Why Businesses Must Address Cloud Security Risks
The widespread adoption of cloud computing services has resulted in a massive shift in cybersecurity, said Prateek Goel, director of product marketing and strategy for Wiz. The cloud changed the way companies consume IT, but it has also introduced new challenges. “The cloud has really changed the paradigm for security, and the risks that are coming up are totally new” he said. “The cloud comes up with new applications every month, but new security risks come with them.”
To address these risks, Goal advised, organizations should adopt a security approach that involves representatives from every part of the company. IT professionals charged with cybersecurity need full visibility of the environment to identify the risks they face. While every effort should be made to prevent breaches, IT leaders must assume that at some point, such efforts will fail. “Being proactive is not enough,” Goel said. There will be things that slip through, so you need to have a reactive capability as well, so you can reduce the blast radius of a breach.”
READ MORE: Experts explore a security architecture for the AI era.
A Blistering Pace of Change in Cybersecurity
The cybersecurity landscape has changed immensely over the past three years and could be unrecognizable three years from now, said Marcos Christodonte II, vice president and global CISO for CDW, during a presentation at the SummIT. For example, phishing emails are much more sophisticated now than they were a few years ago. Cybercriminals are carrying out attacks via communication platforms such as Slack and also incorporating techniques such as QR codes. Artificial intelligence is also being used to create deepfakes to fool targets into taking actions that benefit cybercriminals. “Lives are absolutely being disrupted by the damage caused by these attacks,” Christodonte said.
Christodonte sees the history of cybersecurity dotted by events that became inflection points where organizations either succeeded or failed. These events include the proliferation of the Morris worm in 1988, which was one of the first cyberattacks distributed via the internet, and the SolarWinds attack in 2019 and the CrowdStrike outage in 2024. Organizations need strategy and agility to be ready to come out on the right side of these inflection points. “This is why we need to rethink our approach to cybersecurity,” Christodonte said. “We need to be faster. We need to be much more strategic.”
This strategy must keep pace with a rapidly shifting landscape in which cybercriminals never seem to slow down.
“With every technological advance, new cyber risks surface to threaten us,” Christodonte said. For example, quantum computing may pose the next inflection point organizations must navigate. Right now, cybercriminals are stealing encrypted data that they aim to access when quantum decryption technology becomes available over the next few years. Security strategies should help organizations prepare now for these events in the future.
REVIEW: How to best secure AI projects.
Elements of an Effective Cybersecurity Strategy
Christodonte recommended that IT leaders adopt what he calls a “leveraged cybersecurity” model. Under this approach, organizations leverage people and the user experience to reduce the friction that users face due to security measures. This may require organizations to conduct pilots and phased rollouts of new tools and take steps to ensure that they are adopted fully. This strategy aims to minimize an organization’s reliance on any single technology vendor, prioritize the biggest security risks and optimize the use of existing security tools. The model also includes leveraged processes that aim to be more seamless, standardized and scalable.
CDW has adopted several security measures that follow this approach. For example, Sanjay Sood, the company’s senior vice president and CTO, said over 98% of CDW coworkers are enrolled in a passwordless login experience that reduces frustration while improving security.
CDW is also focused on security from a risk-based perspective. Conor Waddell, senior vice president of integrated technology for CDW, said the ability to assign a dollar value to security risks helps CDW prioritize them. “Quantifying risk is really the focus of what we’re doing,” he added.
As they work to establish and deploy their strategies, IT leaders must keep an eye on the future, Christodonte said. Cyberthreats continue to evolve, and security strategies must enable the agility for organizations to adapt. “Cybersecurity is like chess,” he said. “You have to be thinking three steps ahead.”
Find BizTech’s full coverage of the event here. Follow our live news coverage of the CDW Executive SummIT on the social platform X at @BizTechMagazine and join the conversation using the hashtag #CDWExecutiveSummIT.