Cybersecurity

Risky business is driving company compliance policies, experts say

“You almost need AI to fully solve cyber risk,” expert tells IT Brew.
article cover

Risky Business/Warner Bros. via Giphy

· less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Like Joel Goodsen home alone for a weekend, data protection can be risky business.

Padraic O’Reilly, co-founder and chief innovation officer of CyberSaint Security in Massachusetts, believes the best way to manage risk is to run organizational frameworks with an eye toward proactive security protection.

It’s part of what he describes as a changing conversation about using AI to facilitate data supervision, he told IT Brew at the RSA Conference in early May.

“The data is so rich in cyber, and so complex,” O’Reilly said. “The number of inputs and the logical connections among those inputs—you almost need AI to fully solve cyber risk.”

Top level. As CFO Brew has reported, C-suite concerns over risk reporting and regulations have been adding to executive stress—so much so that they’re leaning on insurance companies to write policy and relying on AI to pick up the slack.

Companies like California-based Ninjio provide an aspect of that solution, using risk scores to calculate company vulnerability, president and CEO Shaun McAlmont told IT Brew.

“That risk score is on an individual basis; it could be for a department or the entire company,” McAlmont said. “And the goal is to see that level of risk…decreased significantly for that client.”

CyberSaint’s approach to risk involves a two-pronged approach that financializes cyber risk and uses automation to manage compliance. The company aims to make risk management a feature—not a bug—for companies. Too often, O’Reilly said, risk is treated as a catch-all in which compliance and management are used as a repository for all manner of data.

“Almost everyone I was talking to was saying, ‘We just have no way to relate it to risk. We have a risk register, but it’s effectively a junkyard where we throw shit that we have either dealt with or we need to deal with, and we just don’t have a way to relate it back to the program,’” O’Reilly said.

Locked in. With all the rules and regulations around risk—the compliance side of the business—executives in the C-suite are running into trouble. New Securities and Exchange Commission cybersecurity disclosure requirements look to change that.

“The CISO was kind of hemmed in; they were boxed in it. They had an incentive to not be fully transparent because they were historically a fall guy,” O’Reilly said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.