Meet CyGov- Holistic Cyber Security Platform for Effective Risk and Compliance Management
CyGov's experts developed an advanced holistic cyber assessment, compliance and risk management platform to streamline and customize the cyber governance capabilities of organizations in the healthcare, energy, financial services, retail and public sectors. We had the pleasure of speaking with CEO Yair Solow, to hear all about the technology and vision behind CyGov. Share
Please Describe the Background Behind CyGov
CyGov was founded 2 years ago. The initial pain point we identified in the market was that many cyber solutions are very tactical and focused on specific problems such as phishing, malware, firewall intrusion and so on. While these solutions are important, there is a much greater and more strategic challenge not being answered in how to approach the cyber risk as an entire organization.
When we look at cyber security as a holistic challenge, we recognize a deficiency in strategic tools that help organizations address this challenge. As our research progressed, we learned that any key point of failure starts and ends with cyber risk management process.
Upon gaining a deeper understanding of the customer's specific requirements, we made the decision to develop an enterprise Software-as-a-Service (SaaS) platform. This platform would serve as a comprehensive and ongoing solution, strategically addressing the security challenge at hand.
This starts with the initial step of a risk assessment, collection of data, analysis, integrating live threats and vulnerabilities, visualizing and quantifying the risk, while empowering organizations to not just identify the problems, but also to learn how to fix the problems, improving the overall cyber posture. CyGov has enabled all that under one platform and dashboard.
What's unique about CyGov's Risk Management Platform?
Our product is unique in a number of ways.
Firstly, it helps bridge the gap between manual tools that exist on the market and existing.
Another unique point is in the way we evaluate and measure risk. We don't just look at risk from the technology standpoint, which is where everybody else is focused. We assess physical security and cyber intelligence, and the platform creates an actionable remediation plan. In each of those verticals the platform analyzes the people and processes as well as the tools. The scoring algorithm provides a quantifiable result showcasing the risk so the organization can understand where they stand, what their weakness points are, and what they need to do tomorrow morning.
The platform was specifically designed for multiple layers of management including specific dashboards for C level management and boards that address the operational risks, creating a level of transparency into the organization’s cyber risk that simply has not existed until this point. Our dashboard and metrics are customized to the various stakeholders from the strategic level and all the way down to the technical, very granular level.
Often, organizations perform a risk assessment and stop there, but regulatory changes necessitate them to renew their compliance and review their threat readiness.
Our solution uniquely integrates live intelligence and regulatory changes in an automated fashion so that the organization’s risk score is as up-to-date at all times and alerts the organization of any potential threat or non-compliance in real time.
What are the necessary components to protect organizations from cyber threats?
- First and foremost, defining the critical assets and prioritizing their importance.
- Understanding the cyber landscape and the types of threats that might be relevant to their industry.
- Constantly running risk assessments that lead to a continuous improvement of their cyber security readiness.
- Creating policies that prevent human errors, as the human element is often the weakest link.
If you were a policy maker, what changes would you implement to eliminate cyber threats?
Regulation has already been implemented in some industries, but there needs to be more common standards requirements across all industries.
The implementation of GDPR for example, is a step in the right direction, but there are many areas that have yet to have been addressed in regards to protecting our data.
Further, regulators shouldn’t only look to protect private client data but should also look to limit the potential damages to the companies themselves from a cyber-attack. There are many companies that can have a vast impact on the overall economy. Organizations in the energy and healthcare space, for example, could all create massive damage to the general public if breached, even if they are privately owned, therefore this need to be addressed by the regulators as well.
Cyber security as an industry will continue to grow. Despite the saturation of cyber security solutions in some verticals, the attackers continue to get more sophisticated and the attacks more widespread, therefore there is no doubt that we will need more holistic solutions which employ multiple stages of protection. We believe that the space that will pick up the most in the next couple of years is pre-breach readiness and compliance; this is where organizations will begin to prepare themselves ahead of time instead of waiting for the attackers to reach their front doorstep.
As the IOT and connected world become more mainstream, cyber threats will only grow and threaten our lives in every aspect. The option to close your eyes is no longer relevant. Best to act today and take measures that will both minimize the risk of exposure and mitigate potential damage.