With over three decades of experience under her belt, Mignona Coté, Global Chief Security Officer at NetApp, discussed the so called ‘basics’ of cybersecurity to the intricacies of ransomware and AI integration.
Adapting to Threats
Coté reflected on the significant changes she has witnessed in the last 30 years. She reminded me of the growing complexity in the cybersecurity arena, where even basic principles, though still essential, are often bypassed by sophisticated threat actors. Coté reminded me that threats today are more intricate because adversaries now understand the fundamental defences businesses rely on.
“We still have phishing problems… 80% of the hackers are still getting in with bad passwords,” Coté pointed out.
She expressed a sense of frustration and responsibility for the industry’s slow adoption of fundamental practices like secure passwords and multi-factor authentication (MFA).
The Basics are Not So Basic
‘Basics’ is a term that many still find challenging to implement effectively. Coté drew a parallel to an analogy, comparing cybersecurity practices to dental hygiene—basic yet frequently neglected tasks like brushing your teeth.
Reflecting on her experienc , Coté recounted how some companies would rebuild their environments daily to ensure they were secure. This analogy extended to how businesses should approach patching and updates, pushing for automation to make it seamless and routine – just like brushing your teeth.
Automation in Security
Automation in cybersecurity is the only way forward – even if practitioners may not like the need to relinquish control and allowing automation to do the heavy lifting.
Coté asserted, “We’ve got to make it so you don’t have to think about it.”
She likened it to using voice commands for home automation, reminding me that the convenience of automated systems can transcend into cybersecurity practices, making life easier for security divisions.
Ransomware Defence with Intelligent Data Infrastructure
Addressing the rising concern of ransomware, Coté shared NetApp’s roadmap including their ransomware guarantee. She elaborated on the company’s approach involving Cloud Insights to detect abnormal traffic patterns and autonomous anti-ransomware mechanisms.
Coté explained, “We have an automatic image of that data taken on intervals… so that should an actual ransomware attack happen, then it’s recoverable.”
The Emotional Toll of Cyberattacks
The emotional and operational toll ransomware attacks can impose is sometimes uncounted for when it comes to cybersecurity. The Cybersecurity Executive recounted stories from industry colleagues who faced overwhelming stress and overwhelming feelings during such incidents, despite having strong business continuity planning in mind. Coté’s painted a picture of the stress that is involved, particularly for non-regulated industries that might not have as many eyeballs overlooking them.
Raising Awareness and Changing Behaviour
The on-going challenge of ensuring compliance with basic cybersecurity practices, particularly among startups and non-regulated industries. Coté walked through the need for education and scenario testing to drive home the importance of preparedness, something that is easier said than done.
“If you go through that one time of having to do something, you can’t do it, then you retain it,” she noted, stressing the value of practical lessons to foster better security habits.
AI’s Role in Enhancing Cybersecurity
AI’s potential in fine-tuning controls for better precision and efficiency, noting that it aids both detection and recovery. However, Coté also cautioned that the same advancements in AI that benefit defenders are being leveraged by attackers, which means we need to stay ahead of the curve.