Cybersecurity and Compliance: The Growing Partnership of CISOs and CCOs

In today’s world data is the new gold, and protecting it has become imperative for businesses worldwide. On this week’s episode of Corruption, Crime and Compliance, Michael Volkov navigates the cybersecurity landscape, unpacking the key threats haunting businesses and the elements of a robust cybersecurity compliance program. He underscores the importance of proactively managing these digital threats, to ensure your business remains protected. 

You’ll hear him discuss:

  • The growing partnership between compliance and cybersecurity is a rapidly emerging issue in compliance, affecting companies and their risk management strategies. Cyber threats are not only external but also internal, resulting from employee behavior and cybersecurity hygiene.
  • Chief Information Security Officers (CISOs) are increasingly collaborating with Chief Compliance Officers (CCOs), leveraging the latter’s expertise in governance, risk management, and training. This collaboration enables better education and training for employees on cybersecurity risks and the importance of good cybersecurity hygiene.
  • Approximately 50% of cyber or data breaches are the result of internal actors, either intentionally or through negligence. Thus, CCOs can play a crucial role in designing controls, conducting training, and monitoring employee behavior to mitigate such risks.
  • Major cybersecurity risks today include ransomware, cloud security, work from home security, phishing schemes, supply chain security, and identity and access management (IAM). 
  • The rise of cyber threats: The digital landscape is rife with cybersecurity threats, including insider threats, DoS and DDoS attacks, AI and machine learning attacks, and cyber espionage.
  • Organizations need to be vigilant against disgruntled employees with access privileges who could intentionally or unintentionally harm systems. This emphasizes the need for robust access controls, regular monitoring, and comprehensive employee training.
  • While AI and machine learning can enhance cyber defenses, they can also be weaponized by cybercriminals to automate and scale their attacks. 
  • A robust cybersecurity compliance program is necessary to protect a company’s IT infrastructure and includes:
    • Application Security: Familiarity with cloud security policies and the implementation of multifactor controls and administration privileges can help strengthen application security.
    • Information Security: Companies must adhere to strict security standards and employ encryption among other strategies to protect data from possible breaches.
    • Disaster Recovery Planning: This requires implementing backup and recovery systems, incident response drills, and endpoint protections.
    • Network Security: Most companies use firewalls to monitor traffic for cyber threats and attacks. Companies must also secure their wireless networks and ensure that remote connections are encrypted.
    • End User Security: Since hackers often gain unauthorized access through endpoints, companies must ensure that devices are updated with security programs and antivirus applications.
    • Operational Security: This involves identifying any potential vulnerabilities that could be exploited by a hacker.
  • Given the prevalence of phishing attacks and insider threats, cyber training for employees is of paramount importance for an organization’s cybersecurity.

 

KEY QUOTES:

“To the extent that cyber risks are the result of internal employee misbehavior or negligence, CCOs are natural experts in developing strategies for controls, mitigation of risks, and monitoring employee behavior, because they’re already doing that to a certain extent with regard to other risks.” – Michael Volkov

 

“Businesses that misconfigure security settings for applications can result in cloud account data breaches. Companies that rely on major cloud services have to design their security settings for their applications.” – Michael Vokov

 

“In the end, cybersecurity fails when there’s a lack of adequate controls and security readiness, and companies have to make smart strategic decisions when developing their controls and cybersecurity protections; and always focus on the human element, common mistakes, effectiveness of controls and vulnerabilities to hacker strategies to exploit any weaknesses.” – Michael Volkov

 

Resources

Michael Volkov on LinkedIn | Twitter

The Volkov Law Group

Leave a Reply

Your email address will not be published. Required fields are marked *

What are you looking for?