Anthony Belfiore, Chief Security Officer at AON, joins the BigIDeas en movimiento podcast to talk about how cybersecurity regulations have evolved over the past several years, how far malicious attackers have (or haven’t) come, and what lies ahead in the cybersecurity world.
Belfiore’s two-decade career in cybersecurity began in the U.S. defense industry, where he fixed holes and repaired security issues in government software. After that, he transitioned into the financial sector, working at KPMG, Ernst & Young, UBS, and JP Morgan Chase before ultimately taking his skills to AON, the largest seguro and reinsurance company in the world.
The More Things Change, the More They Stay the Same
When it comes to the type of amenazas a la seguridad facing large organizations these days, Belfiore recognizes that not much has changed. “Although we have new disruptive, innovative technologies to leverage to enable our businesses,” says Belfiore, “the core threat conditions and issues that we were dealing with in the late ‘90s and early 2000s are still many of the same.”
Companies that are breached today “still have issues with gestión de acceso, gestión de datos, resilience, and the availability of systems in the way they’re architected. Those age-old issues have just migrated to the new ecosystem of platforms.
“Most large, multinational companies are operating in hybrid mode,” with their old-school, on-prem, legacy apps weighing them down. “There are very few companies out there that are straight nube. We can’t leave the atmosphere yet. So what I would say is the same stuff that we were dealing with honestly 20 years ago are still the core issues today.”
The “Draconian” Regulatory Environment
While not much has changed on the threat landscape, the same cannot be said of the regulatory environment. “Normativa have evolved a lot,” says Belfiore. “We’ve seen — rightly so — the regulators of the world start to have a stance in terms of what they expect a large, multinational company — or even a small, domestic carrier company — to do in terms of cyber resilience.”
This regulatory environment covers a broad scope, encompassing “everything from business continuity to disaster recovery to protocols for response to the actual technologies companies leverage to keep their environment running safely.”
Regulations, Belfiore says, “have gotten more Draconian. Everyone’s on board with pushing a very, very tight cyber agenda because the stakes are so high.”
More than ever, companies really need to know their data — and know it well. “The nature of the data play today forces organizations to know their data well, because they have to quantify and qualify the operational risk they’re running.”
Mira el podcast completo to learn more about Belfiore’s take on what lies ahead in the cybersecurity world — including what keeps him up at night.
Autor
