When it comes to cybersecurity, CISOs, Executive Leaders, and Board members have a tough job. Now that the SEC has charged SolarWinds and their CISO with Fraud and internal control failures, many stakeholders will carefully watch this litigation unfold for the outcome and a foreshadowing of things to come after the SEC Cybersecurity Rules were finalized this summer. Unintended consequences may be unfolding as a result. Companies may experience greater difficulty in hiring and retaining CISOs and cyber talent. We can and must do better. Technology, whether it be legacy or cutting-edge, is the issue. Companies must use technology with eyes wide open to its inherent, albeit undiscovered, fallibility. Humans must be the answer, cognizant of risks and controls and aided by technology and crisp communication.
Cyber investments and prioritization
When company leaders ask how best to prioritize Cyber investments toward impactful and return-focused initiatives, the answer should be "Those that are the most valuable to your objectives." This seems like an easy and obvious answer; however, it is most certainly not – and the SEC charges are a blunt reminder it is complicated. Technology advancements have always driven innovation, and your company's improvements will be driven by technology innovation. Not fully comprehending the impacts of that innovation on your business will lead to similar consequences.
Integrating CRQ with UHY Consulting
Disastrous cyber events are born from the material significance of vulnerabilities, ever-increasing mitigation costs, and continued budget constraints. A well-thought-out and organized CRQ program allows Cyber and Technology investment decisions to be effectively managed through proactive and prioritized enhancements, focusing intrinsically on "those that are the most valuable to your objectives."
How well does your organization understand the relationships between current and future attack surface changes, the downstream impacts of business interruption and intangible asset losses, the sophistication of actors and their tools of choice, not to mention your 3rd/4th/nth party considerations? Contact UHY Consulting to learn how our cybersecurity team can support your organization and help implement a successful CRQ program.
Written by Norman Comstock and Luke Nelson.
Have a Question?
Fill out the form to speak with one of our cyber professionals.