Intelligent CISO Issue 53 - Page 77

industry expert to understand not just the business security landscape but also the consumer security landscape . For me , working at Bitdefender is nice because we have both sides of that and we ' re able to understand that so our business cybersecurity solutions can learn from the consumer division .
Can you talk us through how businesses can adopt a more preventative cybersecurity approach ?
Sometimes I like to start conversations with a challenging point of view ; that when we think about prevention versus detection and response , the only real difference is the speed of the response .
If we think about preventative controls and security – especially prevention from an endpoint perspective – then normally , there ' ll be some detection that occurs and we ' ll stop the attack . An automated response from detection and response helps people prevent attacks or potential security incidents from continuing . Then when we move up the cyberkill chain ; we focus on prevention and the early stages of an attack . We want to try and stop the attack from happening in the first place , so we must have good risk analytics and a deep understanding of the risks that present themselves for our users and on our systems .
What are the consequences for organisations that don ’ t invest more in threat prevention or detection response solutions ?
From a business point of view , the consequences can impact either reputation or revenue . Whichever it is , one will affect the other ; for example , if you have an impact on reputation , it will impact your revenue in the midterm . So here we can think about things in a slightly different way – consider cyberresilience . I think cyber-resilience is helpful to talk about in this context because it stands up on a single premise and you should assume that at some point your systems are going to be breached and understand how to cope with that . This is useful because it means we look beyond prevention and detection .
We can think about resilience in several ways . Some people will talk about resilience as taking a punch , but I prefer asking if you can weather the storm . In the event of a cybersecurity incident , it ’ s a sustained activity that a business has to undertake . You need good prevention and www . intelligentciso . com
77