Network security is steadily becoming more complex. There are more ways to connect than ever before, including 5G, Wi-Fi, and hardwired connections. There are also more devices connecting: mobile phones, tablets, laptops, and the internet of things. All these devices are subject to the threat landscape, which must also contend with security challenges from the growing popularity of remote and hybrid work. Dr. Sally Eaves is the CEO of Tomorrow’s Tech Today and Helen Yu is the founder and CEO of Tigon Advisory. They are both well-versed in the cyber security policies and practices being applied by leading companies today. Listen in as they join host Kevin L. Jackson in this session sponsored by AT&T Business to discuss how to support cyber risk management through strategy and cost benefit analysis.

Intro (00:01):

Welcome to Digital Transformers, the show that connects you with what you need to build, manage, and operate your digital supply chain. Join your host in a timely discussion on new and future business models with industry leading executives. The show will reveal global customer expectations, real world deployment challenges, and the value of advanced business technologies like artificial intelligence, blockchain, and robotic process engineering. And now we bring you Digital Transformers.

Kevin L. Jackson (00:32):

Hello everyone, and welcome to AT&T BizTalk, LinkedIn Live, cybersecurity and network modernization. My name is Kevin L. Jackson, the host of Digital Transformers on Supply Chain Now, and I will serve as the moderator for today’s exciting discussion.

Kevin L. Jackson (00:52):

You know, network security is getting more complex. There are so many more ways to connect than ever before with 5G and Wi-Fi and hardwired connections. And now, just far more devices connecting mobile phones, tablets, laptops, the internet of things and these devices, all expand the threat landscape. The growing popularity of remote and hybrid work also introduces a new security challenge.

Kevin L. Jackson (01:30):

So, joining me to discuss the challenges and opportunities surrounding network modernization, our respected industry thought leader in digital transformation, AI, cybersecurity, and IoT Helen Yu. And the torch bearer for ethical tech international advocate for opening access to opportunity and professor in advanced technologies and global strategic advisor, oh, and by the way, the birthday girl. Say, happy birthday to Sally Eaves.

Sally Eaves (02:13):

Thank you. Thank you very much. You’re most kind. Thank you very much. Thank you, everyone. Great to spend it with you.

Kevin L. Jackson (02:18):

And, you know, welcome to you both. It’s clear that cybersecurity needs to be a major part of the network modernization process. So, to get things started, please give us a bit more on your background and your initial views on the importance of network modernization. So, since it’s your birthday, let’s start with Sally.

Sally Eaves (02:46):

Oh, most kind, Kevin. Thank you. Lovely to be here with you and obviously with Helen as well. Great conversation, Harry. And thank you for the kind intro as well. So, yes, basically I won’t repeat those, kind of, different, kind of, roll hats and things.

Sally Eaves (02:57)

But, you know, I work across, obviously, Emergent Technology but also education and social impact and how you fuse those together, you know, for shared value. I also come very much from Met telco background fully enough from like CTO and change manager roles. So, everything around this subject, around network modernization and embedding cybersecurity at the heart of that, you know, it rings so close to heart.

Sally Eaves (03:17):

I think you set it up brilliantly actually, Kevin, in that intro. I mean, how many different vectors of change have we had over recent years? You know, whether it’s geopolitical or the escalation of cyber threats, the accelerating threat verticals and areas as well.

Sally Eaves (03:30):

Our postures need to react to all these different threat verticals, but also not lose sight. It’s not just a technology proposition. This is around culture, it’s around change management, it’s around processes, around skills as well. So, when we look at kind of that acceleration of digital transformation, we’ve seen it all across the world, all across different verticals, different speed, you know, depending on different, um, baselines, et cetera. But we can’t lose sight of reflecting of where we’ve come from.

Sally Eaves (03:53):

And as we create new opportunities, we also, you know, create risk verticals as well. And that’s my biggest thing around network modernization, focusing on cybersecurity. It’s not an add-on. It’s not an extra. It’s that embedded by design approach that we have to have. We have to look at it holistic. We have to look at it from a multilayered approach as well. I know we’re going to this in more detail as we go through it but (INAUDIBLE).

