Near the end of May, news broke of a massive botnet targeting more than 500,000 routers targeted for infection. It was believed that the attack, known as VPNFilter, was part of a lead-up to a cyberattack on Ukraine, planned to coincide with the final match of the soccer UEFA Champions League Competition. The incident sparked discussion among cybersecurity leaders at The Wall Street Journal’s WSJ Pro Cybersecurity Executive Forum. There, they discussed how to address the growing concerns stemming from nation-state and other types of cyberattacks that take advantage of the interconnectedness of society.

According to The Wall Street Journal, Robert Hannigan, former director of the U.K.’s largest intelligence and cybersecurity agency, sees challenges ahead for businesses as they struggle to manage and understand attack surfaces: “He predicts there will be more subversions of supply chains, IoT, infrastructure and hardware in the coming years.”

Five insights emerged from the forum:

  1. Sharing information is critical. Hannigan underscored that businesses need to share cyberattack information with regulators. Burying the information is not constructive.
  2. Encrypting data should not be overlooked. Data encryption can be an effective safeguard when it comes to data protection.
  3. Educating employees is not a nice-to-have. People are part of the problem and the solution when it comes to cybersecurity. Xerox CISO Alissa Johnson visits employees who fall for internally conducted spearphishing tests. In addition, she drills the company’s CEO, leadership team, and the board.
  4. Holding manufacturers responsible will effect change. Makers of devices need to be held more accountable for the security integrity of their products.
  5. Having a healthy respect for paranoia can keep you on your toes–and your organization secure.  Quoting Jaya Baloo, CISO for KPN Telecom, The Wall Street Journal writes, “I am professionally paranoid. I see that as the job title of a CISO, you get paid to worry about things that people don’t usually worry about.”

Get the full story at The Wall Street Journal.