What. An. Event!
Imagine…26,000 cybersecurity professionals learning and networking IRL for the first time since 2020.
With an all-star speaker lineup, RSAC did not disappoint. From the opening keynote with DPO’s from Google, Apple, and LinkedIn highlighting the increasing necessity for Privacy by Design software and hardware engineering to the closing keynote on mapping the cybercriminal ecosystem, RSAC proactively addressed the challenges– and thinking– of security pros.
The show floor was buzzing and many sessions were standing room only. RSA Conference discussions focused on prevalent themes within the cybersecurity community, including privacy and surveillance, the nuance of risk and policy, and cybersecurity innovations. Copies of the book, Third-Party Cyber Risk Management for Dummies were in short supply; if you didn’t get a copy, download the e-version now.
And of course, no conference would be complete without an awards ceremony and a little after hours fun, too. In this post, we summarize RSA Conference highlights, from a CyberGRX point of view.
Discovering New and Better Ways
Let’s face it: the current practice of evaluating third-party suppliers is cumbersome and broken.
“Too many organizations adopt a ‘checkbox mindset’ when it comes to evaluating the security profiles of vendors,” said Courtney Cohen, Sr. Director of Product Management at CyberGRX. In an RSAC Onsite interview, she explained more.
“The traditional approach to third-party risk management is a list of tasks– complete this assessment and you’re done. The process is not only repetitive and time consuming but it’s really only a snapshot in time. In reality, your risk profile is continually changing and evolving,” Courtney shared. “Being aware is one thing but being proactive is another. Considering 67% of companies had a third-party related cyber incident in the last year, a real-time look into your risk profile is essential. If you know what the risks of any vendor in your portfolio are going to be, it shifts the conversation (and mentality) away from the data collection to data interpretation and actionable insights,” she advised.
Just as technology advances, so should how organizations manage their tech portfolio.
View the entire interview:
Managing Risk and Understanding True Risk Exchange
“Risk exchange” is a powerful concept– the idea of sharing information across third-party relationships. But a TRUE risk exchange is more than just collecting and sharing data; it’s the collection of a standardized set of data.
“True risk exchange makes best use of standardized data sets that really opens up a lot of efficiencies and insights across a portfolio,” explained Dave Stapleton, CISO of CyberGRX. “Third-parties are integral to the success of our business. We share sensitive data with them, we rely on them for critical business processes, and they enable our businesses, too. So, it’s essential to have a significant focus on third-party risk management,” said Dave.
“The traditional approach has not produced a lot of good action, and the management of third parties has not necessarily been the strong suit of many CISOs. It’s imperative to use a true risk exchange model to unlock efficiencies and get our staff back to the work of cybersecurity versus hunting down questionnaires, assessments, and spreadsheets.”
The objective for CISO’s is to view managing risk as a collective power, identifying unacceptable risks, and developing corrective actions. “The first step is to see the data across your entire portfolio, then prioritize the risks that are most critical to your organization,” said Dave.
Gain additional insight from the entire interview, as covered by Data Breach Today.
Third-party breaches, supply chain attacks, and vendor ransomware attacks are becoming increasingly common as connected ecosystems expand. As a result, companies are more exposed than ever before. The good news is, CISO’s aren’t alone; support is available.
Cyber Defense Magazine (CDM) recognized CyberGRX as a leader in threat defense, naming CyberGRX Hot Company of the year in the Third-Party Cyber Risk Management (TPCRM) category.
“CyberGRX embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.
CyberGRX CEO Fred Kneip expressed his gratitude, commenting, “We are honored to be recognized by the CDM awards program as a leader in the third-party cyber risk management market. Our team has worked tirelessly to develop innovative new products that are completely revolutionizing how organizations structure their TPCRM programs.” He concluded his comments with a promise to the cybersecurity industry to continue to develop innovations that deepen cyber risk insights and assist with risk mediation strategies.
To learn more about the CyberGRX Exchange and see your risk, request a demo.
Networking and the Bootlegger Bash
Finally, we would be remiss if we didn’t highlight our Bootlegger Bash, a 1920’s themed speakeasy party with free flowing drinks, food and conversation. Special thanks to all those who attended and helped make both the Bash and RSA Conference extra special.