Kevin L. Jackson (04:15):

No, no. Thank you very. And you’re in London today?

Sally Eaves (04:20):

Yes, absolutely. I’m in London today, indeed.

Kevin L. Jackson (04:21):

Our network is strong. And, Helen, you’re joining us from Chicago land, right?

Helen Yu (04:28):

Yes. Yes, greetings from the winter Wonderland. Thank you for — yes, thank you for the warm introduction, Kevin. Happy birthday to you, Sally. I can’t wait to celebrate that in person with you in the months. Kevin, it’s great to see you again. You know, when it —

Kevin L. Jackson (04:44):

And you’re making a big move here soon, aren’t you?

Helen Yu (04:50):

Absolutely. I saw Kevin last time in New York and he was the one carrying all the gadgets with him. So, you — yes. You know, let me share a little bit about the — my background, right? How I got into cybersecurity. I got in cybersecurity by accident back in 2019 when I was invited to a keynote at IRM event in Zurich. And then that got me hooked, right. I realized how much — how important it is for people to gain more knowledge.

Helen Yu (5:22):

And also, realize you don’t have to be super technical to get into the field of cybersecurity. And since then, I’m a vice chair — sitting on a board of Global Cybersecurity Association. And we got to speak to experts — industry experts to learn more about what it is, right? Cybersecurity evolves every single day. There’s no expert as a result of that.

Helen Yu (05:44):

So, that being said — and then, I’m also as a founder and CEO of Tigon Advisory. We provide value creation or value creation accelerator providing CXO — fractional CXO services. Manage security service or service is one of the services we provide. Partnering with other vendors or industry leaders.

Helen Yu (6:09):

And when it comes to network modernization or cyber, as all of you know or heard, IDC really talks about there will be 41.6 billion IoT devices in 2025, right? That’s only, only two years away. It’s going to generate 79.4 zettabytes of data. What that means is this sheer volume of data presents challenge.

Helen Yu (6:32):

And so, network security investment is not as solid — as I said, it’s not a — nice to have anymore. You have to really understand where you are at, where your threat, I would say, vulnerability is or associated with firewalls intrusion, for example, prevention and network segmentation. And then — or access control in — because of strong network security posture can help you ensure regulatory compliance, build customer trust, protect reputation of the organization.

Helen Yu (7:07):

And most importantly, to keep you really — I would say, keep you stay current or keep you stay in the business, right? Because you can easily disappear if you don’t really pay attention to or embed cybersecurity as a strategy within your company.

Kevin L. Jackson (07:25):

Wow. That’s a — that’s an important thought. And as cybersecurity professionals, we are all, right now, getting ready for the RSA Conference 2023. And, sort of, to follow on on your statements there, Helen, the theme at the conference is stronger together. What does that mean when you’re talking about cybersecurity?

Helen Yu (07:54):

I love that theme, as a matter of fact, because cybersecurity is a team sports, right? That means that — it means about importance of collaboration and cooperation. We all know that cybersecurity is no single organization, individual can effectively protect against all the potential risk, right? So, this also talks about, you know, not only the collaboration corporation between the private sector and the public sector. And then it talks about industry can be more effective if we work together protecting against the cyber threats and ensuring that all the digital infrastructure remains secure and resilient.

Kevin L. Jackson (08:36):

Yes. So, Helen, I know you are really, you know, at the forefront of sustainability. And as we look at protecting our information and the numbers of devices and the amount of data, what does, being stronger together mean to you?

Sally Eaves (09:01):

No problem. I’ll come back in on that, Kevin. No problem at all. So, first of all, just echoing really, I think Helen’s comments there about how important that thematic is about stronger again, I think, is absolutely imperative. And it leads off other events we’ve seen as well where ecosystem collaboration, it’s right before MWC being a great example of that, too.

Sally Eaves (9:18):

So, love the fact that RSA is really embodying that. And for me, it kind of tells a story as well. I mean, we’ve always had a history about collaboration in cybersecurity. You know, it pays no heed, does it, cybercrime? You know, what border you are in. What geographical boundary? It transgresses all of those things. We’ve always fought on that best when we’ve collaborated and shared data in a safe way.

