On a scale of A through F, how does your tech stack stand up when it comes to security? In the current reality, it’s vital to consider the impact of your vendors’ risk rating on your organization, according to Mike Wilkes, CISO for SecurityScorecard.

While many companies still track their software and solutions providers via spreadsheet, pairing up with a company like SecurityScorecard can help raise internal awareness of the risks that some vendors carry, when it comes to things like data breaches and vulnerabilities.

“In order to be effective at changing things and improving things, you need three As. You need awareness, you need acceptance, and you need action,” Wilkes said at the Data Connectors CyberConnect Web Briefing on Jan. 20, titled “Automating Risk Management at Scale for the Modern CISO.” Creating risk automation within an organization really allows for awareness, he said.

Wilkes said that even the best software providers – ones with an ‘A’ grade from SecurityScorecard – can still see breaches and vulnerabilities. What makes the difference is their quickness to patch, and their overall vigilance in their security posture. Organizations like Microsoft – whose almost certainly part of every company’s software stack, with rare exceptions – gets an ‘F’ grade. With its seemingly endless IP addresses, Microsoft is particularly vulnerable to hackers.

NOW AVAILABLE ON DEMAND: Automating Risk Management at Scale for the Modern CISO

Web Briefing Risk Social

Having discussion among teams about the risks involved in a variety of different software providers is crucial, said Dmitriy Sokolovskiy, CISO for Avid Technology.

“For all of us, continuous conversation and exchanging of information is critically important, both to improve our own resilience, to improve how our vendors and customers think about it,” Sokolovskiy said during the CISO Panel discussion during the CyberConnect Web Briefing. With that, teams can start aiming toward compliance. “You’re going to get better at doing this and looking at yourself and saying you know what, I really do have some gaps here,” he said.

When organizations reach the goal of automation, it might mean a non-existent future for CISOs, said Carlota Sage, vCISO for Fractional CISO.

“If we do our jobs right, in 20 years, CISOs won’t be needed. There will be security-forward CTOs,” she said. “Non-technical people are asking privacy questions; I love seeing that change.”

Data Connectors’ CyberConnect Web Briefings are 75- to 90-minute online sessions that feature analyst briefings, in-depth discussions with CISOs across a variety of industries, and an interactive Q&A session with a live audience.

Leave a Reply

Your email address will not be published.

Recent news posts

This is a sample blog post title.
Featured Image

Can the Texas Power Grid Stand Up Against Cyber Attacks?

This is a sample blog post title.
Featured Image

The End User: Tales from the Cyber-Adjacent

This is a sample blog post title.
Featured Image

Uber Breached as Former Security Chief Goes to Trial

This is a sample blog post title.
Featured Image

Recent Attacks Highlight a Growing Threat Landscape for Latin America

This is a sample blog post title.
Featured Image

Security, Marketing Experts Connect Through Email Authentication Tools in Upcoming Webinar

Attend an Event!

Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.

Register Today