Executive Alliance Blog 2020

Cybersecurity in 2019: Threats, Risks and How to Protect Your Crown Jewels

Jul 26, 2019 10:24:23 AM / by Rachel Wilson

Rachel Still_2
Cyber attacks in 2019 are a question of when, not if. The volume of malicious cyber activity is higher than ever before, and the range of cyber actors continues to grow. In 2019, we have nation states using their cyber capabilities to steal money to fund their governments or in retaliation for economic sanctions. We have organized criminal syndicates using cyber means to commit crimes on a global scale. We have cyber-enabled fraud targeting the retail industry at a mind-boggling scope, scale and velocity.

With advanced cyber capabilities now widely available, cyber actors are increasingly taking an opportunistic approach to their targeting.  Conducting scans of broad swaths of the internet, they exploit any vulnerable entity they can find, and then figure how to monetize any access they gain. Companies, institutions, and individuals that never imagined they would be cyber targets are finding themselves in the crosshairs.

Fortunately, there are steps we can all take to make ourselves and our companies harder targets and I am looking forward to talking about all of this at the Executive Alliance Security Leaders Summit on September 12th at the Grand Hyatt in New York. I came to the private sector two years ago after 15 years at the National Security Agency (NSA) where I spent nearly five years running NSA’s cyber exploitation operations mission. My job now is to leverage all of that offensive experience to help all of us play better defense. I look at networks, systems, and applications through the lens of the adversary, and identify attack scenarios to the business. For me, it’s never about checking the box or pushing the paper - it is all about measurable, demonstrable cyber risk reduction.

In my talk entitled “Cybersecurity in 2019: Threats, Risks and How to Protect Your Crown Jewels”, we will deep dive into many of the problems that are vexing to all cybersecurity professionals right now.  How do I help my Board of Directors understand the current cyber risk environment? What does cyber resiliency really mean? Am I spending enough on cybersecurity, or am I perhaps spending too much? Are all of these buzzwords - blockchain, quantum computing, artificial intelligence - relevant to the security of my company? Is SecDevOps really a thing? We will talk about the pragmatic steps we can take to increase the efficacy of our existing controls while reducing business friction and employee pushback. We will expand on getting buy-in for the security program from the business, and on driving client and customer adoption of strong authentication technology.

From cyber strategy and governance, to “build versus buy”, to managing third party and vendor risk, to hiring and retaining a world-class cybersecurity team, I am excited to share with all of you the best practices that are working for me and for other experts.


Topics: Leadership, Security Leaders Summit, cybersecurity, New York Fall 2019, Threats, Risk

Rachel Wilson

Rachel Wilson

Rachel Wilson is the Head of Cybersecurity for Wealth Management and Investment Technology and is responsible for protecting the cybersecurity of Wealth Management and Investment Management systems and the integrity and confidentiality of Firm and client data. Rachel advises the leadership of Wealth Management and Investment Management on cybersecurity issues ranging from secure code development standards, secure network architecture, vendor relationships, Advanced Persistent Threat (APT) detection, and mobile security. Rachel leads Field and Client education and communication on cyber risk, threats and mitigations. She and her team drive innovation for new cybersecurity and authentication technology. Rachel joined the Firm in April 2017 after nearly 15 years at the National Security Agency (NSA). Over the course of her NSA career, Rachel held several key senior executive level leadership positions. Between 2008 and 2010, she ran NSA’s counterterrorism operations and led a global enterprise in detecting and disrupting terrorist plotting against the United States and its allies. Between 2010 and 2012, Rachel served as NSA’s Chief of Operations in the UK working out on the US Embassy in London. In this role, she worked with UK intelligence services to counter terrorist and cyber threats to the 2012 Olympics. Returning to the US in 2012, Rachel spent nearly five years leading NSA’s cyber exploitation operations as the Deputy and then Chief of the Remote Operations Center with NSA’s Tailored Access Operations. In this capacity, she led the planning and execution of thousands of cyber exploitation operations against a wide array of foreign intelligence, military, and cyber targets and served as the committing official for many of NSA’s highest risk and most important intelligence gathering activities.