Successfully Navigating the Modern Cybersecurity Landscape
Recently, more than 100 Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), and other C-Suite Executives from across the Americas convened to address the rising tide of cyber threats and the transformative impact of AI on cybersecurity. The gathering took place in Nutanix Masterclass, an exclusive, invitation-only forum known for fostering global thought leadership and executive education.
Masterclass brings together industry leaders, successful C-Suite and senior IT executives, leading academics, and best-selling authors, to tackle their most urgent technology and business challenges, collaboratively seeking the most effective solutions.
The Masterclass was taught by Robert Duncan, CISO of the Ardagh Group and Dr Art Langer, Director of Northeastern University Center for Technology Management and Digital Leadership. Also in attendance was Rami Mazid, CIO of Nutanix. Key teachings from this Masterclass included the following:
Artificial Intelligence (AI) is significantly reshaping the cybersecurity threat environment. As a result, Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and their C-Suite counterparts are compelled to modernize their strategies to safeguard their organizations, customers, data, and supply chains.
Robert Duncan, CISO at Ardagh Group, an international manufacturer, highlights the unprecedented rate of knowledge growth: "Until 1900, knowledge doubled once every 100 years; by World War 2, it was every 25 years, and now it's annually. This is thrilling but daunting for a CISO." The advent of Generative AI has exponentially increased the access and manipulation of information, thereby escalating the variety and sophistication of cyber threats. Duncan notes, "Your ability to defend the company has become quite difficult."
Dr. Art Langer from Northeastern University adds that beyond AI, the rollout of 5G and upcoming 6G networks will amplify connectivity and sensor usage, further challenging traditional operational models and applications. This connectivity surge inevitably broadens the threat landscape CISOs must manage.
Legacy Systems and Outdated Practices
Duncan points out that not only do new technologies pose risks, but existing, outdated technologies can be among the most vulnerable. Systems like MS-DOS and Windows XP, still common in industrial settings, cannot be easily patched or replaced, increasing vulnerability when interfacing with modern systems. He critiques the use of outdated security frameworks like the Kill Chain and MITRE Att&ck for not evolving with current tech threats.
Supply Chain Vulnerabilities
The 2023 MOVEit breach demonstrated the interconnectedness and potential impact of supply chain attacks, affecting 60 million people. Duncan stresses the importance of CISOs considering the broader supply chain in their security strategies: "Impacts are unavoidable; CISOs must look beyond just their organization."
Economic Impact of Cybersecurity Breaches
Rami Mazid, CIO of Nutanix, discusses the financial implications of cyber incidents: "One incident can decrease company valuation by 20% within 24 hours." Duncan quantifies this for Ardagh Group, estimating a loss of $40-$50 million from a few days' disruption. He references the NotPetya attack as a reminder that even indirect attacks can cause widespread damage.
Strategic Shifts in Cybersecurity
The discussion turns to the necessity of adapting cybersecurity strategies:
Budgeting: Mazid notes that cybersecurity now consumes 20-25% of IT budgets, a significant increase from historical levels. However, Dr. Langer cautions that merely increasing budgets won't suffice; adaptability in resource allocation is crucial.
Organizational Structure: Duncan criticizes the traditional placement of cybersecurity budgets under IT, suggesting that security should be considered broader than IT alone.
Building Cybersecurity Resilience
In response to these challenges, there's a shift towards building cybersecurity resilience:
Board Awareness: Duncan observes an evolution in board-level understanding, moving from blame to support when vulnerabilities are identified.
Proactive Security: There's a transition from a reactive 'no' to aligning security with business risk tolerance, allowing flexibility where necessary to meet market demands.
Technological Advances: Technologies like segmentation, zero trust, and AI are pivotal in enhancing security. Duncan praises AI's capability, likening it to what a human analyst might accomplish in hours, AI does in seconds.
Conclusion: A Strategic Playbook
The article concludes with Duncan advocating for a comprehensive cybersecurity playbook utilized by the entire C-Suite, emphasizing that cyber incidents are inevitable. This playbook should include cyber risk quantification, helping to model risks statistically and align cybersecurity investments with business priorities, considering both security and revenue implications.
Closing Thoughts:
With AI and other emerging technologies, the role of CISOs and the broader C-Suite community is not just to defend but to lead in understanding and harnessing these technologies for organizational resilience and growth.
©2025 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Kubernetes is a registered trademark of The Linux Foundation in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). Certain information contained in this publication may relate to, or be based on, studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this paper, they have not independently verified unless specifically stated, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.
