Continuous assurance vital in cybersecurity landscape

Continuous assurance vital in cybersecurity landscape

Continuous identification and prioritisation of vulnerabilities emphasised for effective defence.

The importance of continuous assurance in cybersecurity is becoming increasingly vital as the nature of the threat landscape requires a proactive and continuous approach to remain secure, according to Scott Flower, co-founder and director of CI-ISAC.

"The reason it's so important is that the actual threat landscape is changing all of the time," Flower said. He noted that without a continuous assurance program focused on vulnerability identification, organisations are perpetually at risk, constantly "chasing their tails" in an attempt to stay ahead of attackers. 

Traditional penetration testing, when conducted sporadically, fails to offer sufficient protection. "If you've got just pen testing as a once-off activity, the threat actors don't stop between the pen tests," Flower explained. Continuous vulnerability testing and searching, therefore, are key components of a positive, proactive security posture.

When asked about the possibility of optimising testing practices without compromising security, Flower was sceptical about finding a perfect balance. "The mix will change depending on the threat landscape and also the types of products and services technology that your actual business is using," he stated. 

Budget considerations play a critical role in maintaining a continuous assurance strategy. Ensuring that budgets align with the most efficient and effective outcomes is essential, as is the integration of threat intelligence into vulnerability management. 

"Being threat-led... making sure that the prioritisation of the remediation of those vulnerabilities is done in an evidence-based way based on the threat that you're facing," Flower emphasised.

In terms of cost optimization, cybersecurity leaders continually face pressure to minimise expenses while maximising security effectiveness. Flower advises that decision-making around cybersecurity investments should be informed and threat-led to avoid wasting resources on irrelevant or low-priority risks. 

"Your decision-making process around what technologies, what vulnerability assessment, and process you are using for vulnerability management as well, should be threat-led and informed," he said.

Follow the link for more news on

Join Asian Business Review community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!

Top News

What are the must-have banking features by 2027?
Over 60% of respondents in Australia, China, and India find credit-building tools to be useful.
More employees in Asia fall victim to phishing links monthly: report
They click phishing links nearly double the global average of 2.9 times, according to Netskope Threat Labs.
Charlton Media Group acquires the Marine & Industrial Report Newspaper
The company will expand readership and create an awards program and events for the marine and offshore sectors.