fbpx
perm_phone_msgConsider your business risks? Chat With US

Brinqa 2020 Predictions: The Emergence of Cyber Risk Management 2.0 : @VMblog

Global news BCyber todayMarch 12, 2020 21

Background
share close

VMblog Predictions 2020 

By
Syed Abdur, Director of Products, for
Brinqa

The Emergence of Cyber Risk Management 2.0

In
recent years, a new understanding and practice of Cyber Risk Management has
emerged around concepts of data science, automation, and analytics. It relies
on the automated collection and organization of business, IT, and security data
into a unified knowledge source to drive informed cybersecurity decisions. This
is a far cry from the manual, questionnaire-based risk assessments that come to
mind for many InfoSec professionals when they think about “risk” in the context
of cybersecurity. Besides accomplishing the goal of identifying and addressing
the most critical, impactful and imminent risks in an organization’s technology
environment, Cyber Risk Management delivers crucial benefits, including: 

The
growing adoption of Cyber Risk Management practices is expected to drive many
important cybersecurity trends in 2020.

Knowledge
Graphs and other mechanisms for representing cybersecurity data ontology will
become prevalent.

Effective
cyber risk analysis requires a solid understanding of the underlying data
infrastructure. By accurately representing the flow of information and
risk through business and IT, we can begin to understand and control how they
impact each other. In real time, such an ontology models an organization’s
infrastructure and applications, delineates the interconnects between assets
and business services, and develops knowledge of overall cyber risk. Knowledge
Graphs (popularized as the underlying data infrastructure behind Google Search
and since adopted by Facebook and LinkedIn) are able to process, analyze, and
organize large volumes of diverse, interconnected information quickly and
efficiently. A Knowledge Graph for cybersecurity evolves as new technologies
become part of the enterprise IT infrastructure, and as new cybersecurity tools
and services emerge to monitor and protect these advancements. These and
similar modern and intelligent data structures will become popular in 2020 as
organizations strive to create accurate representations of their complex
technology environments. 

Vulnerability
management will go beyond networks and applications to cover cloud, containers,
IoT, operational technology (OT), and mobile infrastructure.

While
most organizations have well defined processes for responding to
vulnerabilities, findings, security alerts, and weaknesses in their network and
software infrastructure, these practices often don’t extend to newer enterprise
IT components like cloud, containers, mobile, OT, and IoT. This can happen
for various reasons. InfoSec policy making is a time-intensive process and for
many organizations the development and deployment of cybersecurity controls,
policies, and processes for newer technologies has significantly lagged behind
their adoption rates. In addition, inventory, discovery, management, assessment
and monitoring practices and tools for these assets are different from those
for traditional infrastructure and are often owned by teams not fully
integrated in the InfoSec ecosystem. Cyber Risk Management 2.0 puts an emphasis
on breaking down information and process silos within an organization to create
a standardized and unified knowledge source. In 2020, this will help
organizations implement vulnerability management consistently and effectively
across the entire IT infrastructure. 

Organizations
will continue to ‘shift left’ and finally close the loop on software
development lifecycle (SDLC) risk.

By
mapping how IT enables and impacts businesses to create an accurate
cybersecurity data ontology, Cyber Risk Management 2.0 provides a unique
opportunity to introduce security early into SDLC processes. This makes it an
ideal framework for the prevalent DevSecOps trend to “shift left”. Not only
does this drastically reduce the cost of identifying and remediating
vulnerabilities, it delivers software that is more robust, secure, and
reliable. Further, Cyber Risk Management 2.0 delivers new insights into the
origin and nature of risks within organizations’ SDCL processes. Organizations
will use these insights in 2020 to adjust employee cybersecurity training and
education to address the root causes of cyber risk, thereby closing the loop
and reducing the volume and severity of risks entering the SDLC process in the
first place.

Cyber
Risk Management 2.0 will push automation and orchestration capabilities to new
heights of cybersecurity effectiveness and efficiency.

Cybersecurity
organizations may struggle for a variety of reasons – disconnected teams and
stakeholders, limited resources, data overload, and lack of ownership.
Automation and orchestration can help overcome many of these challenges. Cyber
Risk Management relies heavily on these capabilities to achieve risk analysis,
prioritization, remediation, and reporting at scale and in real-time. This
includes the collection of information from external sources, data correlation
and normalization, execution of analysis algorithms, creation of tickets,
deployment of patches, and delivery of metrics and reports to stakeholders. In
2020, organizations will utilize the automation and orchestration capabilities
enabled by Cyber Risk Management 2.0 to realize improvements in effectiveness,
efficiency, and security posture.

The
data foundations for cybersecurity AI / ML will be laid.

Artificial
intelligence and machine learning hold tremendous potential for application in
cybersecurity – profiling and detecting threats, identifying compromised
accounts, detecting anomalous user behavior, predicting and protecting against
malwares and zero-day vulnerabilities, and identifying and disrupting spear
phishing attacks, to name a few. However, much of this potential is currently
unrealized. One of the biggest challenges to enterprise cybersecurity AI
implementations is the lack of sufficient reliable labeled data. By
implementing modern data structures like Knowledge Graphs focused on
collecting, collating, and organizing large volumes of business, IT, and
security data in 2020, organizations will position themselves for future
success in cybersecurity AI initiatives.

About the Author

Syed brings a passion for design thinking and
engineering to Brinqa where he leads product management, strategy, and
technical marketing. He is responsible for driving the overall strategy and
technical direction of Brinqa product lines. His previous experience includes
technical software development and delivering large enterprise security
applications at Sun Microsystems and Oracle.

This content was originally published here.

Written by: BCyber

Rate it
Previous post