Security Ratings Serve to Raise Risk Awaren …
On a scale of A through F, how does your tech stack stand up when it comes to security? In the current reality, it’s vital to consider the impact of your vendors’ risk rating on your organization, according to Mike Wilkes, CISO for SecurityScorecard.
While many companies still track their software and solutions providers via spreadsheet, pairing up with a company like SecurityScorecard can help raise internal awareness of the risks that some vendors carry, when it comes to things like data breaches and vulnerabilities.
“In order to be effective at changing things and improving things, you need three As. You need awareness, you need acceptance, and you need action,” Wilkes said at the Data Connectors CyberConnect Web Briefing on Jan. 20, titled “Automating Risk Management at Scale for the Modern CISO.” Creating risk automation within an organization really allows for awareness, he said.
Wilkes said that even the best software providers – ones with an ‘A’ grade from SecurityScorecard – can still see breaches and vulnerabilities. What makes the difference is their quickness to patch, and their overall vigilance in their security posture. Organizations like Microsoft – whose almost certainly part of every company’s software stack, with rare exceptions – gets an ‘F’ grade. With its seemingly endless IP addresses, Microsoft is particularly vulnerable to hackers.
Having discussion among teams about the risks involved in a variety of different software providers is crucial, said Dmitriy Sokolovskiy, CISO for Avid Technology.
“For all of us, continuous conversation and exchanging of information is critically important, both to improve our own resilience, to improve how our vendors and customers think about it,” Sokolovskiy said during the CISO Panel discussion during the CyberConnect Web Briefing. With that, teams can start aiming toward compliance. “You’re going to get better at doing this and looking at yourself and saying you know what, I really do have some gaps here,” he said.
When organizations reach the goal of automation, it might mean a non-existent future for CISOs, said Carlota Sage, vCISO for Fractional CISO.
“If we do our jobs right, in 20 years, CISOs won’t be needed. There will be security-forward CTOs,” she said. “Non-technical people are asking privacy questions; I love seeing that change.”
Data Connectors’ CyberConnect Web Briefings are 75- to 90-minute online sessions that feature analyst briefings, in-depth discussions with CISOs across a variety of industries, and an interactive Q&A session with a live audience.
Recent news posts
Cyber Fraud Task Force: Weekly News Update
Cloud Computing, Data Protection Top List of In-Demand Skills: ISACA Annual Report
Cyber Preparedness Consortium Bill Heading to President’s Desk
Explainer: CISA’s Shields Up Warning
Note to Self: Smishing Schemes Are on the Rise
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.