In this segment, we explore a strategic approach to enhancing cyber resilience within organizations, emphasizing the "crawl, walk, run" methodology. By starting small and gradually advancing security measures, organizations can effectively improve their security posture.
Here is the verbatim discussion:
And what I've recommended over the years is uh taking the approach of crawl walk run so start small and and identify what your current state is figure out in Baseline you where you are from a security posture perspective and there's tons of organizations out there that can do these assessments there's tons of templates and and things out there that you know at given your organization you should be you you're currently at a level one or level two and your goal should be to get to the next level whether it's two or three and um identifying all those areas and how you can make that you can step from one area to the next and then from there you know ultimately kind of the the the key areas that organizations end up um fall you not prioritizing effectively and and can really um increase their of it wasn't anywhere near where it is today um and over the the past you know really 10 years a lot of things have have really moved to the cloud and there's been a lot of automation a lot of things like machine learning and artificial intelligence and a lot of these great tools that have U been brought to the market that allow us to to provide better defense uh against these types of attacks the the downside to that is those same tool same tools are actually available to criminals as well and although organizations have gone through their digital transformation you over the past 10 years um so is the the the hacking community and the criminals at large and and basically what's ended up happening is there's um a a giant ecosystem it's a it's a whole underground economy where you have uh.
Highlights:
Crawl, Walk, Run Methodology: Experts advocate for a phased approach to cybersecurity improvement, beginning with assessing the organization's current security posture. By identifying baseline security levels and prioritizing areas for enhancement, organizations can strategically progress from one security level to the next.
Utilizing Assessment Tools and Templates: Various organizations offer assessment tools and templates to help organizations evaluate their security posture effectively. By leveraging these resources, organizations can identify areas for improvement and develop a roadmap to advance their security maturity.
The Evolution of Cyber Threats: The discussion highlights the evolution of cyber threats over the past decade, with attacks increasing exponentially. The emergence of an underground economy, where nation states collaborate with criminal groups, has heightened the sophistication of cyber attacks, posing significant challenges for organizations.
Harnessing Technology for Defense: While advancements in technology, such as cloud computing, automation, machine learning, and artificial intelligence, have provided organizations with better defense capabilities, they have also empowered cybercriminals. The availability of these tools to both defenders and attackers underscores the importance of proactive security measures.
Adopting a strategic approach to cybersecurity, starting with assessing the current state and gradually advancing security measures, is essential for building cyber resilience. By prioritizing effective security measures and leveraging available resources and technologies, organizations can mitigate risks and strengthen their defense against evolving cyber threats. This segment emphasizes the importance of proactive and adaptive cybersecurity strategies in safeguarding digital assets and maintaining resilience in the face of emerging threats.
Speakers:
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.
Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.
Comments