How Should You Manage Cyber Risk in 2024?
This session reveals how organizations can manage and govern access for every internal and external digital identity it serves.
As remote workforces and the vulnerabilities that accompany them continue to expand, so do the attack surfaces for cyber threats. The complexity of nonstop access requires an equally complex approach to security, especially regarding identity management.
In this archived keynote session, Candy Alexander, CISO and cyber practice lead of NeuEon, explains how to assess and reduce risks associated with access management.
This segment was part of our live webinar titled, “Tools and Technologies for Managing Cyber Risk in 2024” The event was presented by InformationWeek on August 20, 2024.
A transcript of the video follows below. Minor edits have been made for clarity.
Candy Alexander: Before we get into the conversation, I just want to stop a moment and look at the challenge that we face today in our organizations. We have rapidly growing and evolving technologies, and businesses are relying on them more and more for global operations.
However, this reliance creates complexities, weaknesses, and vulnerabilities. With remote workforces requiring constant access, the need to protect against cyber threats is paramount.
One missed authentication step can cripple your entire business. So, let's go ahead and explore how we can address risks that our organizations face in the ever-changing landscape that we see today.
Let's look at our landscape today, especially regarding risk management. Let's face it, it breaks down to risk management is the ability to determine potential harm and take the appropriate steps to address it.
But to do that well, we need to have two things: We need to have visibility, and we need to control actions. In 2024, we're challenged with both of those by design to improve productivity and cost reduction.
And of course, there's a mirage of other things that factor into that, but let's look at what I mean. I'm going to take this into a two-pronged discussion point. The first is regarding business. When we look at businesses in 2024, they are looking to balance the cost of risks versus operations, which is common.
But what is new is that we are coming out of a post-pandemic world, and much of our workforce is really focused on the work life balance, which means more remote work.
This means that we're possibly seeing more cloud adoption or SaaS in our environments, and with that comes the challenge of having little control and visibility. In addition to that, we also see the expanded use of new technologies, again, through SaaS, which is rapidly evolving.
We have instances of folks going out and getting their own technology solutions through any cloud service you can imagine. And then, of course, there's the topic which everybody is talking about right now, and that's AI.
From the business perspective, neither of those will necessarily raise eyebrows, because there is valid reason for both of those new and exciting technology solutions. That's to increase operational efficiency and reduce the costs of technology.
However, they don't really look at it from the cost benefit analysis or risk perspective, unless you have a good CISO to step in and have those conversations. So, let's change that.
Now that we have that picture from a business perspective, let's talk about the risks and challenges thereof. In 2024, from a technology perspective, the complexity of our environments has grown exponentially.
To make our environments less complex, we try to go with a one-stop solution. For example, that would be moving everything we can to Microsoft. We use Microsoft365 and all the tool sets that are available through that.
They have an unbelievable security suite that is complex, but comprehensive. And you could swap out the name Microsoft and pick any of the other major cloud providers.
Whether it's AWS, Google, or whatever you have. But there is obvious risk in doing that, which we must begin to realize. We don't have that resiliency baked in because it's in the cloud.
We trust these large providers and assume that they have redundancy and resiliency baked in. But do they? I think we recently learned a valuable lesson with CrowdStrike, not that I am pointing fingers.
It's only a matter of time before each one of us are in that same position. The lesson to be learned from that is to really look at the architecture of your environment and understand where the basic concepts of security and protection come from.
That includes resiliency or making sure that you have alternative solutions or ways out of the mess, if you will.
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022