History of controls harmonization is really the history of managing conversations about risk. Cyber Risk Recap: What could go wrong?
Reputation is a cyber target
- Criminals value information – financial, health, critical infrastructure
- The pace of technology intensifies and blurs dependencies
- We can’t trace, never mind control our data
- Exfiltration happens
- The role of government and information custody is flat out unclear
Cybersecurity Mission: Resilience
- Know the critical assets and who’s responsible for them
- Get everyone involved in cyber-resilience (discovery)
- Assure they have the knowledge and autonomy to make good decisions
- Be prepared for both unsuccessful AND successful attack
- Prevent a cyber attack from throwing the organization into complete chaos.
Expectations Mount While 3rd Generation Problems Prevail
- Expnsive cloud engineers taken off line for audit – get vague pushback on design of their work
- Business is sliding back to relying on spreadsheets
- Security and IT asking for more resources
- CSO, CIO, CRO and CAE struggle to supply what’s required for the board