Webinar Summary

An overview of the current state of the cyber risk landscape

Michael Rasmussen provides an overview of the current state of the cyber risk landscape.

• Emphasis on the complexity of modern organizations with distributed and interconnected structures.
• Cyber risk landscape marked by constant disruption and the need to address new threats and vulnerabilities.
• Business environment is dynamic, undergoing continuous changes in technology, regulations, employees, and third-party relationships.
• Inevitability of cyber-attacks highlighted, including phishing, ransomware, and data breaches across industries.
• Focus on digital resilience and accountability through regulations like the EU's Digital Operational Resilience Act and the Bank of England's guidance.
• Recognition that cyber risk management involves the entire business, not just IT departments.
• Attacks target not only large corporations but also small and medium-sized businesses.
• Evolution of cyber risk management strategies crucial due to the ever-changing landscape.
• Failure to manage cyber risks can lead to severe financial, operational, and reputational damage.
• Automation plays a role in streamlining tasks, enhancing efficiency, reducing human errors, and enabling strategic decision-making.

The Seven steps in automating Cyber risk management journey

Walkthrough of each step in the journey:

1. Plan Assessment: Discuss the purpose, importance, and common practices in planning an assessment, and how automation can streamline this process.

2. Evaluate Controls: Talk about evaluating internal and third-party controls, highlighting the role of automation.

3. Estimate Risk Likelihood: Discuss how automation can help in accurately estimating risk likelihood.

4. Estimate Business Impact: Discuss the role of automation in determining the potential business impact of cyber risks.

5. Prioritize Risk Treatment: Discuss how automation aids in prioritizing risk treatment strategies.

6. Reporting: Talk about the importance of effective reporting in cyber risk management and how automation can help.

7. Continuous Monitoring: Wrap up with a discussion on the role of automation in continuous monitoring.

A case study demonstrating how automation has transformed the cyber risk management journey of a large retail organisation

• The case study showcases successful automation technology implementation in a complex retail setting.
• Challenges included fragmented control assessment, risk analysis, and decision-making processes across multiple brands, countries, and online channels.
• Manual practices involving spreadsheets and emails for control state collection hindered actionable risk insights.
• Automation solution from Alfahive was introduced to address these challenges.
• The platform automated control state collection and considered both internal and external threat perspectives, leveraging MITRE attack and defend techniques.
• Holistic view enabled quantified risk analysis using pre-built business impact analysis templates.
• Productivity of risk analysts increased by 100%, enabling more assessments within the same time frame.
• Automation technology facilitated better reporting, presenting risk insights in business-contextual terms for improved engagement with leadership.
• Data-driven decisions on risk reduction investments became possible, optimizing fixed time and resources.
• The integrated approach of automation demonstrated its potential to effectively tackle complex challenges and create significant impacts in intricate business environments.

Key take aways of the discussion

In summary, successful risk assessment involves evaluating current practices, assembling the right team, utilizing appropriate technology, implementing changes incrementally, and remaining flexible to address changing risks. This holistic approach ensures a proactive stance in managing and mitigating potential threats within an organization.

QnA

Listen in to the interesting questions put to the speakers and their responses.