Keeping pace with high-stakes cyber adversaries: Why Audit Committees pose new challenges to CIOs, CISOs & CFOs — 4iQ

Blog post By George de Urioste, Chief Financial Officer, 4iQ, Inc.

Combat increasingly sophisticated threats with a new resolve: Cyber Vigor

In the 2019 Global Risks Report by the World Economic Forum, of the 29 ranked risks, “massive data fraud and theft” was ranked number four by likelihood of occurrence throughout a 10-year horizon. “Cyberattacks” is at number five. Their resulting impacts are also profiled.

Ever-evolving, cyber security challenges continue to burn holes in Board-room tables across the globe — look no further than the latest round of questions audit committee members fire at CIOs and CFOs. ‘Why?’ you may ask. Because increasingly sophisticated threats from cyber criminals continue to outpace normal security measures. Now, the challenge to keep up requires a new level of cyber security: think Cyber Vigor.

Current Dilemma

Every day, every company of any significance is being attacked over the Internet. But odds are that if you talk to the Board, company management, and even the cyber security department at any company, they can’t tell you who is attacking them, what doors employees have left open into their network, and what data has been compromised when a breach does occur. That is, companies today sit connected to the Internet as an unknowing defender.


Enter the next generation — and fiduciary standard — of cyber-responsibility: turn the tables from being an unknowing defender to a proactive defender. Unmasking the threat is key to a Cyber Vigor approach.

Utilize identity threat intelligence

There is always a thirst for thought leadership among C-Suite executives for new insights in dealing with cybercrime. Along with data breaches and identity theft, ransomware, cyber espionage and fake news have taken center stage on the virtual battlefield. In this perilous environment, the push to stay ahead of digital malfeasance must be accompanied by Cyber Vigor — a new, robust approach to risk management. Specifically, take your cyber security initiatives to a higher level, add “ identity threat intelligence.” This paradigm shift in enterprise cyber security is more than technical threat intelligence that deals with device, network and systems information. Unmasking the identity of bad actors and knowing what’s happening to your data are now paramount to proactivity.

Audit Committees of Boards can no longer only ask the most basic security questions: How current is our security vulnerability assessment? Are compliance policies being adequately deployed and followed? How well-educated are our employees about cyber risks and what to avoid? The new benchmark relates to Identity Threat Intelligence. Your cyber security future cannot be one of purely reactive protection. Think strategically (i.e., proactively) to produce a stronger defense. Audit Committees must ask CIOs, CFOs and CISOs the more potent questions:

  1. Who is attacking us? This is your “KYA” — Know Your Adversary. What are your prized digital crown jewels and who would be interested in them? If you don’t know, you are flying blind. The perpetrators know where the value is; you are on their “wanted poster.” They know you; do you know them? Knowing identity attributes raises the effectiveness of tools to protect yourself.

Cyber criminals never stop becoming more sophisticated. It is an endless game of cat and mouse; more accurately, lion and mouse. Increasingly, networks are breached by use of legitimate account names and passwords by illegitimate actors. By knowing who is attacking and what has been hacked, Identity Theft Intelligence empowers offense for a stronger defense to your employee surface.

I joined the 4iQ team because this company is at the forefront of tackling these tough issues the right way. Identify those bad actors who would do us harm with compromised data. Pivot in advance; otherwise, we are forever playing defense, under threat by the unknown. We create advantages for our customers in solving for KYA, CD and EAS, empowering them to be successful in the fight that lies ahead.

Originally published at on June 21, 2019.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store