Redefining CyberSecurity

Companies, organizations and governments have massive volumes of data, and the primary focus for its security is placed on that which is stored in the cloud, but many are not following best practices of taking the extra steps necessary to ensure their backed up data is secure, complete and uncorrupted. This story is to talk about using the 3-2-1 rule for cyber resiliency (keep three copies of data, on two different formats–both encrypted, one of which is stored off-site and offline) and discuss anecdotes of what can happen when cyber resilience plans are not put in place or followed.

Data is the most important asset an organization has, whether it’s a business, organization or a government. At the same time, the frequency of cyber attacks that compromise data are increasing. Ransomware continues to be a plague, with some reports showing more than 14 publicly claimed attacks daily for the first half of 2024. Having a plan to thwart cyberattack is only part of the strategy. Equally important is how to rapidly recover and restore operations after a ransomware disruption has occurred. Share anecdote about OVHcloud data center that burned down in 2021 with backups in it – all assets destroyed and websites down for days. also might be good to mention the latest ransomware attack on University of Texas healthcare that is still not fully operational, 3 weeks after the attack and counting. it is unknown if they paid the ransom, but if they did and they’re still not operational, that goes to show how unreliable the ransomed data is. Apricorn’s own research shows that only half of U.S. respondents are conducting automatic backups to both a central repository AND a personal repository. Additionally, more than 25% of survey respondents were unable to recover all of their data successfully

If attackers are successfully breaching data and holding it for ransom, organizations have to be able to recover complete backups of their data in order to a) avoid paying the ransom and b) assure the original data needed for restoration of operations is complete and intact, which statistics show, frequently is corrupted and incomplete when ransom is paid. One of the easiest and most effective ways to rapidly restore operations after a ransomware attempt is to keep multiple copies of integrity-checked data so you can fully recover it if it’s compromised. The 3-2-1 rule is a proven cyber resilience best practice. The 3-2-1 rule calls for keeping at least three copies of your data on two different types of media, with one being encrypted and offsite. This is where Apricorn comes into play - we make the highest grade, portable data encryption products on the market. Our products are security focused - 100% software free, FIPS certified, non-Chinese chips and so many unique features such as admin AND user forced enrollment, programmable PIN lengths, brute force defense, self destruct PINS and more.

Learn more about Apricorn: https://itspm.ag/apricomebv

Note: This story contains promotional content. Learn more.

Guest: Kurt Markley, Managing Director, America's, Apricorn [@apricorn_info]

On LinkedIn | https://www.linkedin.com/in/kurt-markley-1596054/

Resources

Securing Data with Hardware Encrypted USB Drives: https://itspm.ag/apricoy0dm

Learn more and catch more stories from Apricorn: https://www.itspmagazine.com/directory/apricorn

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

In this Brand Story episode, Marco Ciappelli and Sean Martin sit down with Danny Jenkins, CEO and co-founder of ThreatLocker, to uncover the fascinating journey and innovative approach of ThreatLocker in the cybersecurity realm. The episode sheds light on the company’s mission, the challenges it faces, and the transformative solutions it offers.

Danny Jenkins recounts the origin story of ThreatLocker, beginning with his early career in IT and his fortuitous stumble into cybersecurity. He explains how witnessing firsthand the devastating impact of ransomware led to the inception of ThreatLocker. His experience with ethical hacking and ransomware recovery highlighted a critical need for more effective IT security solutions, enabling Jenkins to spearhead the development of ThreatLocker with a central philosophy: deny by default.

ThreatLocker’s primary goal is to help organizations implement a zero trust framework by making it as simple and automated as possible. Jenkins emphasizes that effective security requires blocking untrusted software and limiting what trusted software can do. He articulates the importance of learning the intricacies of each environment ThreatLocker protects, from small businesses to massive enterprises like JetBlue. By examining each endpoint and understanding the specific software and dependencies, ThreatLocker ensures that systems remain secure without disrupting daily operations.

