[3 min read]
Forbes Q&A with Grant Elliott, co-founder, CEO, and Chairman of Ostendio
This is an excerpt from an article that appeared in Forbes on July 28th, 2022. You can read the full article here.
Ostendio CEO, Grant Elliott, sat down with a Forbes magazine reporter to discuss the Top Risks and Security trends of 2022.
Forbes Q: What are the biggest threats businesses face when it comes to managing risk, security, and compliance in 2022?
Elliott: The number one threat faced by businesses is the growing inability to understand where their data is stored and who has access to it. Organizations store sensitive information in a multitude of cloud and on-premise environments globally accessed by employees, contractors, and third-party vendors The challenge for organizations today is how to ensure only those required, with legitimate rights, can access and use that data. Failure to identify and manage access to data has led to a rise in both the number of data breaches each year and the related financial and reputational cost to an organization. . According to a recent Ponemon/IBM report, the average cost of a data breach is $4.2m, the highest average total cost in the 17-year history of the report.
Another threat is complacency. When organizations are complacent and take shortcuts to managing risk, security, and compliance, they put their business, employees, and customers at risk. There is no automated shortcut to running an effective security program. We’ve met with many organizations, who have since become customers, that have either tried to manage the process through spreadsheets or held the belief that an “automated” system could adequately protect their data, only to fail a security audit and put their organization at further risk. To be successful, businesses must get boardroom buy-in to invest in building robust integrated risk management and data security programs that can be verified by an external auditor.
Forbes Q: Where are organizations likely to fall short in terms of managing those threats?
Elliott: Most organizations today don’t know where all of their data is or who has access to it. In an effort to manage threats, organizations often focus on their production data stored in a cloud environment such as AWS or Azure and fail to recognize that their data might be free-flowing across their organization - or beyond - through various cloud-based apps such as email, Slack, and other productivity tools. Without clear governance and mechanisms to enforce data security, sensitive data can find itself duplicated in all sorts of places providing potential attackers with a multitude of access points.
The Forbes article also covers what trends we can expect to see in the cybersecurity industry in the next 5 years including a discussion about the tools organizations will use to operate security and risk management programs, the increase in demand for security audits/certifications and the impact of a remote workforce.
And Forbes asks how businesses can prepare for the future. Elliott discusses managing and tracking assets including their criticality, risk, and accessibility. He talks about the increased use of APIs and understanding data flow between assets. Elliott also covers the need for organizations to follow industry-accepted standards and to ensure compliance by having it audited by a credible and independent third-party auditor.
The interview closes with advice for organizations looking at their cybersecurity plans for 2022 and beyond. Elliott says to build a culture of security at your organization. Data security and risk management is not just the job of the IT team or the CISO, it requires involvement from all employees in order to be successful. Elliott suggests that the role of the CISO is to work with the executive team to agree on a security budget that will drive operations security throughout the extending organization and reduce overall the organization's security risk.