirm that the link contains the exact domain
name of the sender”
“As an organization that serves around 3 million customers in multiple digital
channels, it is important for us to ensure all links we send to our customers are associated with the
IEC (Israel Electric Corporation) domain and never use short URLs.
In light of the increasing phishing campaigns, pay extra attention to links that
Jeff Cornwell, Head of Networking and Security
Business,
Commercial Marketplace at Microsoft
“Tap into your existing cloud spend via cloud marketplaces
to stretch your
cybersecurity dollar”
“With businesses deploying an increasing number of cybersecurity solutions,
sometimes a dozen or more concurrently, cloud marketplaces can help organizations simplify procurement,
management, and time-to-productivity. Tap into your existing cloud spend via cloud marketplaces to
stretch your cybersecuri
Oren Eytan, Co-Founder & CEO at odix
“Migrating to the cloud? Congratulation, but you’d better
not rest on the
provider’s laurels”
“Migrating to the cloud? Congratulation, but you’d better not rest on the provider’s
laurels. Many organizations falsely expect that once their data roamed to the cloud, all their security
concerns as well as compliance issues will be addressed by the cloud vendor. In reality, no cloud
provider provides entirely comprehensive protection to organizations. In the best case, this is a shared
res
Sean Katz, Product Manager at Lava Networks
“In the Web3 space, decentralization doesn't automatically
solve all
cybersecurity vulnerabilities”
“in the Web3 space, it's important to understand that decentralization doesn't
automatically solve all cybersecurity vulnerabilities. While centralized systems may have a single point
of failure, decentralized systems have multiple points of vulnerability that need to be secured. Instead
of focusing on a single point of failure, consider the concept of a "single point of compromise." In
Web3, the weak
Jen Stone, Principal Security Analyst and Podcast Host at SecurityMetrics
“A Risk assessment will help to close security gaps
more quickly and
effectively”
“Start with a risk assessment. If you implement security controls without
understanding threats and vulnerabilities specific to your environment, you may spend time and money on
things that don't improve your security stance. A risk assessment will help you target the right areas
to close security gaps more quick
Stefanie Drysdale, VP of Cyber at Prescient
“Waiting until the worst has happened isn't the time
to be searching for
guidance”
“Prevention is the goal -- Knowing what data you're intentionally or unintentionally
sharing, both personally and professionally as an organization, and creating a secure environment for
it.
But more often, in the event of a compromise or breach, you have to have trusted processes and resources
for helping you sort through the forensics, following the data, and recovering quickly.
Matt Lee, Sr. Director of security and compliance at Pax8
“Get business units and the respective business leaders
on board or any
security strategy will fail!”
“Make sure your business units know how security empowers their world, and ensure
that you know that you have those executives' buy-in. So many security programs go wrong because the
security efforts are not in support of business outcomes, and the lack of executive buy-in results in
people working around the controls you put in place and the systems you depend on to identify, protect, dete
Jonathan Clark, Co-Founder & CTO at Hexa
“E-Commerce vendors should be cyber-aware all year
round, but especially
during
the holiday shopping season”
“E-Commerce vendors should be cyber-aware all year round, but especially during the
holiday shopping season. Within a few prevention methods, vendors can ensure their platform as well as
their users are cyber protected.
Invest in regular infrastructure stress-test and deployment tools against
Distributed Denial of
Service (DDoS) attacks. Ensure those tools are applied across
Erez Nissim, Executive Vice President R&D at Playtika and Entrepreneur
“Implement security measures throughout the entire
development lifecycle to
reduce the risk of cyber threats”
“Integrating security measures during the entire development lifecycle, will keep
your cloud configuration honest and your production environment clean of threa
Ryan Williams, Cyber Security Engineer at Waterstons Australia
“Every action adds context to your digital double”
“Every post, click, comment and pic add context to your digital double.Unlike your
footprints on the beach, your digital footprint will never be erased by the tide.”