One of the key aspects discussed is ThreatLocker’s unique human element combined with technological innovation. Jenkins introduces the concept of their 'cyber hero' team, dedicated to providing 24/7 support. This team is crucial, especially when onboarding new clients or assisting those already affected by ransomware. This commitment to customer service underscores ThreatLocker’s philosophy of not only providing top-tier solutions but ensuring they are successfully implemented and maintained.

Jenkins also touches upon the broader industry challenges, specifically the common pitfalls enterprises fall into by relying on endpoint detection and response (EDR) systems alone. He argues that such systems are often reactive, addressing symptoms rather than root causes. ThreatLocker’s approach, focusing on proactive prevention and least privilege access, aims to mitigate vulnerabilities before they can be exploited.

Finally, Jenkins discusses the future vision for ThreatLocker, highlighting continued growth and innovation. The company’s commitment to maintaining high support levels while expanding its product offerings ensures it remains at the forefront of cybersecurity solutions. Events like Zero Trust World serve as educational opportunities for clients to deepen their understanding and enhance their security postures.

Overall, this episode provides an in-depth look at ThreatLocker’s strategic approach to cybersecurity, emphasizing the importance of proactive prevention, customer service, and continuous improvement.

Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

Note: This story contains promotional content. Learn more.

Guest: Danny Jenkins, CEO of ThreatLocker [@ThreatLocker]

On LinkedIn | https://www.linkedin.com/in/dannyjenkinscyber/

Resources

Zero Trust World Conference: https://itspm.ag/threat5mu1

Learn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Guest: Joe Sulllivan, CEO at Ukraine Friends [@UkraineFriends_]

On Linkedin | https://www.linkedin.com/in/joesu11ivan/

____________________________

Hosts: 

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

The discussion begins with Sean and Marco humorously chatting about sunsets in California versus those on the other side of the world, as they prepare for their trip. With excitement in the air, they highlight the conference’s stellar lineup, especially keynote speaker Joe Sullivan, joining the conversation from Sydney. Already immersed in the Australian vibe, Sullivan shares his anticipation for the event and comments on the sunny weather awaiting them.

Sullivan’s career is a fascinating intersection of technology, law, and leadership. From his days as a cybercrime prosecutor to leading security efforts at Facebook and Uber, he offers a unique perspective on the evolution of cybersecurity as both a profession and a global necessity.

Joe Sullivan's Career Journey
Reflecting on his career path, Sullivan describes his journey as a "Jenga pile" built on diverse and dynamic experiences. He recalls his transition from government service to the tech industry during the dot-com boom, driven by curiosity and a hunger for new challenges. His work at companies like eBay, PayPal, and Facebook involved pioneering projects such as building security teams from scratch and shaping policies like responsible disclosure programs.

The Role of Regulation in Cybersecurity
Sullivan and the hosts delve into the crucial topic of regulation in cybersecurity. Drawing on his experiences, Sullivan underscores the disparity in resources between regulated and unregulated sectors, pointing to financial services and healthcare as examples. He advocates for smart, balanced regulations to ensure cybersecurity initiatives are well-funded and effective, emphasizing that structure is key to protecting industries and consumers alike.

Connecting with Security Professionals Globally
Through his global speaking engagements and commitment to attending conferences in full, Sullivan has gained valuable insights into the shared challenges facing security professionals worldwide. He highlights the universal nature of these challenges and the importance of collaboration across borders. His passion for fostering connections within the cybersecurity community resonates strongly in today’s interconnected world.

Humanitarian Efforts Beyond Cybersecurity
Beyond his professional endeavors, Sullivan shares his inspiring humanitarian work, particularly his efforts to support Ukraine through laptop donations. These initiatives, born from his professional network, illustrate the profound impact the cybersecurity community can have on broader global issues. By using technology to aid children’s education in conflict zones, Sullivan underscores the power of tech to bring hope and stability to those in need.

