Is your organization concerned about systemic cyber risk? Sam King, Veracode CEO, recently participated in the Aspen Institute’s sixth annual Aspen Cyber Summit which put the spotlight on this issue.
“Leaders in an organization, even those not responsible for infrastructure or security, should care about systemic risk because their ability to drive business results and their ability to manage risk for their business is increasingly dependent on the broader ecosystem.” - Sam King, CEO, Veracode
This year, the Aspen Institute’s Cyber Summit focused on the theme of systemic cyber risk and its impact in today’s digital world. As premised by the Aspen Institute, “Systemic disruptions of internet infrastructure, healthcare during a pandemic, energy infrastructure, and food supplies within just the past five years have triggered significant unease about the potential for loss of not just data or state secrets, but the critical operational systems that underlie real-world social functions.”
Sam King, alongside industry peers Ang Cui, CEO at Red Balloon Security, Wael Mohamed, CEO at Forescout, and moderator Michael Daniel, CEO at Cyber Threat Alliance, contributed her expertise in a public panel, Watchers on the Wall: How Innovation Can Keep Us Safe.
During the discussion, Sam counseled organizational leaders to be aware of systemic cyber risk, how innovation is helping prevent systemic risk, and what they can do to keep their organization safe:
- Systemic risk moves us from thinking about protecting only our critical assets – like key systems and applications – where traditional security strategies have focused to thinking about the mission of the business as a whole and its reliance on the broader ecosystem of technology providers. The mission of a business is increasingly dependent on services, capabilities, and products provided by an extended supply chain. For example, use of open source software is often a way to speed up digital transformation projects thereby increasing the reliance on and risk from vulnerabilities in the extended software supply chain.
- The thriving landscape of cybersecurity providers can help to drive down systemic cyber risk. “There is relatively easy access to capital which levels the playing field between startups and established companies. It keeps us all thinking about how to solve a problem in a holistic way that improves upon what was done previously,” said King. The panelists agreed that healthy competition in the security industry promotes innovation which in turn helps to eliminate cyber risks.
- Organizations can address systemic risk by increasing their visibility into their attack surface. “If organizations already know what they have, they don't have to spend valuable reaction time identifying their inventory and can focus on remediation instead” King explained. “More broadly, they’d also be able to aggregate their understanding across the ecosystem and extend protections.”
For more tips on protecting your organization against systemic cyber risk, check out the recording from the Aspen Cyber Summit. Or, to start gaining visibility into your attack surface, check out Veracode Discovery.
Want to stay up to date on the latest Veracode news? Sign up for our monthly newsletter.