As the year comes to an end, I feel like a reflection is needed. 2023 was quite a ride. I planned to have this reflection on LinkedIn, but the Prague shooting on the 21st of December made me limit my social media presence and exposure at this time, out of respect for the victims.
As a security executive, I often find myself troubled about the lack of cyber risk understanding in companys' executive management. I may be wrong, but apparently not very much. Lately, the voices for the need of proper cyber security risk governance at the board level are getting louder, and are coming from multiple sources; including the US Security and Exchanges Committee.
Supply Chain Risk Management is the name of a big security problem in the business world. It is so important that there isn't a single security framework that doesn't include Supply Chain Risk Management in its agenda, guidance, and suggested controls. NIST has a set of resources on the topic, but it is not the only organization that is addressing this problem.
During the last 3 months I got more times than expected in discussions about patch and vulnerability management. I need to say, there is much misunderstanding going around about these two processes; so much that I could argue that several organizations are exposing themselves significantly, just because the touch points and (lack of) dependencies in these two processes are not clear.
Due to the Coronavirus outbreak there are lots of voices saying that we shouldn't care so much - especially if we haven't vaccinated for the flu which shows a lack of diligence on our side.
That could not be more wrong! People who say that understand ZERO about risk management, and since my social bubble is mostly security and risk management people, I find that very alarming.
Let me explain:
Professional liability insurance has been around for long. It is not a surprise that Cyber Insurance is becoming a trend lately, considering the constantly raising number of security breaches. The post in one sentence: Cyber insurance is a good thing but be careful what you wish for.