We sat down with Boris Cipot, Senior Security Engineer at Synopsys to learn about him and his thoughts ahead of his talk at this year’s DACHsec Summit.
Read on below for the full interview!
Let’s take a look at the IT security threat landscape in early 2023: what are we witnessing?
We are witnessing the same types of attack vectors, but they’re largely being enabled by different kinds of technical advancements. We see ransomware, phishing and software vulnerability exploitation—be it in commercial or open source software—all of which are quite common year over year in the security threat landscape. What makes attacks unpredictable however, are the possibilities attackers have at their disposal to find and execute those attacks. AI advancements presented a major technological advancement as demonstrated by Open.ai this year with their demo project ChatGPT. On one hand, this exciting technology introduces considerable positive capabilities. And yet, it is also accompanied by negative aspects which could affect the threat landscape and the capabilities of attackers as we move forward.
Based on your answer, what would you identify as the 3 key priorities for IT Security leaders this year?
The three priorities for security leaders should focus around people, process and technology.
- People. Education and training should be top priority. Setting up rules and limitations alone aren’t enough. Employees need to understand why the limitation are set, what the threats are and what they must watch out for. For instance, phishing emails have improved dramatically in recent years. They’re often rather difficult to identify in many cases. Therefore, educating employees on cybersecurity and application security concepts and threats remains important.
- Process. Processes need to be put in place to first define the baseline on which the company can evaluate its security posture. From there, it is possible to create a plan on which they will know how to approach critical situations. It is important to note that such process planning isn’t a one-time activity – it is an ever-changing process as the process requires optimizations. And make the process as simple to understand as possible. Use plain language. Leave no room for interpretation. And be sure to include user access rights and resource usage monitoring within applicable processes.
- Technology. Know what software is being used within your organization in addition to which devices connect to which network. Remember, you can only protect what you know you’re using. As such, make a list of required and in-use software and required equipment and then make sure that you apply relevant and ongoing patches and updates. Patching software is a must. Unpatched and vulnerable software and equipment should not be a part of your network.
As a conference’s sponsor, what are you going to be addressing in your talk this year?
There are many different topics that need to be addressed in order to prepare for the current and upcoming cybersecurity threats. Application security, software supply chain security and development operations are the 3 most important on the list that I’ll be addressing this year.
What can people expect from DACHsec?
Cybersecurity presents an everchanging landscape. I expect that the event will focus heavily on the threats of today and tomorrow in addition to the solutions to combat the most pressing threats.
Catch Boris at DACHsec Summit on 16th – 17th May for his participation in the panel discussion: ‘Top Trends in Security, Privacy & Risk Management and Predictions for 2023 ‘! Join us for his session and enjoy live Q&As throughout the summit by registering for FREE online with code: CYBER-VIP at dach.cyberseries.io/register/.
