Top expert-backed cyber risk advice

Author:?Gal Gonen, Director of Marketing at?Vulcan Cyber

Twice a year, Vulcan Cyber hosts the CyberRisk Summit. This biannual event brings together a diverse group of cyber risk experts from various industries and companies to share their top cyber security advice, tips, and profound insights on a wide range of topics.

Let's explore some invaluable lessons learned from the latest summit (May 2023):

1. How to keep up with the expanding attack surface

By: Yaniv Bar-Dayan, Vulcan Cyber CEO???

The expanding enterprise attack surface requires reliance on scanning tools for vulnerability identification and risk assessment. Multiple tools, up to 20, are used for vulnerability risk management, generating thousands of new vulnerability instances daily from various sources. The difficulty arises in identifying the right remediation owner, necessitating the association of ownership data across systems. Scaling vulnerability management processes is crucial for enterprises, encompassing steps like data correlation, contextual enrichment of findings, prioritization, task assignment, and progress measurement.

The full session is available to watch here >>

2. ?How to manage cyber security with limited resources?

By: Frank Kim, YL Ventures CISO in residence?

Principles should guide your approach to cyber security, especially when resources are limited. Take a step back from daily distractions and emphasize common sense practices that may be overlooked. As a security leader, remember that your role extends beyond implementing controls – it involves managing information risk for the organization and aligning security with broader goals. Treat cyber security as an enterprise risk, considering strategic, financial, operational, legal, and reputational aspects.

The full session is available to watch here >>

3. How to use EPSS for risk prioritization?

By: Roy Horev, Vulcan Cyber CTO, and Octavian Suciu, postdoctoral cyber security research?

Prioritize your vulnerability management with EPSS -- It complements CVSS by considering exploit availability, attacker skills, and patching cadence for accurate predictions. Use EPSS alongside other risk management information to allocate resources effectively. Keep in mind that EPSS has limitations in transparency and completeness due to contractual obligations and environmental factors. To integrate EPSS into day-to-day risk management, start with threat intelligence and focus on high-priority vulnerabilities. Combine EPSS probabilities with contextual information to set priorities. Remember, EPSS is a valuable tool, but not the only one in your risk management process.

The full session is available to watch here >>

Want to learn more?

Our team produced the must-read guide for CVSS 4.0. Read all about it here >>