Conclusion
As the Australian Cyber Conference 2024 approaches, Joe Sullivan’s insights set a compelling tone for discussions about the future of cybersecurity. His message of resilience, adaptability, and global cooperation will undoubtedly inspire attendees. For those ready to engage and learn, Sean Martin and Marco Ciappelli warmly invite you to join them in Melbourne for this transformative event — and of course, follow them subscribing to their podcast if you cannot be there.

____________________________

This Episode’s Sponsors

THREATLOCKER: https://itspm.ag/threatlocker-r974

____________________________

Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia

Be sure to share and subscribe!

____________________________

Resources

UkraineFriends: https://itspm.ag/ukrainwwmj

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

Guests: 

Nadine Michaelides, CEO / VD, Anima People

On LinkedIn | https://www.linkedin.com/in/nadinemichaelides/

Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]

On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

View This Show's Sponsors

___________________________

Episode Notes

Imagine a world where employees aren't just potential risks, but the vanguard of cyber defense. A world where the human element, long considered the weakest link in security, becomes the cornerstone of an impenetrable digital fortress.

The latest episode of the Human Centered sub-series on the Redefining CyberSecurity podcast features a compelling discussion with Nadine Michaelides, a security and crime psychologist, researcher at University College London, speaker, and entrepreneur. Julie Haney co-hosts the episode with Sean Martin, discussing the critical role employees play in strengthening cybersecurity defenses.

Nadine Michaelides shares her insights on the shift from viewing employees as potential risks to recognizing them as essential components of a robust cybersecurity strategy. This approach emphasizes the importance of understanding the human element in security and integrating psychological principles to improve employee engagement and motivation. Unlike purely technical measures, human-centered cybersecurity focuses on fostering intrinsic motivation and creating a culture where security is an integral part of daily operations.

The conversation highlights the importance of moving beyond mere awareness campaigns. According to Michaelides, simply making employees aware of security risks is insufficient. Organizations must focus on creating intrinsic motivation, ensuring that employees understand and internalize the significance of their actions. This can be achieved through effective training, clear communication, and involving employees in security initiatives.

Michaelides also introduces the concept of human risk management, which involves assessing and addressing the psychological and behavioral factors that influence cybersecurity. She stresses the need for a multidisciplinary approach, incorporating insights from psychology, sociology, and organizational behavior to create comprehensive security strategies. This holistic approach helps organizations identify and mitigate risks more effectively, as it considers the diverse motivations and behaviors of employees.

Sean Martin raises an interesting point about how personal risk assessments can parallel organizational security measures. He suggests that just as individuals assess the risks associated with their actions and make informed decisions, organizations should empower employees to understand and manage their own cybersecurity risks. This empowerment can lead to more proactive and responsible security behaviors.

The discussion also touches on the significance of cultural factors in cybersecurity. Michaelides explains that security initiatives must resonate with the cultural values and norms of the workforce to be truly effective. This involves creating tailored security content that reflects the diverse backgrounds and experiences of employees, making it relevant and engaging for everyone.

Julie Haney underscores the potential of employee feedback loops in enhancing security measures. She suggests that organizations should actively seek input from employees to identify pain points and areas for improvement in their security practices. By involving employees in the development and refinement of security protocols, organizations can create a more supportive and effective security culture.

In conclusion, the episode presents a forward-thinking perspective on cybersecurity, advocating for a shift from traditional, top-down approaches to more inclusive and employee-centered strategies. By recognizing and leveraging the human element, organizations can transform their employees from potential vulnerabilities into key defenders of digital assets.

___________________________

Sponsors

Imperva: https://itspm.ag/imperva277117988

LevelBlue: https://itspm.ag/attcybersecurity-3jdk3

ThreatLocker: https://itspm.ag/threatlocker-r974

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: 

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Black Hat, the cybersecurity industry’s most established and in-depth security event series, today announced the release of its content lineup for Black Hat Europe 2024. The live, in-person event will take place at the ExCeL London from December 9 to December 12, and feature 41 Briefings hand selected by the Black Hat Europe Review Board, four days of Trainings, 25 Sponsored Sessions, and 64 in-person tool demos and three labs at Black Hat Arsenal.

