Trouble viewing this email? View in web browser
SEC: Boards can no longer pass the buck on cybersecurity
Kyle Fiehler, Senior Transformation Analyst, Zscaler

The SEC announced highly anticipated cyber rules in the final week of July, sending cyber leaders scrambling to understand what they mean for their companies and how to comply with the new requirements. 

Two main components of the new regulations have garnered the most attention from pundits so far. The first is the stipulation that cyber incidents be reported within four days of being deemed “material,” except where such disclosures could affect national security or public safety.

The second significant change is that publicly-traded companies must now annually report on their processes for “assessing, identifying, and managing material risks from cybersecurity threats.” 

This will have a significant effect on how security executives measure and convey cyber risk acceptance and mitigation strategies to boards, and how boards justify their oversight of such risk. 

“Board members should continuously reassess risk, influence technology and non-technology factors, overcome obstacles and finally, measure the impact of change," says Zscaler Board Member Andy Brown.

Risk360, Zscaler’s new risk quantification and visualization platform, offers data-driven insights and standardized risk scores to help boards and business leaders understand where cyber risk lies and what steps to take to mitigate it.

Read more about how holistic reporting capabilities can help security executives convey critical risk concepts to fellow executives and boards.

From the Office of Transformation:
‘Zero Trust Guiding Principles’ is the resource I wish I’d had as a CXO
Brett James, Director, Transformation Strategy, Zscaler
The Cloud Security Alliance (CSA) recently published a new “phone book” entitled “Zero Trust Guiding Principles.” Zero trust is an enormous topic, often misunderstood and overcomplicated. The book's goal is to provide a clear understanding to all, from board members to practitioners of what zero trust is and the guiding principles to be remembered when planning, implementing, and operating ZT.

I’ve had the honor of being involved with CSA’s Zero Trust Advancement Center Working Group over the past 12 months and have been impressed with the organization’s attempts to lower the entry bar to zero trust.

When I was on the customer side as the head of enterprise architecture, I started my own little zero trust project. But due to the immaturity of the industry and lack of publicly available resources, it took me a good two years to finally figure out what it was all about, how to strategize the journey, and how it could actually enable the business and increase users' experience.

The new book, Zero Trust Guiding Principles, is the kind of knowledge I wish was available to me back then, as it would have greatly reduced that two-year discovery window. It would also have come in handy to help evangelize the concepts to other teams and extol the reasons for taking on this massive project.

I urge all CXOs and technical leaders to read this book. (It’s only 20 pages!) The practical concepts contained within are suitable for all, from the board members to zero trust practitioners.

If you’re interested in reading, you can download your copy of the book here.
Editor's Picks
The words “insider threat” have been known to make a CISO shudder. Few attack vectors can more quickly undermine a well-construed line of defenses than a credentialed user who – intentionally or unintentionally – acts in a manner that increases an organization’s overall cyber risk.
Tackling the tough problem of insider threats
Before ransomware began generating billions of dollars for cybercriminals, we had “simple” computer worms with similar self-replicating capabilities, focused mostly on mischief and wanton destruction. Did you know that the first major cybersecurity worm event happened in 1988? So, why are we still losing the battle?
Why haven't defenders made more progress?
By now, most security professionals recognize that, as data loss prevention (DLP) solutions go, you can’t do better than a cloud access security broker (CASB). That’s because CASBs stand logically between all users and all cloud-hosted services and apps, providing visibility, analysis, and control capabilities for preventing sensitive data loss.
Advice for progressively enhancing your data protection program
Amid nuanced debate about whether AI will save the world or rise to kill us all, why train a large language model (LLM) on roughly 6.1 million pages of dark web content? Research, says one group of South Korean academics in a paper titled DarkBERT: A Language Model for the Dark Side of the Internet published in May.
How a dark web-savvy LLM could make us all more secure
Recently, news broke that OpenAI is being sued for allegedly scraping massive amounts of personal data without permission to train its AI models. If you ask me, this was to be expected as developers use what they can to furnish the colossal amounts of data needed to train their machine learning models.
Do creators have any hope of protecting their data from insatiable AI?
Podcast Center
Tune in and zone out to stories of digital business and cybersecurity excellence from across our CXO community.
The CISO’s Gambit | Ep. 27
Jack Leidecker oversees the security of an AI-driven revenue platform that derives advanced revenue and sales insights. Hear his insider’s view on AI’s current trajectory and the importance of remembering one’s roots in a high-tech world.
Listen now

Cloudy with a Chance of Trust | Ep. 46
When a prospect has trouble grasping the architecture underpinning zero trust, Zscaler calls in Brian Deitch. The Chief Technology Evangelist is known for his colorful technical whiteboarding sessions and passion for infosec. He joined the show to discuss his career, early experiments with social engineering, and influences on his distinctive style.
Listen now

The CIO Evolution | Ep. 23
Cyber defense has been an "infinite game" played on an uneven field, but deception can give the good guys the upper hand. Zscaler VP & CISO Sam Curry makes a compelling case for derailing even the most sophisticated hackers with unpredictable, hostile networks.
Listen now

Contact the Customer Experience &
Transformation Team: [email protected]

LP-Asset-Aid-v1_twitter.pngView us on YouTube:
LP-Asset-Aid-v1_twitter.pngFollow us on Twitter: @zscaler
Connect on LinkedIn: CXO REvolutionaries
logo-zscaler-white 139x30.png