Navigating Today’s Security Challenges at InfoSec World 2022

The Center for Internet Security (CIS) is excited to sponsor and attend InfoSec World 2022 on September 26-28 at Disney’s Coronado Springs Resort in Lake Buena Vista, Florida. Our team will be stationed at Booth 706. There, they’ll be helping conference attendees address their cybersecurity challenges of tomorrow.

Why InfoSec World 2022 Is Important to CIS

Back in person for its 28th year, InfoSec World 2022 has a number of themes lined up that hold special significance for CIS. One of those themes is "Cloud Security." This is important because cloud adoption is accelerating rapidly in virtually every industry – and so it's a significant source of risk. Indeed, Gartner forecasted that global end-user spending on the public cloud will grow 20.4% in 2022, reaching $494.7 billion by the end of the year. (That's up from $410.9 billion in 2021.) As of August of this year, however, Ermetic found that only 20% of smaller organizations had deployed repeatable, automated, and integrated cloud security capabilities.

CIS Hardened Images, virtual machine (VM) images which are hardened in alignment to the CIS Benchmarks, can help mitigate this very real risk. Organizations can use the CIS Hardened Images to minimize instances of misconfiguration and human error in their cloud environments, thus helping to significantly reduce common threats such as malware, insufficient authorization, and remote intrusion. CIS Hardened Images receive updates to address software patches every month, and they are available in the major cloud marketplaces.

Another theme that we'll be focusing on at InfoSec World 2022 is "Hackers & Threats." As we've learned through our Community Defense Model (CDM), the top threats confronting organizations today consist of malware, ransomware, web application hacking, insider and privilege misuse, and targeted intrusions. Obviously, these threats employ various techniques to establish a foothold in an organization’s environment, circumvent their defenses, and threaten their sensitive data. Not all organizations have the internal expertise to defend themselves against these actions.

We're working every day to address this challenge by continually developing security best practices such as the CIS Critical Security Controls (CIS Controls). These security measures fall into three Implementation Groups (IGs) that organizations can use to prioritize their implementation efforts. When getting started, they can use Implementation Group 1 (IG1) to chart a path to achieving essential cyber hygiene, thereby defending against at least three-quarters of attacks involving the threats mentioned above.

The CIS Controls are available to everyone at no cost. For an additional fee, organizations can become a CIS SecureSuite Member and optimize their use of these security best practices. As an example, CIS SecureSuite Membership comes with access to the Pro version of the CIS Controls Self Assessment Tool (CIS CSAT). This resource enables Members to identify where they've already implemented CIS Controls (and their respective Safeguards), and it helps them focus on areas where they may have weaknesses. In doing so, CIS CSAT Pro provides a means of maximizing limited cybersecurity resources and growing an organization's cybersecurity maturity.

A Wide, Open InfoSec World

If you’re attending InfoSec World 2022, we encourage you to visit us at Booth 706. We’ll be more than happy to help you address your concerns associated with cloud security, hackers and threats, as well as other pressing information security issues.

Haven’t reserved your spot at InfoSec World 2022? Registration is now open!