…with Jaime Chanagá, field CISO at Fortinet for Latin America and the Caribbean

The threat landscape continues to evolve and 2023 is predicted to bring forth both old and new threat tactics.

Chief information officers (CIO), chief information security officers (CISO) and their teams are being asked to overcome significant challenges as they work to manage business-critical initiatives such as securing work-from-anywhere, enabling digital acceleration, staying ahead of increased cyber risk, and supporting sustainability goals. They must do this while managing around a global skills shortage.

To gain insight into tips and strategies to keep in mind for the new year, Fortinet’s Field CISO Jaime Chanagá shares thoughts about the current cybersecurity environment and provides best practices for CISOs to strengthen their security posture for 2023 and beyond.

How do you see the current cybersecurity environment?

Jaime Chanagá (JC): In 2022 I had the privilege of travelling to over 10 countries in Latin America, the Caribbean and Canada to speak with senior executives and organisations in a variety of industry sectors. Most C-level executives, including CEOs, CFOs, and board members, have the same concerns that CISOs, CSOs, and CIOs share. The top three concerns for their businesses are:

1) business resilience

2) cybersecurity capability & maturity,

3) human resources challenges for acquiring, training, and retaining cybersecurity talent

What is top of mind for customers?

JC: The current cybersecurity environment is in the top of mind for many customers. They are concerned about the increasing number of cyberattacks and the evolving nature of threats due to digital transformation. In addition, during the pandemic, customers rapidly transformed their organisations in order to survive the business environment. Some organisations are learning about additional challenges they now face resulting from this change.

We hear often that cyber risk is escalating, do you agree?

JC: Overall, cybersecurity risks are increasing. Let’s compare, for example, the adoption of new technologies such as artificial intelligence (AI). While some organisations have not yet adopted AI-based technology, cyber adversaries have and are using it to challenge today’s cybersecurity defences. That said, it’s important for organisations to consider adopting AI to defend against increasingly sophisticated cyberattacks. Bad actors now have more ways to penetrate an organisation’s environment due to the increasingly extensive use of remote access with work and learning from anywhere. For example, some applications are designed to be 100 per cent cloud-native and store data in multiple uncontrolled environments. Also sometimes Internet of Things (IoT) sensors are placed in critical infrastructure without proper segmentation.

Most importantly, cyber risk is increasing due to the lack of security awareness training for remote employees, which can then leave employees vulnerable to phishing attacks. Organisations should consider implementing training and awareness programmes for their employees to ensure the safety of people, data, and devices.

What is one cyber solution that really made a difference for customers and partners this year?

JC: Organisations that have invested in human intelligence and AI-powered services and solutions are finding the best value for their operations. For example, FortiGuard AI-powered solutions start with a world-class global team of cybersecurity researchers, innovate with advanced technologies such as AI and machine learning, and expand our knowledge with hundreds of international partnerships for cyber risk and threat intelligence research.

Next week we talk recommendations…