Qualys CEO Sumedh Thakar advocates for a shift from traditional Security Operations Centres (SOCs) to Risk Operations Centres (ROCs) for public sector cyber teams. He argues that the conventional approach of weekly scans and manual triaging is ineffective for managing cyber threats. Thakar emphasizes the need for organizations, particularly in the public sector, to focus on risk management that goes beyond financial losses to include public safety, national security, and critical infrastructure. This proactive approach aims to identify and mitigate the most plausible risks facing organizations.
Thakar said that things needed to change in the cyber security world. "Continuing in the way that we have where we would scan every week or two and those scans were dumped somewhere on a hard drive somewhere and then someone goes and triages those manually and then you try to fix everything that comes your way - that approach is not really a success," he said. "Continuing that approach is just not in the future."
He urged CISOs to stop putting so much effort into attack surface management and refocus on risk surface management, where risk management is defined as the mitigation of risk - or transfer of it to someone else - for the most plausible losses that could affect the organisation.
For a company the most plausible loss will likely be a dollar revenue or profit figure. However, public sector organisations have it tough because they have a very different perspective on what 'loss' looks like beyond the financial cost.
For example, they could and should be more worried about the safety of the general public or frontline personnel, national security, critical infrastructure security, economic stability, or public health, said Thakar, referencing attacks such as the infamous Colonial Pipeline incident.
Collection
[
|
...
]