Cyber Risks

BitSight EXCHANGE Sound Bites: Closing the Cyber Risk Gap

BitSight | December 26, 2018

In the months since BitSight’s inaugural EXCHANGE forum inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together security executives from all over to discuss the challenges they face in their roles every day.

One discussion that stood out was the conversation between Niloofar Razi Howe (Former CSO of RSA) and Venky Ganesan (Managing Director of Menlo Ventures) about today’s threat landscape and closing the cyber risk gap.

 

“In our industry, in cybersecurity, we're plagued by the exact same issue, which is too many organizations find themselves unable to understand the business implications, the risk implications, from the technical details of the issues that they face. Now, 10, 15 years ago, cybersecurity was on... Actually, at this point, I've been in this industry for a long time too. I should say 15, 20 years ago. Our industry was a dark art. There is no question about it. The security officers were in, you know, the bowels of IT departments solving very, very technical problems. But today, it's not a dark art anymore. It's a business problem. It's about managing risk.” 

 

“So many aspects of our lives are instruments. They're monitored, they're analyzed, all to help us make better decisions, right, about our health, about how we get to places, our living conditions, how we manage and how we use our time. As business leaders, we drive productivity. We drive profitability. We drive growth. We drive innovation by embracing technology. As you look forward, our personal and our professional lives are gonna only become more dependent on cyberspace as we embrace these new waves of technology. And the network effects are going to be absolutely pronounced.”

 

“So, what has all this investment done for us? Well, the problem is if you look at the threat landscape, it doesn't feel like it's done a whole lot for us, right? In 2017, there were over 53,000 security incidents. There were over 2,000 data breaches in over 65 countries, all of it with unprecedented implications. We saw with Mirai Botnet that your toaster could be turned into an attack vector to take down Twitter. And yet, we still are connecting devices to the internet at an unprecedented rate. J.P. Morgan, Yahoo, Equifax, basically the entire Western world, has been breached. Phishing is fascinating too. And I think someone touched on this earlier.”

 

“And, of course, enterprises have to think about this as risk management to protect the things that matter most. And once we start connecting the dots, right, as government and industry start coming together, we all have information. Sharing that information becomes more valuable. That's when we really close the gap.”

Thanks to Niloofar and Venky for an insightful discussion. 

Read the recap of the inaugural BitSight EXCHANGE forum. 

Suggested Posts

Protecting Sensitive Data: 4 Things To Keep In Mind

Given the recent security breaches and reported hacking attempts, it is increasingly important for companies to have a handle on their most sensitive data. Sensitive data can include employees’ personal information, customer information,...

READ MORE »

Secure Remote Work: New Threats Require a Shift in Policy and Training

Working from home introduces significant cyber risk to any organization. However, recent events reveal that it’s not a case of “if” but “when” bad actors will exploit the rampant vulnerabilities on home networks.

READ MORE »

Get Ahead of the Quantum Computing Security Threat

Quantum computing has the ability to change the world, both for better and worse, and while it may be far off in the future, security teams need to start preparing for the new reality it will usher in.

READ MORE »

Subscribe to get security news and updates in your inbox.