Following the 2021 cyberattack on Colonial Pipeline that caused a nationwide supply-chain disruption, numerous cybersecurity companies and federal agencies increased their efforts to find and shut down ransomware groups and curb the rise of cyberattacks. Those efforts have resulted in the shutdown of ransomware-as-a-Service (RaaS) groups such as DarkSide and REvil, which had been targeting critical infrastructure including healthcare providers of financial systems.

Businesses have always had to manage risk – everything from operational, financial, or strategic risks; to other risks that are reputational, regulatory, or cybersecurity-related. So how does enterprise risk management (ERM) work today, when so many businesses are moving so much of their operations into the cloud? How can CISOs and other senior executives take traditional ERM principles and apply them to the cloud-based technology that underpins so much of the modern enterprise?

Risk culture is the set of shared beliefs, attitudes, and understanding among a group, usually in a corporate environment, about risk and risk management practices. A company has a strong risk culture when all employees understand the business and regulatory landscape in which the organization functions, and what risks are acceptable within that landscape to achieve business objectives.

The past two years have brought about significant disruptions to global supply chains. Recent headlines have focused on labor shortages and their impact on everything from product production to shipping delays. However, another, more significant supply chain issue should be top of mind for every organization: supply chain attacks.

Most organizations use at least some (and perhaps many) external vendors in their daily operations, sometimes even to provide mission-critical services or supplies; we’ve discussed them before as third-party vendors and the risks they bring. Indeed, most businesses today already consider third-party risk management in their overall cybersecurity protocols.

Amazon Web Services (AWS) is a cloud platform designed to meet the growing demand for cloud computing worldwide. AWS provides a set of cloud services such as storage, analytics, blockchain, business applications, security, and machine learning. Within this cloud environment is Amazon Simple Storage Services (S3), a cloud storage solution bringing scalability, data availability, security, and performance to companies of any size through so-called “buckets” or data containers.

Data theft can devastate any company, resulting in lost profits, regulatory enforcement, litigation, and reputational damage that can be difficult to overcome. Every organization must protect its customer data and assure that sensitive information is kept safe. That said, the data in your company’s possession is held in different states – and each of these states has particular vulnerabilities. A security tactic that works for one state may be inefficient for another.

The need for versatile and affordable solutions for storing and processing data in enterprises makes cloud computing an increasingly attractive IT strategy. Cloud computing provides flexible and easy-to-use solutions. It can also be more cost-effective than traditional storage methods that require a physical server and hardware at your corporate premises, which is one of the reasons why businesses often make the switch.

Managing third-party risk is a bit like throwing a fancy party. Everyone wants to attend, but you have to assure that only the most essential and top-rated VIPs get past the velvet rope. So you check attendees’ credentials at the door. Every company uses a third-party vendor or contractor at some point. Whether you are purchasing raw materials or outsourcing specialized processes, working with third parties can help you achieve a competitive advantage and cost savings.

Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a compliance professional in any sector.