Fortinet hosted its third annual Security Summit during the PGA TOUR's Fortinet Championship earlier this month. More than 500 top executives, global industry experts, and cybersecurity thought leaders gathered at the Silverado Resort in Napa, California, for two days of keynotes, panels, and roundtable discussions on top-of-mind issues around cybersecurity.

Among the topics discussed at this year's event were how to select and integrate AI into your cyber strategy, the importance of building a cyber-risk and crisis-management strategy, creating and leveraging public-private partnerships in fighting cybercrime, and the importance of establishing an effective cybersecurity training program for your employees.

Importance of AI in Cybersecurity

Artificial intelligence (AI) is top of mind for many organizations because it has begun to impact and enrich our daily lives, helping us make better decisions, gather information quickly, and take action without human intervention. Because of its potential, AI is increasingly playing a critical role in detecting and responding to cybersecurity events.

However, there are two sides to the AI coin. It can also be misused, whether intentionally by cyber adversaries or unintentionally by your employees. Jenny Brinkley, Director at Amazon Security cautioned, "With the increase of generative AI across many businesses, security plays a key role in how to educate, advise, and guide users on how to stay safe when using this evolving technology."

Importance of Having a Risk-Management and Crisis Management Strategy

While a lot of attention is paid to buying and deploying cybersecurity technology, it is just as important for organizations to have the right processes in place to know what to do and who to involve when an actual crisis occurs. Key components of this strategy include establishing proper chains of command, authorizing individuals on the front lines to take action, and adequately sharing information between team members or outside agencies. Organizations that don't have a good idea of where gaps in their security and response systems exist run into them during a crisis, and they end up costing significant time, money, and reputation.

One of the most important activities your organization can implement is tabletop exercises. According to General James Clapper, Fortinet PSAC member and former U.S. Director of National Intelligence, "It's critical for organizations to hold tabletops and go through potential scenarios to prepare for crisis, like simulating a ransomware or hostage situation. This should include getting key team members together, including top business leaders such as CEOs, to confirm if your organization has sufficient resilience built into their plan and where the gaps are."

One keynote speaker from the operational technology talk track expanded on this by explaining that everyone has a critical role in an incident response: "Tabletops involving the business are key. It isn't just your problem. A security incident isn't just a tech problem. Leadership and business need to understand their role." But while tabletop planning and wargaming are crucial, they aren't sufficient. During a session about "Cybersecurity 2024 and Beyond: A Customer and Partner Perspective," one of the panelists explained that risk management is not a discipline you do once a year. Organizations' risks change every day-new threats, new vectors, new vulnerabilities, and the risk landscape all change every day. A system must be in place that identifies these changes and incorporates them into an organization's crisis response, resiliency strategy, and game plans.

Security Is Everyone's Job, and Security Awareness Training Can Help

Security technology is only part of an effective cybersecurity strategy that must include products, processes, and people. Because many threats still have a social manipulation element-getting workers to click on a link, download a file, or divulge information-employees are often an organization's first line of defense. But sadly, they are often ignored in cybersecurity budgeting and planning.

In one of Tuesday's sessions about "Cybersecurity 2024 and Beyond: A Customer and Partner Perspective," the panelists discussed how security is everyone's responsibility in an organization, even those that don't have "security" in their title, and how organizations need to help their employees understand this. According to Jenny Brinkley, "Your number one job for your organization as a security leader is teaching other teams how to make better security decisions." And that includes education.

This can include providing annual or quarterly security training modules to help employees see and respond effectively to threats, motivational messages posted around the campus, ongoing anti-phishing campaigns conducted by IT, and, most importantly, communicating the importance of cybersecurity from the top of the organization.

Importance of Private-Public Partnerships and Threat Intelligence Sharing

Cybersecurity is a global issue, and organizations should not try to tackle it alone. There is a good chance that if your organization is under attack, the same thing is happening to organizations across your sector, region, or even worldwide. If public and private organizations don't work together, cyberattacks can escalate out of control.

General Clapper explained that government visibility isn't all-inclusive, so "if we ever did have a large-scale attack on the United States, the first early warning line will most likely be from the private sector. That's why it is vitally important to report events. The private sector has crucial eyes and ears for the government, and timely reporting can help prevent some other organization, whether a business or government agency, being next."

Jim Richberg, Fortinet Head of Global Policy agreed saying, "Sharing threat intelligence between the private sector and the government is essential. While there have been advances in the intelligence community to detect and respond to threats, more work must be done. While CISA, NSA, and the FBI are collaborating, we can't emphasize enough the importance of two-way sharing and reporting between the public and private sectors." Suzanne Spaulding, a Public Sector Advisory Council (PSAC) member and former Undersecretary for the National Protection and Programs Directorate (NPPD) for the Department of Homeland Security, expanded on that idea by discussing how cross-sector partnerships and transparency in what they are seeing (risks, threats, vulnerabilities, and more) help ensure organizations develop and follow "secure by default, secure by design" strategies that include constant assessment and improvement cycles.

Building Cybersecurity Resiliency

From implementing cyber awareness training programs to integrating AI into your cybersecurity strategy, experts offered numerous recommendations throughout the Security Summit to help security leaders enhance their cyber resiliency. Adding to these insights, during the executive panel, Michael Xie, Founder, President, and CTO of Fortinet, also highlighted how a holistic approach, which Fortinet provides through the Security Fabric, enables every element in detection and response to work together and help customers build up their cyber defense. Ken Xie, Founder, Chairman of the Board, and CEO of Fortinet, emphasized the importance of integrating as many functions to work together and centralize into one single platform.

Find out how the Fortinet Security Fabric platform delivers broad, integrated, and automated protection across an organization's entire digital attack surface to deliver consistent security across all networks, endpoints, and clouds.

The Security Summit is made possible in large part thanks to Fortinet's Premier Sponsors.