IT security, cybersecurity, privacy, and data management are ranked as top challenges for the board of directors, corporates, oversight authorities, and IT audit functions. The digital transformation has greatly impacted the way businesses track, measure, and analyze risk across domains. To delve deeper into the subject and to gain a better understanding, EC-Council and CISO MAG recently organized a webinar titled, “Improving Risk Posture with Automation and AI Monitoring” where Christoper Smith, GRC Consultant for OneTrust GRC, reviewed some key areas where organizations can leverage AI to inform decisions and implement automation to integrate into first-line business applications to engage stakeholders and enhance compliance and board reporting. The webinar was attended by cybersecurity experts from more than 30 countries.
Smith kickstarted the webinar by discussing the ever-evolving cyber risk landscape and how there are several opportunities for businesses to tackle these threat vectors. Talking about the risk management drivers, he stressed having a pro-active risk management approach while defining risk as business outcomes and how it is imperative to gain real-time insights. He also stressed operational resilience and the need for integrating continuity plans.
He continued the discussion by shedding some light on the increased attack surface and the importance of cybersecurity and data privacy, with three focus areas: data processing, the emerging risk from vectors like shadow IT and fourth party, and digital transformation and adoption of new technology. “When it comes to threat actors, they do not have a downtime. Cybercriminals are ever-evolving with their strategy to launch cyberattacks,” he opined.
Smith also assessed the need to evaluate fourth-party risks. These included indirect data exchange with your vendor’s vendors, tracking third-party systems, and approving specialized tools for shadow IT and fourth-party risks in the line of business.
He pointed out that when data processing occurs at third-party vendor systems, it is important to ask yourself these questions:
- Who owns SaaS data?
- Where is the data located?
- How resilient are the services?
- Can you confirm that processes are upheld?
Smith further discussed aligning business objectives for improving the risk posture. According to him, a holistic outlook is needed to approach the emerging risks, and these begin by applying best practices. These include:
- Selecting a baseline: Selecting compliance framework to model and measure program performance
- Building Risk Methodology: Identifying score, stakeholders, and risk scoring and management processes
- Harmonizing Objectives: Aligning resources with everyone working toward the same risk mitigation goal, based on their unique risk motivators
- Data Ready: Know what you want to use and why you want to use it- ensure repeatable quality can be obtained and maintained
He stated that risk mitigation and AI today include robotic process automation, machine learning, predictive analysis, and intelligent risk automation, and hence it is critical to invest in artificial intelligence. As AI and ML analyzes cybersecurity from a holistic perspective, it can be leveraged to improve the cybersecurity posture of businesses.
Following the webinar, Smith engaged in a Q&A session with the audience.
About CISO MAG
CISO MAG – a thought-leadership publication from EC-Council – provides vital stories, trends, interviews, and news from around the security world to help security leaders stay informed. The magazine includes comprehensive analysis, cutting-edge features, and contributions from thought leaders.
EC-Council, officially incorporated as the International Council of E-Commerce Consultants, was formed to create information security training and certification programs to help the very community our connected economy would rely on to save them from a devastating Cyberattack. EC-Council rapidly gained the support of top researchers and subject matter experts around the world and launched its first Information Security Program, the Certified Ethical Hacker. With this ever-growing team of subject matter experts and InfoSec researchers, EC-Council continued to build various standards, certifications, and training programs in the electronic commerce and information security space, becoming the largest cybersecurity certification body in the world. Learn more at https://www.eccouncil.org.