Briefings highlights include:

● SpAIware & More: Advanced Prompt Injection Exploits in LLM Applications

● SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon

● WorstFit: Unveiling Hidden Transformers in Windows ANSI!

Trainings highlights include:

● Assessing and Exploiting Control Systems and IIoT [4105]

● Fundamentals of Cyber Investigations and Human Intelligence [2111]

● Attacking DevOps Pipelines [2108]

● Offensive Mobile Reversing and Exploitation [4108]

● Advanced Cloud Incident Response in Azure and Microsoft 365 [2103]

Black Hat Arsenal at Black Hat Europe 2024 tool demo highlights include:

● Campus as a Living Lab: An Open-World Hacking Environment

● Pandora: Exploit Password Management Software To Obtain Credential From Memory

● Morion - A Tool for Experimenting with Symbolic Execution on Real-World Binaries

For registration and additional information on Black Hat Europe 2024, please visit www.blackhat.com/eu-24

Note: This story contains promotional content. Learn more.

Resources

Press Release: https://www.blackhat.com/html/press/2024-11-06.html

Catch all of our On Location Stories: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

SecTor, Canada’s largest cybersecurity conference, today announced the successful completion of the in-person component of SecTor 2024. The event welcomed 5,000 unique attendees joining in-person from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto.

Show highlights for 2024 included:

● Keynotes: This year’s event featured two Keynote presentations. The opening Keynote was presented by Leigh Honeywell, founder and CEO of Tall Poppy, and the second Keynote was presented by Omkhar Arasaratnam, Distinguished Engineer for Security at LinkedIn.

● Business Hall: This year’s Business Hall showcased the latest products and technologies from more than 140 of the industry’s leading cybersecurity solution providers. The Business Hall also featured areas for attendee, vendor, and community engagement through Exhibitor Booths, Arsenal, Sponsored Sessions, Bricks & Picks, and the Community Lounge.

● Summits: On Tuesday, October 22, the event featured a full day of Summit content, including the ninth annual SecTor Executive Summit, the inaugural The AI Summit at SecTor, and the ninth annual Cloud Security Summit at SecTor.

● Scholarships: As a way to introduce the next generation of security professionals to the SecTor community, SecTor awarded a total of 37 complimentary SecTor 2024 Briefings passes. Black Hat holds its own annual Student and Veteran Scholarship programs, and partners with a variety of associations on additional scholarship opportunities.

Note: This story contains promotional content. Learn more.

Resources

Press Release: https://www.businesswire.com/news/home/20241030638106/en/SecTor-2024-Announces-Record-Breaking-Attendance-Following-Successful-Close-of-Toronto-Event

Learn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

Learn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

In this episode of Short Brand Story recorded during the HITRUST Collaborate 2024 conference, Sean Martin sits down with Josh LaDeau, a prominent figure in the world of cyber insurance. Josh, who represents Trium Cyber, illuminates the crucial aspects of cyber insurance, from data integrity to market challenges. Trium Cyber is known for its specialty in providing cyber property, E&O, and miscellaneous coverages.

Josh emphasizes the importance of data in the insurance industry, explaining how accurate, structured data provided by HITRUST aids in underwriting processes. The partnership with HITRUST brings a unique advantage by ensuring data consistency and structure. This elevates the underwriting process by reducing ambiguities in policy applications and promoting data security. Josh highlights that this collaboration allows clients to present their data in a more uniform manner, making it easier for insurers to assess and underwrite policies accurately.

