Taking a Risk-Based Approach to CybersecurityAs Cybercrime Increases, Organizations Pivot From Maturity-Based Approach
The evolving tactics, techniques and procedures used by cybercriminals to exploit businesses - including the rise in Ransomware as a Service, the "hiring" of tactical experts for specialized roles in ransomware gangs and the use of double extortion tactics - have left many business leaders wondering just how effective their security programs are.
Many experts advise organizations to pivot from a maturity-based approach to a risk-based approach to cybersecurity, but how is that done and what are the benefits?
In this interview with Information Security Media Group, Tia Hopkins, Field CTO and Chief Cyber Risk Strategist at eSentire, discusses:
- Where the maturity-based approach falls short and how a risk-based approach can help organizations;
- How to more effectively use the MITRE ATT&CK Framework, as described in the eSentire 2022 Cyber Risk report;
- Staying ahead of the evolving threat landscape while meeting the regulatory standards for security, efficiency and compliance.
Hopkins is focused on engaging with the cybersecurity community, providing thought leadership, supporting strategic customer and partner engagements, and working closely with the sales, marketing, product, engineering and customer success teams to drive security outcome-focused initiatives. She has over 20 years of experience in various IT and IT security roles and is an adjunct professor of cybersecurity at Yeshiva University. In 2021, she was recognized by IFSEC Global as a top global influencer in the Security Executives category.