As the Global Chief Auditor for Technology at Citi, Theresa Grafenstine oversees a staff of approximately 250 technology auditors – all of whom are required to incorporate a standardized testing program that covers basic principles of information security. Grafenstine also manages a team of more than 30 auditors who specialize in cybersecurity and conduct technical cyber reviews of Citi’s systems globally.
Heather Gantt-Evans was recently appointed the Chief Information Security Officer (CISO) at SailPoint. Previously, she was Senior Director of Security Operations and Cyber Resilience at the Home Depot, where she was responsible for leading security engineering, application security, vulnerability management, network security and the security operations center.
Since joining Chipotle in 2019, Dave Estlick has had a significant impact in the company’s cybersecurity posture. Upon starting his new role, he initiated a period of discovery, taking inventory of the brand’s infrastructure. He saw an opportunity to drive significant change across the organization which was equally open to prioritizing security.
Chuck Davis, MSIA, CISSP-ISSAP, is Senior Director of Cybersecurity at Hikvision, a global company with more than 40,000 employees and 59 branch offices and subsidiaries around the world. Based in the U.S., Davis leads the global cybersecurity team and, under his leadership, Hikvision has achieved several cybersecurity milestones to include the establishment of the Source Code Transparency Center at Hikvision USA’s Los Angeles headquarters, where government and law enforcement officials may examine the source code for Hikvision’s cameras and NVRs.
Edna Conway is globally recognized as an innovative and empowering executive who forecasts the future of business and creates clear strategies to get ahead of burgeoning trends. Her expertise and insight span the expanding arena of third-party risk, changing global government cybersecurity demands and consumer privacy expectations.
Jason Albuquerque is Chief Information Officer (CIO) and Chief Security Officer (CSO) at Carousel Industries, Inc. Headquartered in Exeter, R.I., Carousel Industries is a provider of managed services, including cloud, data center and security, as well as communication and network technologies.
With additional pandemic-related vulnerabilities, these preventable mistakes led to greater losses, and the resulting breaches were often wholly avoidable with simple fixes. Here are four of the most common gaps in security, the high-profile breaches they caused in 2020, and how to prevent your company from becoming the next victim.
As a result of major cyberattacks in 2020, security leaders were forced to be even more cognizant of their approach to protecting their organization, often forcing them to refine and future proof their approaches to this new world of security. After watching the events of 2020 and analyzing threat actors’ approaches, here’s what I expect to see in 2021:
U.S. employers are expanding efforts to enhance their employees’ wellbeing as they map out a benefit strategy for operating in a post-pandemic environment. These initiatives come as less than three in 10 employers say their wellbeing (29%) and caregiving (27%) programs have been effective at supporting employees during the pandemic.
Sophos has published new research, “Gootloader Expands Its Payload Delivery Options,” that details how the delivery method for the six-year-old Gootkit financial malware has been developed into a complex and stealthy delivery system for a wide range of malware, including ransomware. Sophos researchers have named the platform, “Gootloader.” Gootloader is actively delivering malicious payloads through tightly targeted operations in the U.S., Germany and South Korea. Previous campaigns also targeted internet users in France.