The Cyber Defense eMagazine November Edition for 2023

More documents

Recommendations

Info

previously disclosed incidents each quarter, annually report on cybersecurity risk management strategy and adopt controls to mitigate cyber risk. Although these new rules and guidelines may seem excessive to some, they’re an essential step towards a stronger and more proactive approach to cyber risk management. Let’s look at a few key takeaways from this ruling and what they might mean to your organization. 1) Organizations should always be audit ready and then some. The primary concern many organizations may have with these new rules is the requirement to report a material incident within four days. This can be difficult if you don’t have integrated systems that share and aggregate data. This can lead to delays in investigations and potentially missing the required disclosure date. To accomplish the new rule’s requirements, organizations need to be proactive in collecting data and continuously monitoring their controls. The bottom line is that auditors and hackers are looking for the same thing - control failures. If organizations are continuously monitoring and testing for them, it’s less likely hackers will find an opening, meaning that audit-ready organizations that are also incident-ready! Being audit-ready means having a holistic approach to security and compliance that includes risk assessment, real-time continuous compliance monitoring, training for employees and effective communication. Having these critical pieces in place and automating the right processes is extremely important for organizations in the wake of this rule because it enables them to meet the reporting requirements faster, with less effort, and with less disruption to ongoing activity. To have the best understanding of where risk lies in the business, organizations should leverage a risk management and compliance tool. By auditing against compliance standards, organizations are able to see where their inherent business risk lies, and in turn, make decisions to remediate that risk and reduce exposure. Additionally, a robust risk management tool will allow security leaders to quickly understand, evaluate and convey the impact of risk on the business aspects they care about the most. 2) Boards need to have a deeper understanding of cyber risk and security than ever before. Part of the rule requires companies to disclose how much the board knows about cybersecurity and how their organization is implementing cybersecurity tactics and best practices. This begins with general education on cybersecurity and the current threat landscape. Organizations can accomplish this with trainings, providing educational materials or appointing an expert in cybersecurity to the board to help guide conversations. This foundational step is critical to acting with purpose. It’s also essential to consider the board members’ awareness of what’s going on within the organization, what initiatives are currently in place and what risks impact success. To do this effectively, security leaders must translate cyber risk and its impact into a language that board members will understand – dollars and cents. Cyber Defense eMagazine – November 2023 Edition 174 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
For example, if a security leader notes a non-conformity with the California Consumer Privacy Act, the board may not know why it is a concern. Instead, communicating that the organization has an increased risk of reputational damage or fines for noncompliance ensures the impact is conveyed and they can invest in the right areas to reduce those risks. Security leaders should re-visit their current cybersecurity plan, showing the board where investments are needed to close the cyber risk gap. 3) The new rules will significantly benefit companies that talk more about their risk. Most importantly, this ruling emphasizes the need to take a proactive approach to risk management. Organizations must understand their cyber risk posture, and the context of their risks, so they are prepared to act if a risk is realized. As the SEC sets this precedent, it benefits companies to make risk a part of every conversation. By doing so, key stakeholders can understand the full impact of said initiatives on the business and propel forward based on those risk-informed decisions. This requires having a 360-degree view of cyber risk and its constituent parts (such as vulnerabilities, threats and third parties) to enable action within the required timeframe. Although these new rules seem scary and intimidating, they are not going to upend enterprises. Ultimately, if companies have been doing what they were supposed to be doing all along, this new timeframe will only further encourage transparency and accountability. With a proactive approach to cybersecurity and risk management, companies will be further prepared to monitor for threats and vulnerabilities, reporting them quickly as they arise. About the Author Meghan Maneval is the Director of Technical Product Management at RiskOptics. She leads RiskOptics’ Technical Product Management team- tasked with developing and evangelizing innovative ways to solve industry problems. Fun fact about Meghan- she was a RiskOptics customer before joining the team! After more than 15 years managing security, compliance, audit, governance, and risk management programs in highly-regulated industries, Meghan joined RiskOptics in 2022 to help drive product innovation and empower our customers to achieve their objectives. Meghan is a passionate security and risk evangelist, DIBs champion, and home-renovation enthusiast specializing in process improvement and program iteration. Meghan enjoys giving back to the security and risk community through blogs, whitepapers, webinars, conference presentations, and podcasts. Meghan can be reached online on LinkedIn and at our company website https://riskoptics.com/. Cyber Defense eMagazine – November 2023 Edition 175 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Artificial Deception: The State Of
