Anthony Belfiore, Chief Security Officer at AON, joins the BigIDeas on the Go podcast to talk about how cybersecurity regulations have evolved over the past several years, how far malicious attackers have (or haven’t) come, and what lies ahead in the cybersecurity world.
Belfiore’s two-decade career in cybersecurity began in the U.S. defense industry, where he fixed holes and repaired security issues in government software. After that, he transitioned into the financial sector, working at KPMG, Ernst & Young, UBS, and JP Morgan Chase before ultimately taking his skills to AON, the largest insurance and reinsurance company in the world.
The More Things Change, the More They Stay the Same
When it comes to the type of security threats facing large organizations these days, Belfiore recognizes that not much has changed. “Although we have new disruptive, innovative technologies to leverage to enable our businesses,” says Belfiore, “the core threat conditions and issues that we were dealing with in the late ‘90s and early 2000s are still many of the same.”
Companies that are breached today “still have issues with access management, data management, resilience, and the availability of systems in the way they’re architected. Those age-old issues have just migrated to the new ecosystem of platforms.
“Most large, multinational companies are operating in hybrid mode,” with their old-school, on-prem, legacy apps weighing them down. “There are very few companies out there that are straight cloud. We can’t leave the atmosphere yet. So what I would say is the same stuff that we were dealing with honestly 20 years ago are still the core issues today.”
The “Draconian” Regulatory Environment
While not much has changed on the threat landscape, the same cannot be said of the regulatory environment. “Regulations have evolved a lot,” says Belfiore. “We’ve seen — rightly so — the regulators of the world start to have a stance in terms of what they expect a large, multinational company — or even a small, domestic carrier company — to do in terms of cyber resilience.”
This regulatory environment covers a broad scope, encompassing “everything from business continuity to disaster recovery to protocols for response to the actual technologies companies leverage to keep their environment running safely.”
Regulations, Belfiore says, “have gotten more Draconian. Everyone’s on board with pushing a very, very tight cyber agenda because the stakes are so high.”
More than ever, companies really need to know their data — and know it well. “The nature of the data play today forces organizations to know their data well, because they have to quantify and qualify the operational risk they’re running.”
Check out the full podcast to learn more about Belfiore’s take on what lies ahead in the cybersecurity world — including what keeps him up at night.