Heed the Call of Proactive Security

Welcome to Decoding Cyber Risk, a newsletter from Brinqa that includes practitioner insights, market observations, and how-to content to help security teams remediate the risks that matter.

Before we get into this week's topic, we invite you to join our upcoming event where you'll learn how the security team at OneMain Financial leverages a proactive security approach to:

• Balance cyber risk exposure and business availability
• Communicate risk exposure in terms business stakeholders can understand?
• Lead a risk-based decision process on what risks should be remediated vs. accepted

There has always been a lot of talk about cybersecurity becoming more proactive, yet the cybersecurity industry thrives off of the adrenaline rush of a detect-and-respond approach to security:?

• War rooms
• Tabletop exercises that start with a simulated phone call from law enforcement?
• The initial dopamine hit of the all-hands-on-deck reaction to Log4J turned into a months-long exercise that slowed the ability of engineering teams to deliver

However, no one ever does a tabletop exercise about finding a vulnerability, prioritizing it, and patching it. There’s no all-hands-on-deck moment, no save-the-day rush to proactive security.?

Our industry’s focus on detection and response has its benefits and is critical, but it is not the answer to building cybersecurity into the mature business function it needs to be.

In fact, despite increased investment of time and resources into detection and response, the leading cause of breaches in 2023 were from the exploitation of vulnerabilities security teams already know about (source: Dark Reading).

It’s Time for a New Approach

It is time for the Vulnerability Management discipline to evolve into a Risk Operations Center (ROC) ,? a proactive security approach that combines operational rigor, risk-based management of vulnerabilities and security policies across the entire attack surface, and business level communications about risk.

The ROC also serves to elevate proactive security to be on par with detection and response strategies represented by the SOC.

The focus is no longer on chasing every vulnerability, nor is it about managing high-impact vulnerabilities in a state of perpetual crisis.

Instead, the ROC champions a more calculated approach.

By offering a holistic view across the entire business while maintaining the precision to zero in on the most pressing threats and remediate them before they can be weaponized. This is not just a technological shift in focus, it is a cultural one as well.

How does this work in practice?

Learn how Asurion, the world’s leading tech care company, shared how they built a Risk Operations Center to reduce the risks that pose a real threat to the business, in this Brinqa customer story .