Moreover, the HITRUST R2 framework is particularly beneficial for clients, offering a higher quality of data that leads to better coverage options and advantageous premium pricing. Josh points out that a third-party attestation by HITRUST not only assures data integrity but also qualifies clients for a dedicated credit, further enhancing their position in the market.

The episode underscores the value Trium Cyber brings to its clients, focusing on technological acumen and a keen understanding of the cyber insurance landscape. This partnership is poised to make a significant impact in making cyber insurance more accessible and reliable for businesses.

Learn more about Trium Cyber: https://itspm.ag/hitrusi2it

Note: This story contains promotional content. Learn more.

Guest: Josh LaDeau, CEO, Trium Cyber

Resources

Learn more and catch more stories from Trium Cyber: https://www.itspmagazine.com/directory/hitrust

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

Guests:

Christine Dewhurst, Partner, NSC Tech

On LinkedIn | https://www.linkedin.com/in/christine-dewhurst-262867a9/

At Sector | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#christine-dewhurst-48706

Dr. Thomas Lee, CEO, Vivo Security

On LinkedIn | https://www.linkedin.com/in/thomas-lee-phd-b7766b10/

At Sector | https://www.blackhat.com/sector/2024/briefings/schedule/speakers.html#dr-thomas-lee-48707

____________________________

Hosts: 

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of the On Location with Sean and Marco as part of our coverage of SecTor Information Security Conference in Toronto, Canada, Sean Martin and Marco Ciappelli spoke with notable guests Christine Dewhurst and Dr. Thomas Lee. This episode centers on innovative approaches to assessing an organization's risk related to third-party data breaches. Christine Dewhurst and Dr. Thomas Lee present a compelling new people-centric model for determining an organization's exposure to third-party data breaches.

Dr. Lee, who holds a PhD in biophysics and operates in California's Silicon Valley, initially approached cybersecurity from a scientific standpoint. He explains that their research focuses on using empirical regression modeling to quantify and predict data breach probabilities based on staffing levels and certifications. His emphasis is on the importance of having enough trained and certified personnel, which includes CISSPs and CISAs, as key indicators of security posture.

Christine Dewhurst, based in Toronto, partners with Dr. Lee in applying these mathematical models in practical scenarios. She underscores the critical role of understanding the workforce's capacity to manage and protect data. Dewhurst explains that their model evaluates five key staffing metrics to predict data breach risks, emphasizing that having the right quantity and quality of staff is crucial for robust security. She highlights their unique approach which differs from traditional methods focusing solely on technical controls.

The discussion also touches on the surprising significance of audit certifications (CISA) being equally important as technical security certifications (CISSP). This understanding bridges the gap between cybersecurity practices and business management strategies, providing a holistic overview of enterprise security health based on human resources. Christine Dewhurst and Dr. Thomas Lee offer fresh insights into how organizations can strategically enhance their defenses against third-party data breaches.

____________________________

This Episode’s Sponsors

HITRUST: https://itspm.ag/itsphitweb

____________________________

Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canada

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190S

Be sure to share and subscribe!

____________________________

Resources

A New People-Centric Approach to Determining an Organization's Exposure to a Third-Party Data Breach (Session): https://www.blackhat.com/sector/2024/briefings/schedule/index.html#a-new-people-centric-approach-to-determining-an-organizations-exposure-to-a-third-party-data-breach-41396

Learn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

In this Brand Story episode, Sean Martin brings together the team from HITRUST, Robert Booker and Blake Sutherland, to discuss the topic of cyber insurance and its current state in the industry. Both guests bring a wealth of experience and insight, with Robert Booker overseeing strategy, research, and innovation at HITRUST, and Blake Sutherland serving as the EVP of Market Engagement.

A significant portion of the discussion centers around the role of cyber insurance in today's business environment. Cyber insurance is not just a safety net but a critical aspect of a complete risk management strategy. As Robert Booker points out, it’s an essential service, historically used to cover residual risk after companies have applied their own security measures. However, the market has changed considerably, with new capabilities and approaches evolving over the past several years, making it a dynamic area.

