Three things struck me most at this year's RSA Conference:
Of all three, the case for business-driven security made by Dr. Zulfikar Ramzan, CTO at RSA Security, during the opening keynote was certainly the highlight of the conference for me.
The need for business-driven security
To explain the need for business-driven security, Ramzan spoke about the long tail of chaos and associated consequences that can follow cyber security events. As an example of chaos, he referred to the technological impact on the 2016 US presidential election. “Consider the cyberattack on the Democratic National Committee. Did it change the course of the US presidential election? Who knows? But it definitely changed the discourse of what followed. It was mainstream front-page news and rocked the foundations of democracy. It demonstrates that our problem isn’t limited to initial cyber-attacks. Our problem is the long tail of chaos they create.”
This long tail of chaos also affects organizations that have digitalized their core business processes over the past two decades, as that innovation invited exploitation by an increasing number of threat actors. This chaos provides the opportunity for leaders of a new type to emerge, "business-driven security leaders", that can tame this chaos and sit at the same table with their business counterparts to define the security and business-enabling strategies that are right for the organization.
Ramzan offered three very actionable pieces of advice for taming the chaos:
At the end of the opening keynote, Michael Dell joined Ramzan on stage and added that “security is now the number one issue that plagues businesses and boards, concerned about the complexity of their security posture and how to manage risk.”
The keynote gave me great hope that the wider industry might be getting serious about moving from a technology-based approach to cybersecurity to a business-driven approach and that the 'dark ages', where cyber risk was deemed to be too complicated to be analyzed in financial terms, are coming to an end. Cyber risk economics is here, and players like RiskLens who have been working with some of the most innovative companies in the world to pave the way, can only rejoice about these developments that will enable cost-efficient decision-making and make the world safer.
How RiskLens can help you become a business-driven security leader
RiskLens is already helping many security leaders in a variety of industry verticals to:
The RiskLens Cyber Risk Quantification application is purpose-built on the principles of both risk models referenced by Ramzan above, FAIR and bow-tie. RiskLens applies them for scoping, analyzing and reporting on both individual and enterprise-level cyber risk scenarios.
Contact us today to discover how you can get a seat at the business table and enable financially-driven business decision-making.