Sally Eaves (9:39):

But I think what’s happened, and again, we mentioned it earlier with these different vectors of change. We’ve got geopolitical uncertainty. In some ways we’ve had to close off certain mechanisms where we would traditionally have collaborated. So, we’ve got that. We’ve also got more technical, say, complexity. And in sometimes you’ve had product incompatibility, which can impede collaboration, too.

Sally Eaves (9:57):

So, we’ve got that history. We’ve got some challenges. But to go forward, we’ve got this appetite to come together. And why is that so critical now? I think probably the best example I would give is, you know, what the bad guys doing right now? Now, how many times are we seeing bad actors come together to affect negative change around cyber risk? And they’re even helping to, kind of, bring back old risks as well.

Sally Eaves (10:18):

I did some work recently around EmTech and I called it chameleon of the cyber threat world, because it just keeps reimagining itself. So, it’s got a lovely, kind of, visual image there. And that was brought back in many ways because of the power of bad actors coming together. So, if there’s any, you know, any kind of bigger, kind of, catalyst to do this better, that stronger together vibe that, I think, is a great example of why we need to do this.

Sally Eaves (10:40):

And for me, also, as a final point, you know, collaboration, it goes beyond things like governance and things they’re obligated to do is a step beyond that. A bit like with sustainability, as you mentioned just then as well. There are certain targets that are embedded in different legislation, but you can go beyond that, like science-based targets, for example. So, my big point there is, kind of, we can go even further still. So, yes, love that theme and I think it’s so important.

Kevin L. Jackson (11:02):

So, as the extensive side is coming together to be stronger because the attackers are coming together. One of the things that the —

Sally Eaves (11:10):

Exactly.

Kevin L. Jackson (11:11):

— recent ATT insight cybersecurity report highlighted was a need for a balanced cybersecurity spin. Well, what does that really mean? How do you balance your investment against everyone coming together, Sally?

Sally Eaves (11:29):

It’s a great question, and I think my answer is partly how we communicate about this, what the narrative is. So, rather than this cost of investment, what about the cost of insecurity? Reframe it around that. Now, we’ve seen this kind of scale scope, sophistication of risk accelerating. Lots of different, you know, things affecting that, one of which being IT and OT convergence, I’m seeing right up there at the moment.

Sally Eaves (11:51):

So, to address these particular threats, we need to look at things more holistically. So, for example, as we treat these issues, we need to treat them, say, as part of business outcomes. It’s not different, kind of, component separate siloed parts. I think that’s really, really important. And the narrative around that matters too.

Sally Eaves (12:07):

One example of that I’ve seen quite effectively at the moment, particularly with the rise of edge use cases is merging edge with cybersecurity principles and policies. So, it’s just bringing together this holistic treatment, I think, is really important too. As I mentioned at the top, I think about culture, process change, management, et cetera, and skills too.

Sally Eaves (12:24):

But I think the other thing that’s really interesting about that question because you mentioned there about balance, too. I think sometimes, as well does that holistic look, we also have to go more granular and more focused. So, within that brilliant research from AT&T as well, what I loved is the fact it gets broken down into different parts too.

Sally Eaves (12:40):

And one, where I’ve done a lot of work recently because of my sustainability actions in particular is around the rise of cyber risk in say, utilities. Big, big, big hit there at the moment. And if you drill into that particular research you see, for example, there might need to be more attention, in particular, spend around securing that area. Probably something we’ll come back to a bit later on. So, I’ll pass that back, but I just think a really great question that we can tackle that in some ways.

Kevin L. Jackson (13:02):

Well, I want to bring Helen into that. So, Helen, because you — your company provides fractional CSO services. And as a CSO you have to look at all of these threats. What does investment balance mean to you?

Helen Yu (13:20):

Absolutely. So, when it comes to investment, we all think about what is the cost benefit, right? That’s when I — when — from cybersecurity perspective is about perceived cost of ownership and effectiveness of control, especially for mid-size companies. They don’t have a, you know, really big budget to spend what you’re going to do. So, I always feel like the cost and benefit analysis would be a good starting point.