Blake Sutherland further elaborates on the issues that organizations face in acquiring cyber insurance today. The process is often cumbersome, involving extensive questionnaires and varied requirements from different underwriters. This can be particularly challenging for mid-market companies that may lack the internal resources to manage these complexities.

The episode highlights that HITRUST is addressing these challenges with their R2 certification, which provides an objective, quantifiable measure of an organization’s cybersecurity posture. This certification helps companies not only in fortifying their own security but also in streamlining the insurance acquisition process by offering a standardized measure that underwriters can rely on. According to Robert Booker, this quantified approach can make a significant difference, offering confidence to both the insured and the insurer.

Another important aspect discussed is the role of brokerage in this process. Brokers traditionally guide companies through the insurance process, and an R2 certification from HITRUST can greatly assist them in securing better terms and conditions, as it is recognized as a testament to a company's robust security posture. This can also translate into potentially lower premiums and more reliable coverage, addressing one of the largest pain points in securing cyber insurance.

The HITRUST Shared Risk Facility is made available exclusively through licensed brokers and can be accessed by any company holding an R2 certification, with plans to extend to I1 and E1 levels in the future. This facility aims to simplify the process, reduce the administrative burden on companies, and provide greater reliability in the insurance coverage.

The episode wraps up with an invitation for organizations, brokers, and underwriters to engage with HITRUST to explore these innovative solutions. It’s a call to improve the overall confidence in the insurance landscape through verified, independent measures of cybersecurity maturity, ultimately benefiting all parties involved in the cyber insurance ecosystem.

Explore how HITRUST’s R2 certification can enhance your organization's cybersecurity posture and streamline your cyber insurance process.

Learn more about HITRUST: https://itspm.ag/itsphitweb

Note: This story contains promotional content. Learn more.

Guests: 

Blake Sutherland, EVP Market Adoption, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/

Robert Booker, Chief Strategy Officer, HITRUST [@HITRUST]

On LinkedIn | https://www.linkedin.com/in/robertbooker/

Resources

HITRUST 2024 Trust Report: https://itspm.ag/hitrusi2it

Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust

View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

In this episode of 7 Minutes on ITSPmagazine from HITRUST Collaborate 2024, Sean Martin is joined by Ian Terry and Robert Godard from IS Partners to discuss the importance of compliance in modern corporations. Ian and Robert share their insights from the HITRUST Collaborate event, shedding light on their company's unique approach to cybersecurity and auditing.

Robert Godard explains that IS Partners was founded with a startup mentality, emphasizing collaboration and a fun work environment. This culture aims to make compliance efforts less daunting for both their team and their clients. Ian Terry adds that fostering an enjoyable work atmosphere is crucial for engaging and committed outcomes, especially in the dynamic world of information security.

One significant point discussed is the balance between fun and professionalism. Ian highlights that while the job can be stressful during cybersecurity incidents, the focus on industry changes and continuous learning keeps the work interesting and rewarding. The duo also touches on how IS Partners assists clients in navigating complex compliance frameworks. Their tailored approach ensures clients not only meet regulatory requirements but also achieve their business goals.

The episode concludes with a note on the importance of events like HITRUST Collaborate for networking and professional growth.

Learn more about IS Partners: https://itspm.ag/isparto2jk

Note: This story contains promotional content. Learn more.

Guests: 

Ian Terry, Principal, Cybersecurity Services, IS Partners [@ISPartnersLLC]

On LinkedIn | https://www.linkedin.com/in/ian-terry/

Robert Godard, Partner, IS Partners [@ISPartnersLLC]

On LinkedIn | https://www.linkedin.com/in/robert-godard-cpa-cisa-hitrust-ccsfp/

Resources

Learn more and catch more stories from IS Partners: https://www.itspmagazine.com/directory/is-partners

Learn more about HITRUST: https://itspm.ag/itsphitweb

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story