Bryant G. Tow, Managing Principal & Partner
As the sensitive personal information of 143 million American consumers got exposed in a data breach at Equifax, one of the nation’s major credit monitoring company, it surfaced various reports delving into the root cause of this breach. Although security experts believe hackers exploited technological flaws to get into the system, Bryant G. Tow, CyberRisk Solutions’ Managing Principal and Partner opines, “Successful attacks target other threat vectors including people, processes, and facilities.” He adds, “Recent breaches have not been technical in nature. It was caused by a failure of process.” Tow believes that focusing on technology exclusively is ‘just not enough’ for security. In the thick of this, his venture CyberRisk Solutions takes a holistic view around risk management, helping mitigate all vulnerabilities through a ‘Ring of Security’ approach—combining an asymmetric warfare strategy with governance risk compliance, managed threat operations, and human capital. The company has cultivated a ‘passion for protection’ that translates into designing a proven business-driven process to enhance cybersecurity.
To begin with, CyberRisk Solutions’ holistic approach defines a matrix which is measured against a common maturity model (CMM). This allows the company to identify the residual risk and gaps within their clients’ organization. Once the current state of security is identified, CyberRisk Solutions helps its clients prioritize a roadmap to attain the expected level of maturity based on impact, likelihood, and cost of remediation of the attack. The company then leverages its range of GRC products—including GRC management tool, policy and procedure development, incident response plan development, and business continuity planning—against the determined strategy to reach the required maturity.
In order to run and maintain the attained maturity, CyberRisk Solutions works with its clients’ day-to-day operations with scanning, penetration tests, continual updates, and threat monitoring. Using their HealthCheck product, the company can also closely analyize the all traffic within the organization to identify active breaches. The traffic analysis helps in identifying established command and control, compromised databases and servers. CyberRisk Solutions’ security incident and event management products also help in managing threats for every device—providing a proactive defense across an organization. Conforming to its holistic approach, CyberRisk Solutions provides infrastructure management by deploying patches in the clients’ systems for identifying high CPU and memory utilization. The company not only provides sophisticated technologies but also is steered by some of the leading Chief Security Officers (CSO) in the security landscape.
Although the company primarily caters to healthcare, retail, energy, and financial services industries, CyberRisk Solutions’ ‘single pane of glass’ for proactive defense is also being harnessed by school districts, European companies for GDPR, and the is currently being reviewed by government organization in the Latin American market. Understanding the solution providers’ ability to cover 45 percent of the attack vectors, CyberRisk Solutions has partnered with technology companies across the US to offer their clients an overall ring of security level of protection that. One such public sector client had a technology partner incapable of providing a complete security solution as it required additional training, policies, and instant response. Using CyberRisk Solutions’ ring of security and enterprise risk management framework, the technology partner could help the clients in attaining complete security. “We are saving the world from cybercriminals, one at a time, and our goal is to reach those clients through these partners,” says Tow.
With offices spread across New York, Washington DC, Nashville, Atlanta, and Denver, CyberRisk Solutions has also acquired a European client to expand its global presence. Leveraging their partnerships with the technology companies, the company will be deploying its cybersecurity expertise throughout Latin America and the EMEA (Europe, Middle East, and Africa) market. From a technical perspective, CyberRisk Solutions looks forward to expanding their reach and services and developing automated processes toward risk mitigation.