Helen Yu (13:47):

For example, you — there are many areas you can, you know, when it comes to network modernization, right, as ideas, we all know intrusion detection could be really an area’s overall benefit winner, right? People — every single company needs to have the intrusion detection in place, regardless of industry and the size of a company.

Helen Yu (14:08):

So, then password is another thing. How do you relate? Make sure every user or every employee and your contractors all are in compliance with your password protection. Then there’s also, these days, about cloud. Cloud is really viewed as needing the most security followed by IoT networks. But when it comes to these details, company need to really know where they’re at, right? Start with an assessment, comprehensive risk assessment can help them identify where they have the most critical assets, potential threats, and vulnerabilities that need to be addressed.

Helen Yu (14:46):

And then you can prioritize cybersecurity investment based on risk management principles to me and aligning your investment with your — where you have the most vulnerability and, and challenges there. And also aligning with the resource needed. Sometimes you may want to outsource. So, having that initial awareness and do a cost benefit analysis, to me, is where I would —

Kevin L. Jackson (15:11):

Yes, but a lot of the things that you’re talking about, like, companies, modern companies today, they probably already have a lot of investment in some of those basic things. But, but now we’re talking about going to the next level when it comes to network security.

Kevin L. Jackson (15:33):

How does the investment in network modernization align with this balance when it comes to security with dealing with things like IoT and multiple clouds, and quite frankly, hybrid work and working from home? And, you know, how do we deal with these other network security concerns as we modernize in this balance?

Helen Yu (16:09):

Yes, that’s a great question, Kevin. As a matter of fact, as I mentioned earlier, right, we talk about 41.6 billion IoT devices two years from today. And the sheer amount of volume of data itself is beyond our capability to manage. So, that being said, network security is something we must pay attention now.

Helen Yu (16:33):

And what happened is that, you know, how do you do — I mean, a strong network, we talk about is a balanced approach, right? We have to address all the critical areas of cyber, and we talk about firewall, intrusion prevention, network segmentation, and then some secured access control. And to me, automating that whole process is a must, right? Because if you rely on a human, imagine you rely — the hacker is not doing that manually, right? They leverage the advanced tools technologies to hack the network. And then organizations need to be really mindful.

Helen Yu (17:10):

And how do you automate that entire network is really critical. To me, that is not just about doing one thing, but you have to have holistic strategies. Sally mentioned that earlier, holistic view of where exactly you are at from network perspective. Where you have the most exposure and then implement that locally because you may — if you have a large enterprise, you may have local — the vulnerability might be different, depending on the region you are in, then there are different regulations there, you have to also be mindful.

Helen Yu (17:43):

So, it’s very important to start with the roadmap, right. Here’s where I’m at holistically my cybersecurity principle. To me it could be, you know, how do you automate? What kind of analytics you have in place? And then, what about architecture? Those three things you look into — three principles you look into when it comes to network modernization and then apply that to each of the region or segmentations you are in.

Helen Yu (18:09):

And verticals can be different, healthcare might be different than financial services or government or public sector might be different. So, you have to have all those details mapped out before you go apply that into your strategy. But investment network security should be top of mind. It should be the first thing you think about rather than, you know —

Kevin L. Jackson (18:34):

Right. So, Sally, Helen talks a lot about automation and the important for the organization to automate the network security processes. But does it all lie on the organization? There are a lot of managed services for network security out there. Is there a balance between what the organization or enterprise does for network security versus maybe, you know, leveraging some of these network managed services for your modernization efforts?

Sally Eaves (19:17):

That’s a great follow up question there. And firstly, I’ll echo what Helen said about know where you’re starting from. I think that’s absolutely huge. You know, with any of these challenges we’re dealing with at the moment, you need to have that baseline and then benchmark from there. And then again, you get more buy-in as you progress through as well. So, I think that’s really, really important.

Sally Eaves (19:33):

In terms of, of your question there, Kevin, as well, I think a couple little elements kind of bring to bear. First of all, I would say, is as you modernize, as you develop, as you bring in more automation, there’s an opportunity to bring in embedded software security by design as well. So, as we improve the network, you get more benefits. So, low latency, you’ve got software defined, you’ve got higher bandwidth. All these different benefits coming together, that gives you new opportunities.

