Cyber resilience: Tactics to find and fix security vulnerabilities

Cyber resilience: Tactics to find and fix security vulnerabilities

By Phil Renaud, Executive Director, The Risk Institute

Meet Phil Renaud, at X-Tech 2019: Financial Services and Technology (Get 15% discount on the Convention using presenter code: XTECH33)

Can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

I’m the Executive Director of The Risk Institute, a risk-management research organization, at The Ohio State University. I’ve spent more than 25 years creating and managing several large multi-location, international risk management departments, and I’ve researched risk management across industries like finance, retail, insurance and more. I’ve managed risk programs at DHL, Kmart Corporation, Limited Brands and more, and I’ve studied the strategies risk professionals should take for effective risk management practices across multiple areas of insecurity within a corporation. Currently, I oversee all aspects of The Risk Institute’s research development and membership.

What, for you, are the benefits of attending a conference like the ‘X-Tech 2019 Convention’? What can attendees expect to learn from your session?

In today’s world, cyber risk only continues to become more prominent, and every industry and business is interconnected. It’s crucial that all businesses and departments understand and are prepared for a potential cyber attack, and educational, informative events, like X-Tech, are crucial in helping manage the problem.

Attendees can expect to take away actionable strategies for improving cyber risk management. You will learn how to identify potential gaps in cyber security plans, adapt internal risk management strategies to mitigate risk factors, implement new strategies to lower your company’s cyber risk and increase resiliency in the face of a cyber security breach. Attendees can expect to leave with a better understanding of the current cyber security landscape, the factors that influence companies’ risks and strategies to build resilience against them.

What national security implications could arise due to dependences on cyber networks?

According to research from The Risk Institute, 28% of financial firms have been victims of a cyber attack, a risk that continues to grow each year. The firms who choose to turn a blind-eye to the risks of a cyber-attack are doing themselves and their companies a disservice. The risk is enormous: cyber-attacks can shut down industrial facilities, utilities and infrastructure systems, interfere with military operations and compromise national security, yet firms according to our survey are continually decreasing their risk management units. The growing dependence on cyber networks means a cyber-attack is one of few threats that can have truly national implications.

In your opinion, what risk management tactics should financial institutions implement in order to mitigate risks? What economic consequences should be expected?

Leaders in all industries, especially finance, need to understand the implications of security breaches and how to prepare before a crisis. Cyber defense will continue to be a major task for companies. When it comes to cyber risk, effective risk management can mean the difference between achieving prosperous growth and bankruptcy. First, firms must understand all potential risks at hand for their business. Corporations can prepare for cyber warfare and build resilience in the face of chaos through tools like the Supply Chain Resilience Assessment and Management (SCRAM™), a resiliency measurement tool developed by The Risk Institute that is available for use in the marketplace. This tool identifies six major types of supply chain vulnerabilities (turbulence, deliberate threats, external pressures, resource limits, sensitivity and connectivity) and assesses a company’s potential risks for each.

What best practice methods can you recommend for building resilience against the risks of cyber?

In the face of overwhelming odds that your company will be the victim of a cyber-attack, the answer is resilience. Resilience is the capacity of an enterprise to survive, adapt and grow in the face of turbulent change, and means improving the adaptability of cyber networks, collaborating with stakeholders and leveraging information technology to assure continuity, even in the face of catastrophic disruptions. Being resilient goes beyond mitigating risk; it enables a business to gain competitive advantage by learning how to deal with disruptions more effectively than its competitors and possibly even using those disruptions to its advantage. To become resilient, businesses don’t necessarily need fancy software or consultants to get started. Businesses often just need to use the resources at hand to implement business continuity planning and then test that plan through crisis and/or business simulation exercises. A company can show its commitment to resilience by investing in predictive analytics. Predictive analytics is one of the most exciting developments for enterprise risk management over the last decade; it allows a business to be more resilient and adapt faster during a crisis, especially a cyber-attack, by determining the probability of future outcomes and allowing a firm to create a plan ahead of time.

How do you see the technology and innovation space evolving in the next 6-12 months?

Artificial intelligence will continue to see major, impactful technological changes over the next year and beyond. AI has infiltrated our cars and homes, transforming the way we live and work. Meanwhile, cyber security risks continue to grow and firms are under-prepared for a cyber attack. According to new research from The Risk Institute, 60% of risk managers believe that AI will play a role in their firms’ risk management in the near future. Really, that number should be 100%. At a time when national companies are replacing skilled workers with computers, we’re seeing AI’s impact on every industry. There are numerous opportunities for companies to leverage AI to enhance processes and mitigate risks, but risk management best practices also tell us not everything can be fully controlled by AI some day. For insurance companies, risk managers and security professionals – just to name a few – AI might change the way we’re submitting claims and reporting fraud, but also cannot take over all job functions. And with a widening gap of risk management talent, highly cognitive tasks like security, safety and contract reviews will continue to remain large potential risks for firms and will continue to require human control. The balance of implementing and using AI among our staff and to the best of its abilities will continue to be a challenge and an opportunity for many industries and corporations in the near future.

Meet Phil Renaud at…

Sign up for your free account:

become-a-risk-insights-member-banner-1

Don’t miss out on…

X-Tech 2019