In April, during the Qualys Security Conference (QSC) EMEA, Qualys illustrated various trends and new visions and approaches to the corporate security market. Manage IT risk at the speed of business, filling the gaps that still exist in order to eliminate business risk was the theme at the center of CEO Sumedh Thakarās speech. In front of over 600 participants, including C-level managers and clients from all over the world, he explored the issue of the divide that still today sees corporate security on one side and business needs and times on the other.
News and trends in corporate security according to Qualys
With an ever-increasing number high of different tools used to measure and manage risk, many large organizations operate with often disjointed solutions. All with great difficulty in quantifying theimpact of IT risk on companies. Security leaders of all geographic origins need to go beyond enumerating the critical issues encountered to truly quantify the impact that cyber risk has on businesses. So as to be able to focus only on the identification and measurement of the most relevant vulnerabilities and shorten intervention times in the total elimination of IT risk. All for the benefit of better business results.
Identify, measure, communicate and remediate
The variety of forms of risk that today undermine the security of organizations of all sizes is enormous: from the risk of data loss to that of non-compliance up to damage to reputation and damage to availability and continuity of service. Each of these forms involves implications which can undermine the economic-financial, managerial and operational structure of organizations. In this scenario it is essential to be able to identify, measure, communicate and remedy only what really is relevant. As CEO Sumedh Thakar states, āIf everything is critical, nothing is.ā
It is necessary to guarantee more visibility
And change Management in approaching corporate cybersecurity must therefore begin with detection and prioritization. It is essential to guarantee complete visibility, but we are still far from this goal. Suffice it to say that 45% of resources are not classified correctly based on business criticality due to lack of visibility on external and internal assets. With over 30% of these not being completely visible and/or catalogued.
News and trends in security
Most security programs also lack context information on threats useful for identifying them correctly. Out of 2.6 billion vulnerability disclosures analyzed, 2.1 (81%) were considered āhigh riskā or ācriticalā according to CVSS. With the Qualys TruRisk platform, only 603 million were āhigh riskā or ācritical.ā There are also 87 million high-risk vulnerabilities that were found by Qualys and that CVSS had not detected. Cyber āāresponse statistics also frequently do not translate into a quantification of cyber risk.
Cybersecurity at the center of corporate dynamics
CEO Sumedh Thakar illustrated various critical issues that organizations are facing today. The trend that sees CISOs called upon to report directly to the CEO (47% in the US) and having to report to the Board and the various corporate stakeholders is increasingly marked. A confirmation that cybersecurity is increasingly perceived as a crucial point within business dynamics. This trend is starting to increasingly manifest itself in Italy too frequencyas underlined in London by Emilio Turani, Managing Director Italy and South East Europe.
The situation in Italy
Cybersecurity is becoming an element enabling in business processes. And the need to get one predictability of the company budget in the medium and long term is an increasingly revealing trend. The Ciso interacts in an increasingly strategic way with the various company stakeholders and a management that is based on real risk management assists interoperability with third parties. Thus simplifying management and reducing the cost of ownership and administration. In Italy there is a growing demand in this direction which affects the ecosystem and all market segments. Particularly in contexts where it is necessarily necessary rationalize the resources to be able to then include them in the companyās business processes.