Sally Eaves (19:57):

So, as I said, build that software security right from — into the network by design. So, I think that’s an important point to make, too. We can bring these two elements of investment together. Also, I think, this echoes of things around sustainability here as well. This kind of has to be done by design. You know, you can’t retrofit some of these things.

Sally Eaves (20:13):

So again, you need to think about whether it’s security or sustainability, you have to do that from the network up. So, it is looking at the different layers around network, around architecture, even processor, too. So I think that’s very important too.

Sally Eaves (20:25):

But the role of managed threat detection and response, I think, is key. And we mentioned that the top about the power of collaboration, didn’t we? But also, the power of trusted partnership to help, you know, navigate some of this noise around cybersecurity too, to filter through to what’s really relevant for you, your organization in that sector that you’re particularly in and where you want to develop and grow as well.

Sally Eaves (20:45):

So, that personalized support, that filtering, that trusted partnership, access to the latest information and technology and supporting you as you grow and navigate through this very changing world. And particularly, I give a shout out as well to a lot of developing SMEs, SMBs at the moment too. They can be the weakest link sometimes in cybersecurity risk, particularly around supply chains. And sometimes feel kind of most exposed and less supported. And there’s actually a lot of support out there that can be tailored to organizations of all sizes as well.

Sally Eaves (21:13):

So, definitely recommend what you were saying there, Kevin, about getting support and that facilitation to support you through this progress even if your enterprise level, I think the great role, to play for this. It really is.

Kevin L. Jackson (21:22):

Well, you know, one of things about managed threat or managed security is that in this year’s AT&T insights report on cybersecurity, the number one threat was DDoS, I mean, that’s a huge network out there to, to protect. And as we expand, as enterprises expand with the internet of things and IoT, organizations need to deal with this. So, does managed services help with this challenge as you — as the — with the DDoS challenge?

Sally Eaves (22:00):

I think it definitely does, absolutely. I mean, just look at the cost of this as well. I’m actually involved in a report on this very subject at the moment. And we’re roughly looking at costs of about $300,000 per hour as the downtime of a DDoS attack. It’s that significant. And then there’s other, obviously, costs as well around in terms of reputation, for example, in other areas too.

Sally Eaves (22:20):

So, it’s not just about the cost and the downtime, et cetera, but it’s a really significant challenge. We’ve got different, kind of, roots in to DDoS attacks as well. So, it might be protocol, it could be application layer, it could be volume as well. So, different areas to look at as well. And I think a lot of organizations are remaining vulnerable in this way because of issues around complexity, lack of visibility. You mentioned they’re around IoT acceleration. But also, we have that integration across IO — IT, sorry, and OT as well.

Sally Eaves (22:47):

So, lots of different technologies converging as well. And as a result of that, we’re getting more and more possibilities for, you know, threat surface areas to extend, to become more complicated, become potentially siloed, and do not have that kind of 360 view of what’s happening in your organization. So, again — and also things that sprawl as well. You can inadvertently, kind of, bring in more techniques to try and solve problems.

Sally Eaves (23:09):

And actually, they confuse people and take you away from that active knowledge of what’s happening right now and getting ahead of things. And you’re chasing back and you’re chasing alerts and, you know, we see it, don’t we in operational teams at the moment. Lots of challenges around burnout, too. So, absolutely. That facilitation, that support, that expertise across technology, but also across deployment and across education and across research into the latest trends in cyber risk, et cetera. It’s the way to go forward and navigate a lot of this noise in many cases. I think —

Kevin L. Jackson (23:37):

So, Helen, from a CSO point of view, how should the organization deal with this DDoS challenge?

Helen Yu (23:47):

Well, as I’m preparing for a keynote speech on cybersecurity, I’m just doing some research, right. And, and cybersecurity venture expects global cybercrime costs to grow by 15% per year. So, that means in the next five years that would reach 10.5 trillion by 2025, two years from now, again, right, up from 3 trillion in 2015.

