Table of Contents
- Pivoting to risk management to build enterprise-wide resiliency
- Avoiding exploitation through effective risk management
- Helping CISOs navigate the changing landscape of cybersecurity
- Unlocking intelligence-backed remediation
- Convergence of cyber insurance and risk strategy
- Cybersecurity is not a one and done!
Over the last few years, the volume of software developed and the surge in vulnerabilities has been staggering. Combine this with a shortage of cybersecurity professionals, and organizations are left with the daunting challenge of keeping up with the sheer volume of information coming at them.
At our inaugural 2023 Qualys Cyber Risk Summit, cybersecurity practitioners gathered to hear a diverse group of experts share their passions, visions, and knowledge on a wide range of topics. All tracks aimed to help organizations minimize cyber risk by thinking more holistically about attack paths.
If you missed the event, you can view the sessions here.
Pivoting to risk management to build enterprise-wide resiliency
Sumedh Thakar, President and CEO of Qualys, kicked off the virtual event with a keynote emphasizing how “the conversation has been shifting from cybersecurity tools to cyber risk and the ability to measure it.” He offered his viewpoints on minimizing this risk across identity, devices, and data.
Thakar spoke about the cybersecurity trends that organizations face worldwide, as recently cited in the Qualys Threat Research Unit’s (TRU) 2023 TruRisk Research Report, including the number of disclosed vulnerabilities over the last several years, which has doubled. “This is no coincidence because every company in the world has become a digital company, and they are writing their own software,” Thakar explained. “For every thousand lines of code written, there are bugs and vulnerabilities created in that code,” he added. This presents significant security challenges for companies as threat actors learn to exploit these vulnerabilities.
Thakar also stressed that companies must focus less on the sheer quantity of vulnerabilities and more on the root causes of risk and how to negate it. Leveraging automation to increase the speed of remediation will be absolutely essential for companies to outmaneuver their most cunning adversaries.
Avoiding exploitation through effective risk management
CEO and President of Cohesity, Sanjay Poonan, compared security to health, and said that “the security industry is so big and fragmented that it frustrates cybersecurity professionals due to the seemingly large quantity of ‘medicine’ they need to consume to stay well.” He explained that the most important thing we can do is make security a part of a platform – essentially, make it part of our diet. At the end of the day, companies who make security “built-in” as opposed to “bolted on” won’t need numerous remedies to stay healthy. His advice to CISOs and security leaders was to work with companies that have adopted this platform vision.
Helping CISOs navigate the changing landscape of cybersecurity
An engaging fireside chat featuring Jonathan Trull, CISO at Qualys, and Rinki Sethi, Vice President and CISO at Bill.com, explored the evolving role of security leaders and the complex landscape they face in fortifying the security postures of their organizations. The discussion began by diving into the evolving role of CISOs and their impact on risk as it relates to cyber threats. “It’s been such a massive transformation over the last few decades. There were no CISOs outside of banks just 20 years ago,” according to Sethi. “Now every public company and start-up has a CISO.” The two discussed how the role is no longer relegated to running small grassroots efforts within IT, and how CISOs are held accountable for minimizing exposure across every part of the organization.
The dynamic conversation touched upon many other important issues currently impacting CISOs, including attack surface and posture management, the financial impact of risk, and effective strategies for articulating key security performance indicators to the Board.
Unlocking intelligence-backed remediation
Travis Smith, Qualys Threat Research Unit (TRU) Vice President, shared highlights from his team’s findings in this year’s 2023 TruRisk Research Report. The report, which scanned more than 2.3 billion anonymized vulnerabilities around the world, exposed a wealth of data about the most common cyberattacks, including the critical role that speed and automation play in outsmarting threat actors. Smith reviewed the 163 most dangerous vulnerabilities his team analyzed in 2022, along with anonymous detection statistics that revealed unique insights into the vulnerabilities found on many devices, security of web applications, misconfiguration of on-premises devices, and cloud security posture.
Convergence of cyber insurance and risk strategy
Rajeev Gupta, Co-Founder and CPO at Cowbell, explained how “threat actors have become increasingly sophisticated and how more severe vulnerabilities are being found and exploited, while companies are drastically shifting to the cloud.” He further explained how this series of events is causing cyber leaders to feel less confident about their organization’s resiliency against attacks.
In today’s threat landscape, cyber insurance has become a necessity and one of the major pillars for risk management. Bundling risk management tools and services with coverage is critical to allowing policyholders to continuously address changes in the threat landscape.
Real-time benchmarks of cyber risk – including inside-out risk data, continuous risk monitoring, and risk engineering services to support policyholders – are all key to mitigating newly identified exposures and security weaknesses throughout the policy period.
Cybersecurity is not a one and done!
Qualys constantly innovates to help customers get ahead of today’s threat actors. Shailesh Athalye, SVP of Product Management at Qualys, shared a sneak peek of how Qualys is extending the power of MITRE to proactively defend against attack risk. He said other benefits will include insights on how to understand SCAs risk, avoid having to throw SCA/OSS vulnerability reports at one another, and leverage third-party security findings for communicating a normalized view of risk.
Attendees are invited to schedule a 1:1 session with a dedicated member of the Qualys security team over the coming weeks to troubleshoot any challenges they may need help with.
Sign up for your 1:1 session here.
If you missed the Qualys 2023 Cyber Risk Summit, you can view an on-demand version here.