0:00
Initializing the Verizon Quarterly Intelligence Briefing, the Cybersecurity Edition, featuring Chris Novak and Tony Sager.
0:09
Welcome to the first ever Quarterly Intelligence Briefing by Verizon Business, your source for essential , and information surrounding my favorite topic, cybersecurity.
0:24
your host, Chris Novak, and today exploring the thrilling and realm of cybersecurity.
0:32
In this episode, we're going to talk about cybersecurity basics, a new service from Verizon around , things you can do right now to help safeguard your business, things you should be doing right now,
0:45
and educating yourself and your team about the coming SEC regulations, and we'll have a special guest from the Center for Internet Security.
0:53
Let's dive right into today's topic. The new regulations around reporting cyber are cresting the horizon.
1:00
These rules aren't someday maybe regulations, and we know here at Verizon that the best way secure is prepared.
1:09
Welcome and thank you for joining our Quarterly Intelligence Briefing.
1:13
And me, I have Tony as my guest from the Center for Internet Security to help us really the details.
1:19
So, Tony, tell us what industries or types of organizations do you see as being this new SEC regulation?
1:28
I think the intention is good, and it's going to be the industry, all of the above.
1:33
And I think that's the important part of this, right?
1:36
It implies that you have a certain level of of your enterprise assets that many companies don't have.
1:43
Yeah, I would agree, and I would say, you know, at the end of the day, it's about kind of education and around what it is you need to do.
1:49
To your point earlier around the assets, you know, we see it time and time again.
1:53
Organizations need to know assets they have.
1:55
And I know historically the technologists would usually, you know, I need this tech, I need this firewall, I need this widget.
2:02
And the executives might not totally be able to understand or appreciate what does that do to help me from a risk standpoint.
2:08
?
2:10
There's a thousand good things to do in this industry.
2:12
You can't do thousands of things, right?
2:14
Right.
2:15
We need to help people focus in on what is critical.
2:17
That's determined by how are the bad guys attacking us today?
2:20
But what we never had in the past was a rigorous way to kind of model all this.
2:24
Go to our site, ciserturity.org, and look for a reference to group one, which is our techno name for what we call essential hygiene.
2:32
So we tried to trim down sort of the barest set of things that we think everyone should do no matter , what your size, what your sophistication, and make it very accessible.
2:42
A lot of that you can do with the tools that you .
2:45
Right.
2:46
And again, I would take those kinds of steps first.
2:48
We've started moving in that direction of actually offering a cyber risk quantification service, trying to help organizations individualize those numbers .
2:58
So they can say, this is what it means to my organization, even if it means something different to someone else, incidents still happen.
3:05
And so the ability to kind of have that cyber SWAT team parachute in and help you recover quickly from that and be able to those damages, that is very critical.
3:15
Yeah. Again, these are good business practices, right?
3:17
Whether we're talking about cyberspace or physical assets.
3:21
So it is important to have that conversation with whatever your company leadership is.
3:25
And it's not about fear, it's about, you know, are we being ?
3:28
I just want the audience to know, you did not put me up to this.
3:31
But I often tell people, if you don't know , because it is confusing, read the DBIR.
3:37
It's very readable, it's in English, and it gives you a sense of the scope of the problem and breaks it down beautifully, right?
3:43
And you don't have every technical aspect of it, but it's a really important starting point.
3:47
From a Verizon perspective, we've got a rapid response retainer that's helping organizations every day.
3:51
That's what we , getting in, helping organizations quickly.
3:55
The other thing is cyber risk quantification.
3:58
If you need to be able to report to the SEC or for that matter, anybody,
4:02
understanding and being able to quantify your risk, whether it's for internal or external, is critical.
4:07
And that service is specifically designed to do that.
4:10
Tony, you want to share?
4:12
We all know this from sports, right? wins games.
4:15
But offense and cyber, even fake offense like red team, so forth, .
4:20
You know, because we want this drama.
4:23
We think we need some magical thing.
4:25
But the foundation of defense is just good , good management, good visibility.
4:29
And if you don't start there, you can buy lots of technology with no success.
4:33
of the day, when we look at the SEC regulation and things like cyber risk quantification,
4:39
it helps organizations really truly understand what their .
4:43
And that is foundationally important to actually securing their enterprise, securing their , securing their customers, securing everything.
4:51
I know this is a lot of information , but don't worry.
4:54
We're going to link all the information in the captions so you'll be able to get everything and follow up with those resources.
5:00
With that, I want to thank Tony. Appreciate you being out here with us.
5:03
Thank you very much.
5:04
Thank you, Chris. Appreciate it.
5:06
Appreciate the audience's time and attention and appreciate the longstanding partnership we have with your teams.
5:10
You bet. It's a pleasure.
5:11
Thank you.
5:13
Thank you.