Helen Yu (24:13):

So, if DDoS, number one, you can imagine the amount of gross, you know, threat, right, from threat perspective. As I mentioned earlier, both Sally and I talk about, you know, you have to know where you’re at first. But really important — few things, really important when it comes to DDoS, you have to secure your IoT devices. We all know there’s so many of them, not just the employees within our organization, there are suppliers, there are contractors out there. You have to make sure you understand where these endpoints are all.

Helen Yu (24:43):

And then I work with the customer and they told me they have 300 endpoints, it turned out to be 3,000 endpoints after the assessment, right. We laughed but that’s reality. Not knowing where exactly you are at would put you — really expose you bigger risk. Secondly, you got to segment your networks, right, because you want to — network segmentation and help you limit the impact of DDoS attack.

Helen Yu (25:09):

And then the other thing is, how do you deploy DDoS mitigation solution? There are many of them. Then you have to really assess, making sure you have something in place. But most importantly, I think Sally mentioned about this, about employee training, most importantly you have to plan a practice, an incident response.

Helen Yu (25:29):

I’ve been to so many kind — we’ve been in board — I’ve been in board meetings where we talk about strategy. Everyone knows the important strategy, but if you need to come up how you react now, this moment is, you know, DDoS attack right this moment. How are you going to reply? You know, really respond to that.

Helen Yu (25:45):

So, every organization should have that at your fingertip, right? If this happens, what I’m going to do? And really important for you to think about how you block the attack and then how you examine and analyze and then, so what happened? What triggered that? Most importantly, how you recover and what lesson you learned from this to want that from happening again?

Kevin L. Jackson (26:06):

So, wait a second though. I mean, you could probably forgive a CSO for having a bit of whiplash because last year everyone was trying to protect themselves against ransomware, which was the number one threat. It’s now dropped to number eight, which was where DDoS was last year. Is ransomware no longer an issue?

Helen Yu (26:34):

Well, it’s interesting, right, perception here because if you — cybersecurity venture predicts that by 2031, ransomware will cost victims 265 billion each year. It will attack the business consumer device every two seconds, right. I’m surprised to hear it’s no longer number one.

Helen Yu (26:55):

You know, imagine you get 30 attacks within a minute, what’s going to happen? Maybe it dropped for now, but to me, ransomware continues to be a major cybersecurity threat, right, despite dropping from number one to number eight because these numbers evolve all the time. But you know, we all know ransomware could have bigger impact than any other attack, right, significantly and then causing financial losses, reputation damage, business disruptions.

Helen Yu (27:27):

And so, I would say, you need continue to stay vigilant and then regularly take the action to make sure you have a respond — you know, understand how you recover if that happens.

Kevin L. Jackson (27:39):

Yes. So, Sally, what’s your view? Ransomware versus DDoS? Sally?

Sally Eaves (27:46):

Well, it sounds like a battle, doesn’t it? We need to get that a little bit. It speaks now —

Kevin L. Jackson (27:48):

In this corner.

Sally Eaves (27:49):

I know, it really does. I would say — so, first of all, I’d echo the point Helen made there. Ransomware is still a big issue. I’d totally concur with that. And I think what really interests me as well is that maybe we need to look at it more from a vertical stance. So, when you look at that data — so again, I do put a lot around energy and sustainability and it actually came out as number two in the AT&T research as being the number, kind of, two threat in that particular vertical, so for energy and utilities.

Sally Eaves (28:18):

And I think it reflects the fact that for some of these particular challenges and types of attacks, certain verticals are more prone to certain types of vulnerability, to put it that way. So, definitely it’s still a major threat, but depending on where you are, what sector you are in, and kind of the advance of digital transformation where you are, different ones will have more of a kind of risk profile for you.

Sally Eaves (28:38):

And I think energy and utilities is right up there. And not even just ransomware, I don’t if you’ve seen about this, Kevin, Killware has been a rising area in this particular sector when bad actors are not just threatening, you know, digital estate and physical estate. They’re actually threatening individuals who are managing those as well. So, it’s a critical, critical area.

