Attending the RSA Conference can be an exciting time – whether you’re there representing your company or participating in the educational sessions. Just walking around the Moscone Center during RSAC 2023 provided insight into the latest trends and challenges in the risk and compliance industry. One of the most striking takeaways from the conference was the complexity and challenges involved in risk and compliance management faced by modern organizations.

Co-authored by David Willis and Gary Jenkins As we wrote in an earlier blog, the concept of cybersecurity risk continues to be codified, qualified, and, finally, quantified. With the rise of RESTful API endpoint support and near-real time telemetry sharing, companies can seize the opportunity to automate the IT/security stack’s response to risky users (in addition to devices, data, and applications—to be covered in future blogs).

The number and complexity of software vulnerabilities is continuously growing. The ability of development and security teams to assess the threat level a given vulnerability poses and prioritize fix efforts accordingly greatly depends on access to as much context as possible about the vulnerability.

Cyber risk governance (also called cyber risk governance or governance, risk, and compliance — GRC) and cyber risk management are often used interchangeably, but they are actually very different parts of the way an organization achieves data protection. While cybersecurity risk management focuses on implementing cybersecurity controls, cyber risk governance is more concerned with the strategy behind that implementation.

When a hacker breaches a network or system, data exfiltration often follows. But what is data exfiltration and how can you prevent it?

‘A ship in port is safe, but that's not what ships are built for,’ said Dr. Grace Hopper, Rear Admiral of the US Navy and a computer pioneer. As soon as the ship leaves the harbor, or even the dock, there are risks. Depending on conditions and purposes, the ship's crew might decide they are negligible, that they can be recovered from, or that the potential rewards are worth the risk. The same ideas can be applied to computers.

As ever more business operations rely on software systems and online platforms, the range of cybersecurity risks they face become ever more complex. A strong risk management process can help, enabling organizations to detect potential threats, gauge the potential disruption, and implement mitigation plans to minimize the risk of harm. That said, merely implementing a risk management plan is not enough to ensure optimal cybersecurity.

In today's business landscape, organizations rely heavily on digital systems, applications, and webpages for their daily operations. However, with the increasing use of technology comes growing risks of unauthorized access to sensitive information and data.

Third-party vendors are a vital part of your business ecosystem. But if you’re not careful, these companies can introduce cyber risk. The SolarWinds supply chain hack is a notable example of the jeopardy that even the most trusted partnerships can yield. But with so many moving parts, creating a supplier risk management plan – and executing on it – can be a challenging and arduous task. According to Gartner, 60% of organizations work with more than 1,000 third-party vendors.

Welcome to our latest podcast episode, where we delve into the fascinating realm of AI in cybersecurity. Phil Agcaoili, the esteemed entrepreneur, and former CISO professional, joins us in this fascinating discussion. Alongside our hosts, Max Aulakh and Joel Yonts, we unravel the profound impact of artificial intelligence on cybersecurity, compliance, and the workforce.