“Ransomware is everybody’s problem. There is no organization, big or small, in any particular country or line of business, that can consider themselves to be immune to this threat.”

“Ransomware attackers are increasingly not just focusing on data encryption, but now we’re hearing of them using data theft as a lever to get their victims to pay up.”

“You can have all the tools in the world, and despite the claims of some security vendors, there is no one tool that can protect against this threat. Ransomware defense is an organized program of activities, monitoring and training.”

“Backups are essential, but the threat of data exfiltration is becoming so increasingly common that you need more.”

“Ransomware is a business resilience issue, and the way that organizations respond needs to be everyone’s problem.” 

“Doing the security fundamentals well, although it doesn’t specifically address ransomware, makes your organization more resistant in general.”

“Plan for a secure isolated recovery environment, if for nothing else than to keep from inviting the attacker right back in when you think you have shut them out.”

“If you can move to a situation where your attack surface is so high that only a sophisticated zero-day or an intelligence agency in another country is able to get in, you’ve broken 90% of the threat actors on the internet.”

“The goal of vulnerability management is not to patch the most vulnerabilities, but rather to identify and address the threats that are most likely to be exploited against that particular organization.”

“Attackers primarily focus on a small number of vulnerabilities that can be reliably exploited at the lowest cost to achieve their outcomes.”

“Participation in vulnerability management is hybrid. It does not need a dedicated team residing directly in a security operations center, but rather a combination of stakeholders from various business units who would be able to make decisions at every stage of the vulnerability management process.”

“There is no way to manage exposure without proper visibility.”

“You cannot boil the ocean. Determine the high-value assets and where critical data is located and focus efforts there.”

“Privacy is - above all things - personal and goes beyond simple compliance.”

“This year’s top trends in privacy comprise the critical levers you need to engage over the coming 24 months to manage liability and promote trust when handling personal information.”

Data localization. This is driven by state security, intelligence gathering, protectionism and globalization. Data localization planning will shift to a top priority in the design and acquisition of cloud services.  

AI governance. This means understanding the impact and risks of processing large amounts of data through AI-driven decision engines, which will make up the vast majority of decisions that organizations make.

Centralize privacy UX is a one stop shop where organizations provide users with transparency on what data is held and how it is used, allowing them to exercise their privacy rights and maintain control over their information.

Hybrid everything has implications on everything we do, including raising privacy risks across the enterprise at the personal, organizational and consumer levels.

Privacy enhancing computation. Such techniques protect personal and sensitive information at a data, software or hardware level, and  securely share, pool and analyze data without compromising confidentiality or privacy.