Page 45 - Cyber Defense eMagazine August 2024
P. 45

Finding the golden source of truth

            Ultimately  the SEC’s regulations  provide greater transparency,  and give investors  a fuller picture of an
            organization’s cyber risk posture and what they are actually investing in. But this will put some CISOs in
            a delicate position. While investors will be put off by what they see as a poor posture, the SEC will come
            down hard on inaccurate reports. Yet this doesn’t mean those CISOs are in an unwinnable Catch-22.

            Instead, as the stakes keep getting higher, CISOs need a system of record they can trust to ensure they
            are reporting accurately and in good faith. A unified view of every asset throughout the business – where
            it sits, who owns it, and who is responsible  for its security – will let CISOs turn the lights on. They can
            sue  this contextual  data  to quantify  risk,  plug  gaps,  and tell  a story  to the  board  and ERM  team  in a
            language they’ll understand.

            The upshot of this should be a culture of accountability,  where CISOs can hold colleagues  responsible
            by translating security into the language of technical and non-technical stakeholders alike. Each will have
            their own relevant view of the same golden source of truthful data, and CISOs can use this to guide their
            actions.


            CISOs  can then  protect  themselves  on  all sides:  showing  they have  taken  every step  to improve  risk
            posture, demonstrating  this improved posture to investors, and presenting the most accurate picture to
            the SEC.

            EDITOR’S NOTE: Prior to publication of this issue of Cyber Defense Magazine, a major portion of the
            SEC action was rejected by the Federal District Court. https://www.msn.com/en-
            us/money/companies/solarwinds-defeats-part-of-sec-s-fraud-case-over-hack/ar-BB1qedHX

            “The SEC’s claim that SolarWinds didn’t reveal to shareholders the full scope of the attack was based on
            “hindsight  and  speculation,”  U.S.  District  Judge  Paul  Engelmayer  wrote.  However,  the  judge  let  the
            agency’s  lawsuit  proceed  based  on  other  claims  SolarWinds  made  before  the  attack  about  its
            cybersecurity defenses and risks.”






            About the Author

            As the Chief Customer Officer at Panaseer, a leading cybersecurity analytics
            platform,  Brian Levin leads the go-to-market  (GTM) strategy and execution
            for  marketing,  sales,  and  customer  success.  He  has  over  15  years  of
            experience  in scaling  early-stage  B2B  SaaS  companies,  achieving  growth
            rates  of 30-200%  annually  at  scales  from  $4M-$150M  ARR.  Brian  can be
            reached    online   at   LinkedIn   and    at   our   company     website
            https://panaseer.com/.








            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          45
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   40   41   42   43   44   45   46   47   48   49   50