7 Ways the Digital Risk Revolution Changes Risk and Compliance
Lockpath’s Tony Rock and Digital Shadows’ Chief Technology Officer James Chappell recently conducted a webinar titled “7 Ways the Digital Risk Revolution Changes Risk and Compliance”. You can watch it here.
Digital Shadows is a leader in digital risk management and threat intelligence. In this webinar, Chappell and Rock discussed the digital risk trends and real-world enterprise challenges that create serious impacts from a governance, risk and compliance (GRC) perspective. Increased exposure points, assets to protect, sophisticated attacks and regulations all set the stage for a digital risk revolution.
The world is investing in digital technologies to access more innovative business models, making them more profitable, efficient and effective. We’re in the digital-by-default era. This new digital domain, however, features new types of risks that didn’t exist before like cyber threats. Historically, enterprises build castle walls around their valuable “crown jewels”, be that customer PII (personally identifiable information), intellectual property or critical business operations. The castle moat doesn’t provide the protection that it once did. Organizational supply chains are more complex, diverse, and global, meaning we’re hyper-connected with more data that resides outside our company walls with limited visibility and less control. These gaps pose consequences to revenue, brand reputation and customer loyalty. You need fresh approaches to risk and compliance to understand and adapt to digital era threats.
A few highlights from our webinar include:
- Recognize Risks Beyond the Perimeter: The de-perimeterization of business due to mobile, cloud computing and an extended supply chain multiplies risks outside of your organization. Digital risks include cyber threats, data exposure, brand exposure, third-party risk, VIP exposure, physical threats and infrastructure exposure. The greater attack surface poses challenges for organizations facing a shortage of security staff and skills in IT and security. It requires holistic approaches that consider people, processes and technology to increase visibility, efficiency and compliance effectiveness.
- Adopt Integrated Risk Management: Evolving digital processes has transformed many organizations. The signs are breakthroughs in business opportunity and competitiveness. But organizations still operate in silos and often lack communication and coordination between departments. Digital activities accelerate enterprise risk and create compliance gaps, to say nothing of wasted staff resources and time. All businesses are becoming digital enterprises with their “digital footprints” extending online into social media, the cloud and even the dark web. Integrated Risk Management (IRM) overcomes these organizational silos and takes a more holistic approach as Gartner’s John A. Wheeler states in his blog on “Seven Ways to Engage the Board on IRM”. The benefits of Integrated Risk Management include improved risk management and decreased time spent on governance and compliance.
- Learn from Real-World Digital Risk Examples: Executives often ask how the exposures and breaches they read about in the media take place. The webinar presents several scenarios how digital risks have negatively impacted organizations. The last World Cup match illustrates how Digital Shadows used digital monitoring to detect threats leading up to the global event. They monitored for digital footprints, the information that is projected, shared and created online. They detect attackers by their digital footprints and analyze their actions for insight and context. Monitoring aids risk management and leads to early detection of incidents.
- Elevate the Importance of Digital Risk: Enhanced visibility and focus help organizations allocate limited resources and better align security to organizational goals. Tony shared that an organization’s risk culture and security maturity can influence their likelihood to incorporate digital risk indicators into their operational processes. While adopting new technologies can pose digital risk management (DRM) challenges, security and information professionals can become more agile and adapt to the technology landscape and evolving cyber threat preparedness. As Sam Curry noted in the Harvard Business Review article on boards taking responsibility for cybersecurity:
“Ideally, boards should eliminate obstacles that prevent organizations from developing a culture of proactive security. Without strong support from executive management and the board, companies are unlikely to develop strong cybersecurity practices. Directors should make sure that OpEx and CapEx are aligned with risk reduction priorities and projects; security is not done for security’s sake. It’s done for the business.”
Organizations have historically been unaware of their digital risks. Now they’re realizing that they can no longer ignore digital risks. Real-world evidence and case studies where financial and reputational damage resulted in serious outcomes for organizations are eye-openers.
Integrated Risk Management as a board of directors-level initiative helps establish cross-entity communication and resource investment. This welcomed executive involvement ensures a more strategic approach to risk management and security for all industry sectors, not just the highly regulated ones.
You can watch the webinar “7 Ways the Digital Risk Revolution Changes Risk and Compliance” to learn more about emerging threats and best practices to keep your business and reputation intact, reduce compliance complexity and mitigate digital risk going forward. Cyber security professionals must be responsive to the demands of agile digital-first businesses that lead our thriving economy.
Learn about how HIPAA Compliance plays a role in protecting against cybercriminals.
Learn about Principled Performance: Why should your company pursue it?
Read about the GAO’s report on CRA oversight