Sally Eaves (28:58):

I’d also say around the rise of edge as well. Again, in the AT&T research, I think it was around the two thirds mark, so, it’s 66% or something like that. But it was showing concern around ransomware attacks at the edge as well. And given the growth in that area, I think, you know, protection there is another one to absolutely focus on too.

Sally Eaves (29:14):

So, yes, I think we have to, kind of, look at all these different areas in the round but maybe just get a bit more granular about your specific vertical and threats that are very relevant for you. I think the other area to look at that maybe hasn’t come up so far is around APIs as well. I really think ransomware and API attacks are still very prevalent. I mean, Experian was a very recent one example of that, and Twitter too back in January. So, yes, you definitely want to still keep an eye on absolute —

Kevin L. Jackson (29:37):

Oh, wow. So, you bring up another point of this many, many other threats, other than DDoS in in ransomware. How can decision makers, Sally, really keep up with this changing threat landscape? It seems to be overwhelming.

Sally Eaves (29:55):

Yes, I mean there is a lot of information out there. Research — like, research we’ve been talking about today, I think is very, very powerful, particularly when it’s broken down and gets more specific so you can personalize it to your particular sector and kind of type of organization. I think that’s really, really helpful around the relevancy of that as well.

Sally Eaves (30:13):

And the fact when you’ve got continual barometers of change, so it’s not like an — just an annual report. You’ve got those continuations of updates in between, you’ve got executive releases. I’ve been really impressed by a lot of organizations really coming together as well and open data sharing around these threats as too. Now, education is empowerment, isn’t it, in so many different ways. So, keeping up with that, I think, is important. Doing your own research into this area too, and collaborating, I think, is important too.

Sally Eaves (30:38):

This also, you know, where you’re getting your information sources from, the makeup of your teams, it’s that area that’s important too. Ensuring that everyone’s got a voice. You know, we talk about shared responsibility about cybersecurity a lot, don’t we? But to do that and to really action that, everyone in your organization, no matter kind of what their role or experience level is, whether even a tech facing role or not, every role is a cybersecurity facing one.

Sally Eaves (31:00):

So, we have to back up, you know, education at decision maker level with education for all and helping people feel empowered to kind of speak up and say, do you know what, I’ve seen that, I’m not sure if that’s right. And I — and do not feel afraid to do that because that can hold people back a lot. So, I think that’s important.

Sally Eaves (31:14):

And also, specific personalized training at C-Suite level too. I think a lot of roles have changed. You know, the agency, the CFO role becoming more operational, for example, let alone, you know, the CISO role, you know, impacting so many different elements today. You know, the very heart network modernization going back to the top of our discussion.

Sally Eaves (31:32):

So, absolutely education is important. The right voices, the right makeup of teams and making sure you’ve got external and internal knowledge sharing too. It can’t just be that internal echo chamber conversation. You need everything to come together to be —

Kevin L. Jackson (31:44):

So, Helen, as you support and provide CSOs across multiple industry, verticals, do you see difference how these decision makers under different industries can keep up with this changing threat?

Helen Yu (32:03):

Absolutely. I mean, I would — as Sally said, what I put that into six S, right. The first S is, stay informed. Decision makers should really stay up to date to — on the latest cybersecurity threats and then trends through the industry publications. Number two is to stay alert. So, they need conduct regular risk assessment.

Helen Yu (32:25):

And then we talk about zero trust all the time. How do we identify the risk and vulnerabilities, align their cybersecurity strategy and resource allocation accordingly? The third ask S is stay engaged, right. You got to stay engaged with cybersecurity expert. Maybe go to these RSA conference and then — so that — not — and you can really connect with them to learn more about additional insights into threat landscape and develop adaptable cybersecurity strategy.

Helen Yu (32:53):

The fourth is safeguard. How do you safeguard your — through multilayered approach to security is so essential. So, when it comes to network, edge to edge, right. And security strategy, governance and threat management all work together on a single platform for threat detection incident response and compliance management, that would be awesome, right? The solution like AT&T offers.

Helen Yu (33:17):

The fourth S to me — the last S for me here is how do you really think about from service perspective, right? Sometimes you may want to manage in cybersecurity landscape continues to grow in complexity, managed security service should be something, might be a better option than in-house management for increasing numbers of organization. If you’re mid-size company, you may not have a deep pocket to hire a large team of cyber security, then maybe you want to engage, outsource certain element of the work.

