Improved resilience a shared target in cybersecurity

Improved resilience a shared target in cybersecurity

Defensive and client perspectives might share a significant gap, but they both share a common purpose.

While both offensive and defensive security teams offer unique roles to the organisation, protecting the organisation is still the common objective that these two work to attain, Nick McKenzie, Chief Information Security Officer at Bugcrowd said.

In an interview during the Australian Cyber Conference in Melbourne, McKenzie explained that the two opposing team’s common objective is to make sure that the overall control and the health and resilience of an organisation is uplifted.

“One objective of the offensive security team is to actively go out and hunt and find weaknesses. And then you have more of a defensive team, which is to monitor that activity,” he said, “So even though they might have polar opposite objectives, just by looking at their actual core objectives at the top of the house are the same, which is to protect the organisation.”

McKenzie emphasised the importance of organisations investing in understanding their unique cyber landscape, rather than applying generic templates as each of them has its own unique risk and threat profile.

He explained that factors like IT assets, industry domain, employee behaviour, and third-party relationships all influence this profile.

“So each company's unique, you can't just cookie cutter a template and apply a band aid for every single organisation,” he said.

McKenzie suggested that each organisation must do an assessment of what their profile looks like, and identify the threat actors, the risks, audits, and issues and put it into a mixing pot to come out with a risk based objective assessment of their company's profile, or an action plan.

“That action plan will be different in terms of what needs to be prioritised to be fixed. But ultimately, it's a combination of a threat led independent assessment of your organisation, combined with your own risk assessments, that's collation, with audit findings, standard inconsistencies, or non compliances, and self identification issues,” he said.

When asked for a specific strategy that has proven effective, McKenzie mentioned that many organisations take cues from industry standards like NIST and ISO. However, rather than rigidly adhering to these standards, successful companies adapt them to their unique contexts.

"You shouldn't just go with it, shouldn't just go with the standards or the industry standards approach and use that as a silver bullet for fixing your own estate. It needs to be adaptive, again, to your own business, and what the business wants and how you enable the business and also the threat landscape on top of it,” he said.

He suggested that organisations layer these standards with additional stress testing items and intelligence to craft actionable plans.

Follow the link for more news on

Join Asian Business Review community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!

Exclusives

Chinese insurers deem it wise to move to alternative investments
Analysts see new regulations driving a conservative shift as insurers seek stability amidst volatile markets.
Insurance
Dharmais Cancer Hospital leads cancer treatment innovation in Indonesia
CEO Soeko Werdi Nindito Daroekoesoemo unveils advanced technology and seven flagship programmes for cancer treatment.
Is ‘Londonisation’ good for Asia’s M&A insurance market?
Industry experts dissect the region’s low usage rates for M&A insurance despite more industry players entering the field.
Blurring lines between online and offline retail in Asia Pacific
Foodpanda executive explains consistent service levels through efficient logistics and quality control measures.