Improved resilience a shared target in cybersecurity

Improved resilience a shared target in cybersecurity

Defensive and client perspectives might share a significant gap, but they both share a common purpose.

While both offensive and defensive security teams offer unique roles to the organisation, protecting the organisation is still the common objective that these two work to attain, Nick McKenzie, Chief Information Security Officer at Bugcrowd said.

In an interview during the Australian Cyber Conference in Melbourne, McKenzie explained that the two opposing team’s common objective is to make sure that the overall control and the health and resilience of an organisation is uplifted.

“One objective of the offensive security team is to actively go out and hunt and find weaknesses. And then you have more of a defensive team, which is to monitor that activity,” he said, “So even though they might have polar opposite objectives, just by looking at their actual core objectives at the top of the house are the same, which is to protect the organisation.”

McKenzie emphasised the importance of organisations investing in understanding their unique cyber landscape, rather than applying generic templates as each of them has its own unique risk and threat profile.

He explained that factors like IT assets, industry domain, employee behaviour, and third-party relationships all influence this profile.

“So each company's unique, you can't just cookie cutter a template and apply a band aid for every single organisation,” he said.

McKenzie suggested that each organisation must do an assessment of what their profile looks like, and identify the threat actors, the risks, audits, and issues and put it into a mixing pot to come out with a risk based objective assessment of their company's profile, or an action plan.

“That action plan will be different in terms of what needs to be prioritised to be fixed. But ultimately, it's a combination of a threat led independent assessment of your organisation, combined with your own risk assessments, that's collation, with audit findings, standard inconsistencies, or non compliances, and self identification issues,” he said.

When asked for a specific strategy that has proven effective, McKenzie mentioned that many organisations take cues from industry standards like NIST and ISO. However, rather than rigidly adhering to these standards, successful companies adapt them to their unique contexts.

"You shouldn't just go with it, shouldn't just go with the standards or the industry standards approach and use that as a silver bullet for fixing your own estate. It needs to be adaptive, again, to your own business, and what the business wants and how you enable the business and also the threat landscape on top of it,” he said.

He suggested that organisations layer these standards with additional stress testing items and intelligence to craft actionable plans.

Follow the link for more news on

Join Asian Business Review community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!

Top News

5G service expansion to drive APAC mobile services market
Growing 5G availability in the region will increase the market’s revenue to $479b
Globe sheds strategic shift from telco giant to tech innovator
The Philippines’ widening healthcare gap and poor sustainability initiatives open Globe CEO Ernest L. Cu’s eyes to an opportunity.


OCBC Indonesia undergoes rebranding, logo change for a unified financial future
The emblematic change carries OCBC Group’s ‘One Brand, One Group Unity’ strategy across markets in Singapore, Malaysia, Hong Kong, Macau, and mainland China.
Indosat Ooredo Hutchison sees 5G network supporting Indonesia’s Smart Cities
The telecommunications operator employs IoT-based technology solutions that can be used to monitor city conditions in real-time.
Globe sheds strategic shift from telco giant to tech innovator
The Philippines’ widening healthcare gap and poor sustainability initiatives open Globe CEO Ernest L. Cu’s eyes to an opportunity.
Bank DBS Indonesia avails fast, reliable and sustainable corporate banking
Its ESG-based bank financing, as reflected in sales and asset under management, proves to be an IDR1.8t (US$117m) success.