Helen Yu (33:52):

So, at the end of the day, cyber operation service is very, very critical. You want to really look at for — I mean, companies like AT&T offers that solution. Not only the product technology, but also the resource can help you set it up in the least cost perspective or way, right? In the most, I say, cost effective way.

Kevin L. Jackson (34:16):

You know, you mentioned going to the RSA conference. I just made my flight reservations and I can’t wait. I’m really looking forward to learning more about how managed services can help when enterprise is trying to modernize it, the network security. So, here’s a question. You know, Sally, what are you looking forward to at RSA this year?

Sally Eaves (34:45):

Well, I’ll tell you what Kevin, as you said at the top, you know, birthday and we’re talking all things RSA. So that tells you how much I’m looking forward to it. Honestly, I can’t wait. Honestly, I think it’d be great. I mean, we saw it recently, didn’t we, with events like MWC coming back to almost full levels again. There’s such a joy about being in person. You can’t beat it.

Sally Eaves (35:03):

You know, going to the AT&T booth, immersing with those conversations, doing the demos, getting hands-on with things, I absolutely love that. Speaking to customers and also just seeing what people are experiencing, you know, in terms of challenges, but also opportunities in this area too. And just the acceleration of different trends, you know, around diversity and security. I think it’s massively important.

Sally Eaves (35:21):

What we’ve seen so far today in terms of talking about network modernization, that embedding of security by design, going through those different levels. You know, from networks, application to processor, biometric security there, but just breaking down some of the silos we’ve had in the past, seeing that movement to the edge that we’ve been talking about too. But overall, it’s that word coming together, isn’t it?

Sally Eaves (35:41):

Community. Is community get — you know, come together, negate the bag exes, and have the joy of doing that in person and sharing the knowledge for everyone as well. Because again, that’s massively important. If you can’t be there, there’s so much we’ll be sharing from the event, you know. To gain democratize that access to learning about security as well so that everyone can benefit from it. So, yes, I can’t wait. I can’t wait to see you then.

Kevin L. Jackson (36:00):

Oh, no. I can’t wait to see you in IRL. And I know that Helen will probably be joining us on demand because there is a parallel virtual. So, from the on-demand point of view for RSA conference, Helen, what are you looking forward to?

Helen Yu (36:19):

You know, I’m most excited about, you know, the opportunity to learn from industry thought leaders. And then also, network with my peers. And I look forward to hearing what AT&T’s — I heard there’s a major announcement they’re going to make during the RSA. I can’t wait to hear what that is about. Also, you know, I would love to hear more from both of you what you’ve learned from that conference. Unfortunately, I have a conflict — scheduling conflict. I won’t be there in person, but I will be supporting multiple customers remotely to celebrate with all of you during the RSA conference.

Kevin L. Jackson (36:59):

No, great. You know, that’s the power of the network, right? Being to collaborate and communicate in a secure way. So, thank you both for sharing your tremendous insight. Unfortunately, that kind of brings us to the end of the AT&T Business Biztalk on cybersecurity and network modernization.

Kevin L. Jackson (37:26):

For more information, please download the AT&T cybersecurity insights report and visit the AT&T booth if you’re going be at RSA Conference 2023. And make sure you tap me on your show, I’d love to talk to you. The link for the cybersecurity insights report and the information the AT&T booth is provided.

Kevin L. Jackson (37:58):

So, you should also be on the lookout for the next BizTalk Twitter chat that’s coming very, very soon. So, from all of us here at AT&T Business, this is Kevin L. Jackson wishing all of you a bright and transformational future. We’ll see you next time on AT&T Business BizTalk.

Outro (38:24):

Thank you for supporting Digital Transformers and for being a part of our global Supply Chain Now community. Please check out all of our programming at supplychainnow.com. Make sure you subscribe to Digital Transformers anywhere you listen to or view the show, and follow us on Facebook, LinkedIn, Twitter, and Instagram. See you next time on Digital Transformers.