FINAL WORD
Saket Modi , Co-founder & CEO , Safe Security
Computing an enterprise ’ s breach likelihood leverages technology that is not alien to the BFSI sector . Machine Learning-enabled predictions are already being deployed in insurance , employee welfare and customer experience . A large online payments system uses Deep Learning , algorithms , multi-class models and more to sieve fraudulent and genuine transactions by deriving actionable insights from their story-model analysis .
ABOUT THE AUTHOR organisation ’ s breach ( as per the GDPR ), the board gets more curious and involved in the decision-making processes of cybersecurity than ever before .
In such a scenario , cybersecurity should transform from being jargon-rich to simple , unified and easy . Managing , mitigating and measuring risk objectively is the fundamental shift required , and this comes with the knowledge of an enterprise ’ s breach likelihood .
Financial institutions needed to adopt breach likelihood yesterday
Gartner defines Integrated Risk Management
( IRM ) as “ practices and processes supported by a risk-aware culture and enabling technologies , that improve decision making and performance through an integrated view of how well an organisation manages its unique set of risks .”
The building block of IRM is enterprise risk . Currently , organisations have tried and failed to protect data by looking at cybersecurity through compliance frameworks only , with point-in-time reports from siloed tools . It is time they moved from reactive and defensive risk management to predictive risk management through breach likelihood , which simplifies cybersecurity .
Saket Modi is the Co-Founder and CEO of Safe Security , a Cybersecurity and Digital Business Risk Quantification platform company . A computer science engineer by education , he founded Safe Security in 2012 while in his final year of engineering . Incubated in IIT Bombay and backed by Cisco ’ s former Chairman and CEO John Chambers , Safe Security protects the digital infrastructure of multiple Fortune 500 companies around the world with its cyber-risk measurement and mitigation platform called SAFE . Modi is a part of Fortune Magazine ’ s 40-under-40 , Entrepreneur Magazine ’ s 35-under-35 , Forbes Magazine ’ s 30-under-30 lists , among others .
Cybersecurity can also be simplified using technology that already exists . The fundamental element of cybersecurity is as basic as knowing the enterprise breach likelihood that can be calculated from enterprise-wide signals .
Breach likelihood prediction in the banking sector shifts power to the cybersecurity team and the organisation , enabling them to prevent rather than react to threats . Be it the possibility of a breach through ransomware , cloud misconfigurations or business email compromise , breach likelihood gives an as-is metric for cyber-risks and a means to prioritise vulnerabilities .
This simplifies the understanding and management of cybersecurity . FIs willing to invest in methods that simplify cybersecurity can begin with :
• Stepping away from a compliance-only qualitative approach to ensure no vectors – people , processes , technology or cybersecurity products for both first and third parties – go unaddressed .
• Consolidating reports from all cybersecurity products / services to a single dashboard . This will help security and risk management teams prioritize risks across the enterprise in a single view .
• Measuring their cyber-risk posture in its as-is state . They either accept the risk and improve their risk posture by purchasing cyber insurances , accept the risk and forgo any changes , especially when the investment required to mitigate the risk is larger than its dollar value impact , or mitigate the vulnerabilities by defining their cyber-risk appetite and cyber-risk tolerance .
To date , the fundamental approach of securing any business has been reactive . Investments in cybersecurity have historically maintained a checkthe-box approach to meet compliance and audit requirements . There are many distractions and abstractions surrounding cybersecurity , especially when it is a qualitative analysis . Once the foundation is solid with an industry-wide breach likelihood adoption , cybersecurity will become a solution rather than a problem that security executives perceive as right now . p
76 INTELLIGENTCIO AFRICA www . intelligentcio . com