Continuous assurance vital in cybersecurity landscape

Continuous assurance vital in cybersecurity landscape

Continuous identification and prioritisation of vulnerabilities emphasised for effective defence.

The importance of continuous assurance in cybersecurity is becoming increasingly vital as the nature of the threat landscape requires a proactive and continuous approach to remain secure, according to Scott Flower, co-founder and director of CI-ISAC.

"The reason it's so important is that the actual threat landscape is changing all of the time," Flower said. He noted that without a continuous assurance program focused on vulnerability identification, organisations are perpetually at risk, constantly "chasing their tails" in an attempt to stay ahead of attackers. 

Traditional penetration testing, when conducted sporadically, fails to offer sufficient protection. "If you've got just pen testing as a once-off activity, the threat actors don't stop between the pen tests," Flower explained. Continuous vulnerability testing and searching, therefore, are key components of a positive, proactive security posture.

When asked about the possibility of optimising testing practices without compromising security, Flower was sceptical about finding a perfect balance. "The mix will change depending on the threat landscape and also the types of products and services technology that your actual business is using," he stated. 

Budget considerations play a critical role in maintaining a continuous assurance strategy. Ensuring that budgets align with the most efficient and effective outcomes is essential, as is the integration of threat intelligence into vulnerability management. 

"Being threat-led... making sure that the prioritisation of the remediation of those vulnerabilities is done in an evidence-based way based on the threat that you're facing," Flower emphasised.

In terms of cost optimization, cybersecurity leaders continually face pressure to minimise expenses while maximising security effectiveness. Flower advises that decision-making around cybersecurity investments should be informed and threat-led to avoid wasting resources on irrelevant or low-priority risks. 

"Your decision-making process around what technologies, what vulnerability assessment, and process you are using for vulnerability management as well, should be threat-led and informed," he said.

Follow the link for more news on

Join Asian Business Review community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!


Chinese insurers deem it wise to move to alternative investments
Analysts see new regulations driving a conservative shift as insurers seek stability amidst volatile markets.
Dharmais Cancer Hospital leads cancer treatment innovation in Indonesia
CEO Soeko Werdi Nindito Daroekoesoemo unveils advanced technology and seven flagship programmes for cancer treatment.
Is ‘Londonisation’ good for Asia’s M&A insurance market?
Industry experts dissect the region’s low usage rates for M&A insurance despite more industry players entering the field.
Blurring lines between online and offline retail in Asia Pacific
Foodpanda executive explains consistent service levels through efficient logistics and quality control measures.