Imagining a secure connected society

by Ami Hofman

07 September 2020

A person standing silhouetted against a city at night

Building New York City as a cybersecurity hub

The City of New York has embarked on an ambitious journey, called Cyber NYC, to become a key global cybersecurity hub. Cyber NYC has been working with one of NTT Ltd.’s partners, global venture investment firm and security thought leader Team8, who’ve played a key role in shaping cybersecurity thought process in recent years. I was fortunate enough to be invited to Cyber NYC’s recent working group with global CISOs and Team8.

A view from the city above

The City of New York has embarked on an ambitious journey, called Cyber NYC, to become a key global cybersecurity hub

What can NYC learn from enterprises’ security approach?

Some observations from the working session:

  1. Organizations are under enormous pressure, especially with the rise of COVID-19. The economy has been disrupted and as a result, organizations are trying to optimize their operational expenses under growing uncertainty. Working from home was often encouraged at a limited scale but certainly something that was never built for today’s extreme scenario. In the balance between security and usability, some companies are leaning towards usability with many organizations willing to cut corners. The million-dollar question for CISOs here is: where do you draw the line?
  2. The second point is around changing priorities with derailed agendas. Two examples that stand out from the rest:
    1. There’s an ongoing need to validate what we’re doing and to demonstrate the return on investment. This concept of building a cyber assurance program is not new – what really changed here is the dynamics. A few months back the trigger was either someone outside the security group looking for a rubber stamp or an M&A agreement ensuring the merger and/or acquisition will not end up carrying too much risk. This now changes, with security teams looking for further assurance re the integrity of their security controls against specific threat scenarios.
    2. The threat landscape has grown at a staggering rate. Education and healthcare have now become high value targets for hacktivist groups and individual hackers. This translates to exponential growth in log and alert volume which in turn overwhelms SOC teams where things aren’t built for scale.
  3. Too many organizations struggle to get the required security funding during day-to-day business and seem to only get this once a major breach has occurred. CISOs definitely have their management’s attention now. This is an opportunity for them to set healthy foundations for the future.

What’s Next?

At the end of the day, the panel’s message for Cyber NYC was this: life may never go back to where it was and as such we need to zoom out and look at the bigger picture. Where this world is going to, we can’t say for sure. One thing we can say is the fact we need to carefully look at our digital workplace environment and the respective work habits.

 

Ami Hofman

Ami Hofman

Head of Cybersecurity Solutions, Security Division, NTT Ltd.