M+E Connections

When it comes to cybersecurity, companies continue to make some of the same basic mistakes, according to Jonathan Nguyen-Duy, VP, Global Field CISO at Fortinet.

“I’ve got no slides and I’ve got about five minutes to talk about cybersecurity,” he said April 17, during the 2023 edition of CDSA’s Content Protection Summit at NAB (CPS@NAB).

Fortinet is “really excited to be here; we want to be your cybersecurity partner,” he told attendees.

“I’ve been doing this for about 25 years now and, when I look at cybersecurity, there are four data points that frame my perspective,” he said.

“The first is that 99 percent of all the vulnerabilities that were exploited last year were known for at least a year,” he told attendees. “So we fail on basic things,” he pointed out.

The second key data point is that 83% of “all data breaches were caused by simple human error,” while “the third stat is that 43 percent of all cloud breaches are caused by misconfigurations.”

Meanwhile, “in cybersecurity there’s this thing called a curve,” he explained. “It starts off with blind. We go to reactive and proactive and hopefully predictive.”

And that led to the fourth important stat, which he said is that “72 percent of all data breach notifications were not done by the internal security, meaning that we’re blind in most cases.” Those notifications tend to be “done by law enforcement, researchers and sometimes the ransomware notice,” he pointed out.

“So that’s where we are in cybersecurity,” he said, before telling a couple of stories, outlining “some of the perils in cybersecurity, why we get things wrong, and I’ll give you a story about where I think the marketplace is going.”

He reflected back on his time spent as a foreign service officer “working on counterintelligence and things of that nature,” and running across Chinese intelligence organisations that use artificial intelligence to help spy on people. He went on to point to the many stupid mistakes we often make that end up in embarrassing incidents like the recent, widely reported one about the 21-year-old Air National Guardsman who divulged information threatening national security.

“There’s fundamental controls in cybersecurity about visibility” that he said are “failing us.”

At Fortinet, he went on to explain, “in a nutshell, we are arguably the leading pure play cybersecurity company in the industry [and] what we do uniquely is that we integrate networking with security stacks with the “largest public clouds in the world.”

To view the session, click here.

The 2023 Content Protection Summit is presented by Fortinet and sponsored by Convergent, Signiant, Verimatrix, Eluvio, NAGRA, PDG Consulting and EIDR. The event is produced by MESA, in association with NAB and the Content Delivery and Security Association (CDSA).