Bringing an adversarial ethos to the boardroom

Bringing an adversarial ethos to the boardroom

Unsplash/Fauxels

Offensive security testing can be the strategic foundation of any cybersecurity programme, if board members are willing to engage, says Wade Lance of Synack

Guest contributor |


Corporate boards are caught in a cybersecurity bind. On one hand, board members often lack meaningful visibility into their business’s cyber defences. On the other hand, the US Securities and Exchange Commission is finalising regulations to make publicly traded companies more transparent about their cyber posture – including by disclosing board members’ cybersecurity expertise (if they have any).  

The good news for board members is that you don’t have to become a cybersecurity guru to know where your company stands in the race against attackers. Synack offers adversarial security testing that reveals a company’s posture, helping them to understand what’s causing the same categories of exploitable vulnerabilities to keep cropping up in their environment, which parts of a security programme aren’t sparing a thought for what real human attackers would see, and where security spending is most effective in an era of tightening budgets. 

These insights stem from using our platform, which unlocks access to more than 1,500 security researchers from around the world. Our elite Synack Red Team finds high-impact vulnerabilities and verifies when they’re fixed. Real-time reporting and analytics raise awareness of how your security programme can improve.  

Synack is integrated with Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft Azure DevOps, allowing our platform to fit right into existing security operations workflows. As a Microsoft Intelligent Security Association member and security testing partner for Microsoft Security, we’re proud to support Microsoft’s commitment to making life harder for cybercriminals and nation-state attackers. We recognise that continuous penetration testing – a controlled way to mimic how real-world attackers find exploitable security vulnerabilities – is just one piece of the puzzle when it comes to addressing cyberthreats to our critical infrastructure and civic institutions.  

Poor cyber posture can destroy businesses. For many organisations, trends in global technology such as the ongoing shift to the cloud and rapid digital transformation are leaving defensive gaps wide enough to cart a smart fridge through. 

Too many boards still haven’t embraced the reality that cybersecurity is now a mission-critical business element that they must manage like any other. I know many board members are highly committed, highly intelligent businesspeople who have earned their spots, but they need to be able to show their work when it comes to cybersecurity. And they should know it’s now possible to use adversarial penetration testing to transform their security posture.  

Wade Lance is field chief information security officer at Synack 

This article was originally published in the Spring 2023 issue of Technology Record. To get future issues delivered directly to your inbox sign up for a free subscription.

 

Subscribe to the Technology Record newsletter


  • ©2024 Tudor Rose. All Rights Reserved. Technology Record is published by Tudor Rose with the support and guidance of Microsoft.