Page 54 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 54
Despite advances in technology, most organizations lack continual, real-time monitoring of cybersecurity
vulnerabilities or a comprehensive picture of risk across the enterprise. Data needed to assess risk impact
often is collected at a single point in time, assessed manually in spreadsheets, and analyzed in isolated
functional silos. This leaves companies flying blind, lacking a big-picture risk assessment, and likely to
miss emerging issues until they escalate into crises. This traditional approach to managing risk leaves
companies exposed when trying to understand and deal with the ferocity of today’s threats and
challenges.
Reporting to executive teams routinely occurs quarterly, biannually, or annually and lacks a timely, holistic
view of overall enterprise risk, so leaders struggle with risk prioritization and proactive, strategic planning.
Consider this: only 30% of organizations surveyed for PWC’s new 2022 Global Digital Trust Insights
Report quantify their cybersecurity risk.
As a result, in most companies the C-suite lacks the timely information and context they need to make
sound, informed decisions. How big is the threat? How does it compare with other threats on the horizon?
What is the potential impact on the company’s key objectives? Without adequate risk-assessment data
to analyze situations, prioritize responses, set policies and allocate resources, many simply rely on
intuition, best guesses or a stab in the dark.
At the same time, many CISOs also lack a view of the big picture – and, therefore, the ability to confidently
advise the C-suite or direct the info-sec ops team to aggressively target and mitigate the greatest threats.
Timely and comprehensive data, robust analytics, and intuitive data visualization are needed in tandem
to tell the complete story and ensure each group within the hierarchy – leadership, management, and
ops – understands the situation and can fulfill their roles and responsibilities and support each other.
A Universal Translator
To create a common risk language for cross-organizational communication, it is the ability to garner and
analyze data that provides meaning. Comprehensive operational data, information on strategic objectives
and risk tolerances, and real-time monitoring results of cyber risks enables enterprises to quantify,
benchmark, and predict the magnitude and financial implications of threats and vulnerabilities.
In this scenario, a new, powerful methodology — Integrated, Digital Risk Modeling or IDRM — serves as
the universal translator. It enables enterprises to collect and analyze mass amounts of underlying data,
translates it into business intelligence, and presents it in an intuitive visual format – specific to that
stakeholder within the organization. This gives all stakeholders a common narrative, contextual
understanding, and the ability to drill into the information they need to achieve their goals, as well as the
ability to communicate more effectively with each other.
This approach is based on the foundations of IDRM and include the following:
• Inside-Out Modeling: Enterprises use their unique operational data to continuously monitor risk
exposure. This generates instantly actionable organization-specific insights that can’t be achieved
by the more common practice of relying on general industry information.
54