Cybersecurity Insights with Contrast CISO David Lindner | 11/22/24

Insight #1: CISO-less companies, you’re playing with fire

Only 45% of American companies have a chief information security officer (CISO), according to new research. It’s time to ask a hard question: Are we serious about cybersecurity, or are we gambling with our future? The absence of a CISO signals a glaring vulnerability, especially if we’re in a regulated industry, scaling fast or already dodging cyber threats. Every breach, every misstep, is an avoidable crisis waiting to blow up. Let’s stop rolling the dice and prioritize leadership that puts security at the forefront — before we’re forced to clean up the mess.

Insight # 2: Let go of outdated scanners, (safely) grab onto the AI future

Why cling to outdated tools — such as Static or Dynamic Application Security Testing (SAST/DAST) — that are on the verge of irrelevance? AI-powered large language models (LLMs) — including Google’s Big Sleep and Team Atlanta’s Atlantis — are disrupting the status quo with faster and more accurate vulnerability detection, while runtime solutions like Application Detection and Response (ADR) provide the dynamic protection modern applications demand. The future isn’t just AI — it’s AI combined with runtime defenses, creating a proactive and adaptive security strategy that leaves traditional tools in the dust.

Insight #3: Get ready for basic dev mistakes turning into major legal/financial pain

The Palo Alto zero-day debacle — attributed to “basic dev mistakes” — is a wake-up call. These mistakes are no longer just embarrassing; they’re a liability. With movements like the EU Product Liability Directive, the stakes are higher than ever. It’s not just about accountability; it’s about protecting the business from real legal and financial consequences. Secure coding, rigorous reviews and proactive risk management aren’t optional: They’re survival.