Jake Kouns, CEO & CISO of Risk Based Security, met with our host, Ashwin Krishnan, at RSAC 2020. They discuss the intelligence gap in cybersecurity and the overwhelming effect of Patch Tuesday. Jake explains, “People need to focus on not just security, but the right security, and in order to do that we need to have data to better understand what’s going on.”
Cyberinsurance is coming whether we like it or not. Jake believes that this could actually be beneficial to the industry as a whole and SMEs in particular. While larger enterprises may have incident response teams and plans in place, often SMEs do not and could benefit from a partner.
Jake also offers his advice on managing regulations and compliance. As important and useful as they are, the common mistake companies make is to begin with the first control in the list and work down. A far better approach is to focus first on those controls most relevant to the business, its customers and the data collected.
- 03:15 — Cyberinsurance is coming whether we like it or not.
- 04:53 — Compliance doesn’t equal security.
- 07:44 — Attribution remains an important area that needs research.
- 11:58 — Patch Tuesday is overwhelming for enterprises.
- 12:57 — RSAC is all about maintaining customer relationships.
Want to hear more of our conversations from RSAC 2020? Check out our post-conference analysis in “RSAC, Still Relevant?” and our interviews with Microsoft’s Diana Kelley and Farsight Security’s Paul Vixie.