DFW-based Cloud Communications Group has secured a powerhouse in the cyber technology industry with the appointment of James Beeson as its new executive cyber advisor.

Cloud Communications Group oversees intricate IT infrastructure transformation projects by organizing all the elements of the project, offering valuable guidance and assistance, and enabling clients to make quicker and more well-informed technology choices.

“James Beeson’s appointment underscores our commitment to providing outstanding technology advisory services to our clients,” stated Keith Hatley, co-founder of Cloud Communications Group in a news release.

“His expertise and leadership, combined with our strong customer-focused approach, will help our clients address their most pressing technology challenges and transform their IT infrastructure,” added Hatley.

Beeson is no stranger to navigating today’s complex technology landscape.

Beeson has over 34 years of expertise in cybersecurity and technology. He was formerly the global chief information officer and senior vice president at The Cigna Group. Prior to this, Beeson amassed a distinguished 20-year career at General Electric, where he acquired substantial knowledge in cybersecurity, infrastructure, governance, and risk management.

Throughout his distinguished career, Beeson has been recognized as an expert chief information security officer (CISO), winning the title of Dallas CISO of the Year in the super global category in February 2024. He was also inducted into the CSO (chief security officer) Hall of Fame in September 2022 and was previously honored as a Top 100 CISO by CISO Connect in 2021.

The Dallas Express visited with Beeson and asked him to examine society today through his cybersecurity lens in layperson’s terms.

Beeson explained that for most companies, four macro factors drive security programs: the threat landscape, prescriptive regulations, digital transformation, and dependence upon the technology ecosystem.

“The threat landscape is getting worse. It is bad. There are billions of dollars in the threat landscape. A lot of this comes from four big players: China, North Korea, Iran, and Russia,” said Beeson. “Those big four is where a huge percentage of the activity is coming from.”

Second, due to the security landscape’s increased vulnerability from heavy hitters with deep pockets, “clients, customers, and regulators are now becoming much more prescriptive about what they are accepting from a company from a cybersecurity perspective,” he said.

Beeson gave the example of the SEC directing public companies, mandating certain levels of security posture, and regulating notifications if an incident occurs. At the same time, certain divisions within a company, the insurance department, and other players may also have their own set of reporting structures for cybersecurity incidents.

“The point is there are a lot of customers and regulators that are demanding particular things of a cybersecurity program for companies, which incorporates a lot of variation,” said Beeson, “and variation creates costs.”

Third, “every company on the planet is somewhere on the journey of digital transformation,” said Beeson. “There is almost nothing you can do in life anymore that doesn’t require software.”

“When the pandemic started, everyone had to accelerate their digital capabilities because no one could go anywhere. …This has created more cyber risk,” explained Beeson.

As a result, the fourth macro factor is that “all companies have become a lot more dependent upon the technology ecosystem,” he said.

When asked about specific challenges companies are currently facing within the realm of the four macro forces driving cybersecurity programs, Beeson listed generative AI, regulatory unknowns, lack of a cyber-savvy workforce, understanding the digital ecosystem, and preparedness.

“The bad guys are already leveraging generative AI, creating more phishing campaigns; the phishing campaigns are crafted better, and they can do them in greater volume,” explained Beeson. “This is a risk factor of generative AI.”

Regarding regulatory unknowns, Beeson said that “most companies know the regulators are going to show up and put some restrictions on what you can and can’t do with generative AI. So, to me, if you are a big company, this is another risk because you don’t know what the regulators are going to do.”

Beeson stressed the need for “training, education, and awareness for the end user.”

“Every company needs to be pushing hard to create a cyber-savvy workforce. This is easy to say, but not easy to actually pull off,” cautioned Beeson.

When asked why making the end user more cybersecurity-aware is a challenge, Beeson said that “most people will choose speed and convenience over security,” noting that companies must help employees find the right balance and train them in what to look for to make sure security is a priority.

“Data has clearly shown that for at least 10 years, somewhere between 80 and 85% of all breaches start with someone doing something they shouldn’t have,” explained Beeson. “Whether malicious or accidental, somebody did something wrong 8 out of 10 times.”

“All that being said education is clearly one of the keys to success” when it comes to protecting companies from cyber threats, explained Beeson.

Digital ecosystems, a.k.a. supply chain, is another component that has changed the technology landscape and “has grown significantly since the pandemic back in 2020,” said Beeson.

“All companies now are connected digitally to thousands, sometimes hundreds of thousands, of different company suppliers, clients, customers, brokers, legal firms. I call this the Frankenstein technology ecosystem,” said Beeson.

Beeson explained that in the last five years, the incidents and events that have occurred in cyberspace have flipped: “Five years ago, 80% of the time a cyber-related event or incident was internal; 20% external. That has 100% flipped today.”

“Companies need to make sure they are doing business with other companies that have at least some levels of cybersecurity posture,” stressed Beeson. “And companies need to have resiliency, recoverability, built in.”

“If you are a company, you need to be able to look across that ecosystem and understand where fragility is that is critical to your operations,” said Beeson.

A component of becoming a student of the technology landscape is being “prepared for an event,” specifically for ransomware. “If you haven’t had an event, you’re going to,” said Beeson.

Companies need to “have time to detect something going on in their environment and time to react or contain whatever that is,” explained Beeson. “At the end of the day, that comes down to preparedness and recoverability.”

“Nothing beats preparedness more than practice,” stressed Beeson. “Tabletop exercise, tabletop exercise, tabletop exercise.”

Beyond the macro players and the risks that threaten cybersecurity, Beeson notes the importance of building trust with critical stakeholders.

“You have to be the trusted partner and build strong trust relationships. I help businesses understand the variables from a cybersecurity perspective related to our environment to help them make the right decision for their company,” said Beeson, noting that trust is essential.