Event report
Past Event | 80% of Cyber Attacks could have been prevented
Thank you very much to our speakers Eileen Neo, APAC Regional Lead at YesWeHack, Pierre Samson, Chief Revenue Officer at Hackuity and Pauline Ordines, Senior manager Cybersecurity at VONA for facilitating this discussion about how to detect and remediate vulnerabilities at scale and avoid preventable breaches.
Highlights and Key Learnings:
- There are many ways for vulnerabilities to be discovered (Internal and External) : worst case scenario is when threat actors exploit actual vulnerabilities, and organizations will not be aware of it, or if someone reports it publicly. It can be interesting to use external source to maximise chances of finding vulnerabilities.
- The 2 main ways of detecting vulnerabilities : Bug Bounty (innovative approach to cybersecurity, where security researchers are paid per valid vulnerability found) and VDP (Vulnerability Disclosure Policy) to enable reporting bugs to security team.
- Bug Bounty must be Continuous, Unlimited in terms of skillsets and viewpoints, ROI compliant, Agile and Easy to Manage.
- Crowdsourced Security is very important to manage vulnerabilities from external sources.
- Vulnerability Management is the practice of checking for unpatched vulnerabilities on systems and fix the situation.
- To reduce vulnerability, organizations should not work in silos (fragmented view of the security posture), take into account the diversity of the threat, automate their vulnerability management process to make it real.
- Finally, organizations should drive their Security & Audit program with a risk-based approach in 4 steps: 1) Identify the risk 2) Evaluate he risk 3) Treat the risk 4) Follow the risk
For more information about Tech & Innovation Committee, please contact Alice Boulard aboulard(@)fccsingapore.com.