FINAL WORD
Saket Modi , Co-founder and CEO of Safe Security management through breach likelihood , which simplifies cybersecurity .
Computing an enterprise ’ s breach likelihood leverages technology that is not alien to the BFSI sector . Machine Learning-enabled predictions are already being deployed in insurance , employee welfare and customer experience . A large online payments system uses Deep Learning , algorithms , multi-class models and more to sieve fraudulent and genuine transactions by deriving actionable insights from their story-model analysis .
In such a scenario , cybersecurity should transform from being jargon-rich to simple , unified and easy . Managing , mitigating and measuring risk objectively is the fundamental shift required , and this comes with the knowledge of an enterprise ’ s breach likelihood .
Financial institutions needed to adopt breach likelihood yesterday
Gartner defines Integrated Risk Management ( IRM ) as “ practices and processes supported by a risk-aware culture and enabling technologies , that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks .”
Cybersecurity can also be simplified using technology that already exists . The fundamental element of cybersecurity is as basic as knowing the enterprise breach likelihood that can be calculated from enterprise-wide signals .
Breach likelihood prediction in the banking sector shifts power to the cybersecurity team and the organization , enabling them to prevent rather than react to threats . Be it the possibility of a breach through ransomware , cloud misconfigurations or business email compromise , breach likelihood gives an as-is metric for cyber-risks and a means to prioritize vulnerabilities .
This simplifies the understanding and management of cybersecurity . FIs willing to invest in methods that simplify cybersecurity can begin with :
The building block of IRM is enterprise risk . Currently , organizations have tried and failed to protect data by looking at cybersecurity through compliance frameworks only , with point-in-time reports from siloed tools . It is time they moved from reactive and defensive risk management to predictive risk
ABOUT THE AUTHOR
Saket Modi is the Co-founder and CEO of Safe Security , a Cybersecurity and Digital Business Risk Quantification platform company . A computer science engineer by education , he founded Safe Security in 2012 while in his final year of engineering . Incubated in IIT Bombay and backed by Cisco ’ s former Chairman and CEO John Chambers , Safe Security protects the digital infrastructure of multiple Fortune 500 companies around the world with its cyber-risk measurement and mitigation platform called SAFE . Modi is a part of Fortune Magazine ’ s 40-under-40 , Entrepreneur Magazine ’ s 35-under-35 , Forbes Magazine ’ s 30-under-30 lists , among others .
• Stepping away from a compliance-only qualitative approach to ensure no vectors – people , processes , technology or cybersecurity products for both first and third parties – go unaddressed .
• Consolidating reports from all cybersecurity products / services to a single dashboard . This will help security and risk management teams prioritize risks across the enterprise in a single view .
• Measuring their cyber-risk posture in its as-is state . They either accept the risk and improve their risk posture by purchasing cyber insurances , accept the risk and forgo any changes , especially when the investment required to mitigate the risk is larger than its dollar value impact , or mitigate the vulnerabilities by defining their cyber-risk appetite and cyber-risk tolerance .
To date , the fundamental approach of securing any business has been reactive . Investments in cybersecurity have historically maintained a check-the-box approach to meet compliance and audit requirements . There are many distractions and abstractions surrounding cybersecurity , especially when it is a qualitative analysis . Once the foundation is solid with an industry-wide breach likelihood adoption , cybersecurity will become a solution rather than a problem that security executives perceive as right now . p
84 INTELLIGENTCIO APAC www . intelligentcio . com