Every business operating in today’s digital world faces cyber risk. But what makes today’s cyber incidents different is the growing sophistication of nation state attackers and the cyber weapons at their disposal. The SolarWinds attack in December and the attack on Microsoft Exchange this month have made it clear that cyber events can cause catastrophic harm – in terms of immediate financial losses; disruption to business; loss of brand reputation; fines and judgements; and the theft of intellectual property which drives the competitive future of businesses around the world.
Yet, very few organizations are actually evaluating and managing cyber risk as they do other forms of business risk – with a quantified view into the potential harm that could come from any number of cyber events. They’ve treated cyber risk as a technical issue, focusing on maturity models and patching of vulnerabilities as indicators of risk reduction. This has left businesses with a false sense of security, has prevented real dialogue that supports prioritization of resources and investments, and has left security teams detached from their core mission of reducing the potential of harm.
This was the topic of a recent webcast that ThreatConnect hosted along with Africa’s emerging value-added cyber security distributor Spire Solutions. Our guest this week is the keynote presenter from that webcast, Osama Salah, an Information Security and Cyber Risk Management Professional currently working for a UAE government entity. Osama is widely considered a Middle East regional expert on Cyber Risk Quantification.