A Perspective On Cyber Risk Management

A Perspective On Cyber Risk Management

In today’s hyper-connected world, the ability to balance cyber risk with the speed of digital transformation has never been more challenging. The cloud and other new technologies have introduced massive opportunities for businesses to innovate and grow. However, they have also introduced escalating risk that is often difficult to quantify and manage.

Last month, Trend Micro convened industry experts for their virtual Perspectives conference, who shared fresh insights on better understanding, communicating, and mitigating cyber risk.

No alt text provided for this image

One of the most enlightening perspectives came from Allie Mellen, Forrester Analyst, who compared the pros and cons between a platform, portfolio, and standalone cybersecurity risk management solutions. To summarize:

  • Standalone solutions can provide the best of breed approach, robust interoperability, and close vendor relationships. They can also drive a requirement for more extraordinary skills, additional maintenance, and the need for the end-user to develop and execute a comprehensive strategy;
  • While also providing robust interoperability, Portfolio solutions deliver the flexibility to use other tools. The downside, however, is the potential for fracturing team focus across multiple offerings; and
  • Platform solutions deliver tight integration between various products while simultaneously simplifying the user experience. This hands-off approach may also bring offering complacency or bloat.

From a personal point of view, however, I connected with the comparisons and agreed with the conclusion that the platform provides superior cyber risk mitigation options. While the possibility of complacency is real, its advantages outweigh the other typical marketplace options given the current cyber threat environment.

No alt text provided for this image

The presentation by Marnie Wilking, CISO and Global Head Of Security and IT Risk Management for Wayfair, brought this point into focus. Wayfair supports over 3,000 engineers, 16,000 employees, 23,000 suppliers, and over 27 million customers in the $800B home goods market. Given the current shortage of skilled cybersecurity professionals alone, understanding, communicating, and managing risk across the enterprise is already daunting. At Wayfair, however, that risk baseline was exacerbated by the additional challenges of a hybrid cloud transition, digital acceleration, and the global pandemic. According to Marnie, this environment is exactly where the platform option’s advantages of automated tooling, continuous asset discovery, and enhanced threat surface visibility shine.

I’ve recognized that communication is an essential leadership virtue. When applied to the cybersecurity domain, this requirement highlights the importance of ensuring a shared understanding across middle and senior management of how cyber threats can prevent the attainment of critical business goals. The enterprise can effectively communicate and mitigate cyber risk with that shared understanding. 

Recent results from Trend Micro’s Global Risk Survey of IT and Business Decision Makers made industry cybersecurity fears obvious. The data showed that:

  • 76% of global organizations think they’ll experience a successful attack within the next 12 months.
  • 97% of IT decision-makers think the leadership team does not fully understand cyber risk.
  • 54% of survey respondents feel that their organization’s method of accessing risk exposure lacks enough sophistication; and
  • 50% of IT decision-makers struggle to quantify or demonstrate organizational risk exposure to the leadership team.

Perspectives also introduced Trend Micro One, a unified security platform. The platform offers security depth across endpoints, email, cloud, operational technology (OT), Internet of Things (IoT), networks, and native Extended Detection Response (XDR) capabilities. I was impressed by the pedigree of this unified cybersecurity platform. Based on over 30 years of experience, the solution helps enterprises streamline compliance, respond faster to threats, and better manage cyber risk.  The platform features industry-leading security capabilities, risk insights, and threat assessments.

No alt text provided for this image

The cloud-delivered Trend Micro One platform combines over 250 million global sensors to discover dynamic attack surfaces continuously. This architecture results in a dynamic risk assessment process capable of driving the correct mitigation response at the right time. Chaitanya Pinnamanem, CTO of Sandstone Technology, thoroughly explained this risk assessment challenge. While emphasizing the need for 100% visibility in the cloud, he explained that organizations needed to stop treating their IT infrastructure as a pet and start viewing the IT infrastructure components as cattle. You will better appreciate this enlightening description by viewing his segment.

No alt text provided for this image

The Trend Micro One security platform helps enterprise leadership understand the ramifications of failed cyber defense policies. David Chow, Trend Micro Chief Technology Strategy Officer, highlighted this danger. He provided a personal anecdote on the threat vector during his opening remarks by relaying his experience working at the White House for President Obama. While there, he saw cybersecurity-related Governance, Risk management, and Compliance (GRC) processes bypassed due to operational pressures to support the President. These routine occurrences later led to a White House cyber breach.

Another significant cyber defense hole is failing to know the number and nature of externally-facing network assets. Eric Skinner, Trend Micro VP of Market Strategy, addressed this during an interview with Jeremiah Grossman of Bit Discovery. That discussion provides an excellent overview of the risk and effective mitigation options for addressing this concern. 

No alt text provided for this image

Trend Micro One also features built-in support for a Zero Trust strategy and includes executive risk dashboards to help security leaders build confidence in their organization’s security strategy. As a cloud-based solution, it supports leading cloud providers and delivers industry-leading native security for cloud, endpoint, email, network, and IoT environments. This approach reduces the impact of achieving compliance by 50% while helping the organization better understand, communicate, and mitigate cyber risk.

The “don’t miss” presentation was by Eva Chen, Trend Micro Co-founder, and CEO, who emphasized how a unified cybersecurity platform uniquely protects a modern enterprise’s broadened attack surface. This approach is optimized to defend against crucial 2022 cyber threats, including:

  • The tendency of attackers to target DevOps tools and pipelines, accessing credentials and building systems to launch supply chain attacks;
  • The rising prominence of targeted ransomware and multi-stage extortion techniques; and
  • The rapid weaponization of vulnerabilities leads to more zero-day exploits and harder-to-detect, blended attacks.

Eva’s explanation of how the unified cybersecurity platform effectively protects an organization was clear, concise, and convincing. Chief Platform Officer Frank Kuo expertly complimented Ms. Chen’s succinct description during his Vision One presentation. Trend Micro One also uniquely and effectively mitigates platform solution complacency weakness by embracing its ecosystem partners. The Bit Discovery session is one example of how embracing the entire partner ecosystem can provide better visibility and cyber risk mitigation.

The article only scratches the surface of the platform’s power. You can get more information about the Trend Micro One platform by viewing the Perspectives on-demand videos.

Trend Micro sponsored this article. 

Aero Wong 黃文翰

👽 NOT a BOT ⚡️ BUT ⚡️ Blockchain Developer 👽

2y

Constructing a platform is no easy feat from the architectural point of view. Thanks for sharing, Kevin. 🙂

Beverley E.

Co-Founder at TechMode.io

2y

Really insightful read, Kevin. Thanks for sharing 💡 #CyberSecurity #TMAmbassador

To view or add a comment, sign in

More articles by Kevin L. Jackson, CISSP®,CCSP®

Insights from the community

Others also viewed

Explore topics