Alexandre Blanc, Strategical and Security Advisor at VARS
“Individuals trust you with their data. Don't betray them by
storing
unencrypted data in the cloud”
“In 2023 We’ll keep witnessing two worlds colliding with each other; cloud, and
on-prem.As the cloud is constantly leaking, due to many cases of abuse (i.e. misconfiguration, account
takeover, insider threat, etc.), and on-prem environments suffer from a growing amount of ransomware,
organizations shou
Shaun St.Hill, CEO at Tech & Main
“Use the experts you’re already paying for”
“Use the resources you already have. For instance, contact the tech support for your
firewall vendor and ask questions about your overall security posture.”
Yehudah Sunshine, Director of Cyber Marketing at Cyfluencer
“Take a deeper look into how you securely
share proprietary data”
“With the rise of collaboration platforms and remote work, many have grown accustomed
to freely sharing data with an almost shocking disregard for the impact it could have on their data
security. While the convenience of simply dragging and dropping files and even more damning usernames
and passwords have helped many to manage their workflows during the pandemic, in 2023 digit
Alexander Ronquillo, Vice President at WhoisXML API
“Actors will continue innovating their techniques
to avoid detection”
“In my 4,000+ hours of consulting work with some of the world's most renown threat
hunting & cybersecurity teams, I've found a colossal difference between the teams who innovation driven
by deep-expertise, and the teams who settle for "good enough" when building cybersecurity products.
The world's supreme teams know that even with standard free and open-source
Resham Ganglani, CEO at Halodata Group
“You can't attack an unknown enemy, but you can
always be ready to defend
against it”
“Prevention in cybersecurity terms is still the only way to be secure. You can't
attack an unknown enemy, but you can always be ready to defend against it.”
Michael Conway, Director at Renaissance
“A key threat factor we’ve seen over recent years
and will continue to see
is
email”
“Working alone has translated to accidental data leakage and the accidental clicking
on or following links which have malicious content becoming much more prevalent.
A key threat factor that we have seen over the last couple of years and will continue to see is
email.
Malicious content can be delivered through links receiv
Antonio Herraez, CTO at Micromouse
“Use TrueCDR™ technology to disarm menaces from e-mail
and prevent
intrusions”
“Since the pandemic hit, the way we work has changed. Working from home has turned
collaborative platforms into the communication center of our companies. The exchange of files between
users is continuous and supposedly trusty; the user feels they are in a safe environment. Cybercriminals
know that and exploit it! They are using known and new evasion techniques that many times are not dete
Ben Greenvald, Sr. SAP Integration consultant at Israel National Water Company
“Ensure your organization uses Access Control methods
(RBAC, ABAC, PBAC)
properly”
“Make sure you use an Access Control method (RBAC, ABAC, PBAC) properly in your
organization because anarchy can cause chaos; either by bad will or goodwill. Letting someone get the
access they shouldn’t have, can harm your system. You should not let people in your organization do
stuff they are not eligible or certified to as they can misjudge the consequences of what they do.
Dudi Malits, CEO and Founder at DM Communications
“Enforce the 12 characters password rule, and don’t open
your social assets
to
strangers”
“As a marketing agency that provides domestic & international PR, LinkedIn, and SEO
services to technology and financial companies, as well as crisis management, I’ve witnessed the
cybersecurity incidents organizations are facing. Many of them were initiated by social engineering and
identity theft over social
Lance Soller, Head of IT at Clariter
“An attack does not have to come in the form of
sophistication. The simpler
ones can be more damaging”
“There are many tiers to cybersecurity today. Consider how a breach will occur. What
are the most common threat vectors? When are we sitting on our laurels assuming all is good? Let's start
off with phishing. An email comes in that looks legitimate. A person clicks on the email and enters
their O365 email address and password. Oops! Too late and didn't realize it. But there is 2FA so all is
good. While
Jay Jay Davey, SOC Client Lead at Bridewell
“Security is much more than a technical problem
or something we can solve
with
technology”
“Cybersecurity is much more than a technical problem that can only be solved with
technology. Security will always be a people’s problem at the core. You must understand the business
from its different components, goals, and objectives to truly address the challenges ahead.
Organizations should invest in providing continuous technical security monitor