Page 3 and 4:
OT Cybersecurity: Safeguarding Buil
Page 5 and 6:
The Crumbling Castle --------------
Page 7 and 8:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10:
Cyber Defense eMagazine - November
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Artificial Deception: The State Of
Page 23 and 24:
Human-in-the-Middle In creating AI
Page 25 and 26:
effectiveness of defenses in place
Page 27 and 28:
this information and related activi
Page 29 and 30:
leading to the potential exploit of
Page 31 and 32:
An Age-by-Age Guide to Online Safet
Page 33 and 34:
Educate: It’s never too early to
Page 35 and 36:
About the Author Chelsea Hopkins is
Page 37 and 38:
Securing Infrastructure Against Bre
Page 39 and 40:
AI And Ad Fraud: Growing Risks for
Page 41 and 42:
enable organisations to make better
Page 43 and 44:
Bolster an Organizational Cybersecu
Page 45 and 46:
in EDP in addition to regular cyber
Page 47 and 48:
prioritize a Secure Software Develo
Page 49 and 50:
6. Deployment: Once the software ha
Page 51 and 52:
Beyond Passwords: AI-Enhanced Authe
Page 53 and 54:
3. Improving the Defensive Cybersec
Page 55 and 56:
7 Steps to Build a Defense in Depth
Page 57 and 58:
The same risks associated with USB
Page 59 and 60:
About the Author Mr. Spears has ove
Page 61 and 62:
As Zombie APIs are essentially forg
Page 63 and 64:
How To Combat the Mounting ‘Hackt
Page 65 and 66:
y pro-Russia hacktivists. These hav
Page 67 and 68:
Unlike IT cybersecurity attacks, wh
Page 69 and 70:
The Cyber Risk Nightmare and Financ
Page 71 and 72:
fell -11.3%, and underperformed the
Page 73 and 74:
DevOps’ Big Challenge: Limiting R
Page 75 and 76:
By making this single alteration to
Page 77 and 78:
ChatGPT For Enterprises Is Here - B
Page 79 and 80:
usiness email communication, data s
Page 81 and 82:
Chromecast End-of-Life Announcement
Page 83 and 84:
Going beyond awareness and fosterin
Page 85 and 86:
But the most crucial innovations ha
Page 87 and 88:
About the Author Vinaya is a highly
Page 89 and 90:
card transactions often comprise a
Page 91 and 92:
About the author Stefan Auerbach, C
Page 93 and 94:
Consider the following data and rea
Page 95 and 96:
4. Create a digital estate plan. Th
Page 97 and 98:
do untold damage to a company’s r
Page 99 and 100:
About the Author Sean Newman is the
Page 101 and 102:
eing monitored to protect against m
Page 103 and 104:
Developers Hold the New Crown Jewel
Page 105 and 106:
the fact that many organizations la
Page 107 and 108:
Expect to Fail: How Organizations C
Page 109 and 110:
The more personnel that you train t
Page 111 and 112:
How to Create a Threat Hunting Prog
Page 113 and 114:
5. Decide Whether to Automate Altho
Page 115 and 116:
How To Improve Security Capacities
Page 117 and 118:
eing noticed in a practice and some
Page 119 and 120:
In Pursuit of a Passwordless Future
Page 121 and 122:
than to guess their password, but i
Page 123 and 124: configurable data privacy. These bu
Page 125 and 126: It’s Time to Tear Down the Barrie
Page 127 and 128: Is it Time to Re-evaluate Your Thre
Page 129 and 130: Building For a More Secure Future:
Page 131 and 132: OAuth 1.0 to OAuth 2.0, or increasi
Page 133 and 134: About the Author Jeremy Butteriss a
Page 135 and 136: which helped feed the development o
Page 137 and 138: Protecting Your Business and Person
Page 139 and 140: Mitigating Phishing with Domain Nam
Page 141 and 142: About the Author Brian Lonergan, VP
Page 143 and 144: adoption is more than just an IT tr
Page 145 and 146: North Korea-Russia Summit A new all
Page 147 and 148: factors on both sides of the confli
Page 149 and 150: That being said, the Russian regime
Page 151 and 152: Protecting Critical Infrastructure
Page 153 and 154: spared from the wrath of Russian ha
Page 155 and 156: About the Author Richard Staynings
Page 157 and 158: The Illusion of Ruthless Prioritiza
Page 159 and 160: Ditch the Worry - Switch to Secure
Page 161 and 162: others are continuing to increase a
Page 163 and 164: Shifting Left Means Shifting Smart:
Page 165 and 166: triggers to allow for a more standa
Page 167 and 168: • The Rise of Remote Work: The CO
Page 169 and 170: About the Author Jaye Tillson is a
Page 171 and 172: In terms of prioritization, out of
Page 173: Three Things to Know About the New
Page 177 and 178: Cloud adoption has witnessed a sign
Page 179 and 180: The Tech Jobs That AI Will Not Disr
Page 181 and 182: Examples of tech jobs that will sur
Page 183 and 184: Cyber Defense eMagazine - November
Page 191 and 192: Free Monthly Cyber Defense eMagazin
show all

The Cyber Defense eMagazine November Edition for 2023

Create successful ePaper yourself

Delete template?

Save as template?