“As Picus Security, we want to be the company that opens the threshold in the field of cyber security in Turkey.
Emphasizing that, as in 2022, the types of attacks will become more complex this year, Alper Memiş, CEO of Picus Security, said, “CISOs will need to act outside of traditional methods in combating these attacks, not with assumptions.”
When you look at 2022, what do you think was the most tiring topic for CISOs? What kind of trend do you see in 2023?
CISOs are tasked with ensuring the efficiency and effectiveness of an organization’s security architecture and clearly communicating the return on security investments (RoSI) to all stakeholders in the organization. However, the rise in cyber threats and their devastating impact on business revenue, productivity and reputation has brought cybersecurity concerns to senior management. Such requirements are driving CISOs to invest in Breach and Attack Simulation (BAS) tools that enable real-time, continuous measurement of an organization’s security posture against cyber attacks. This explains the huge increase in the adoption of BAS solutions, especially by large organizations.
In 2023, we can say that the types of attacks we encountered last year will continue their activities with more complexity. These include web application attacks, data exfiltration attacks, vulnerability exploitation attacks, APT attack campaigns, targeted phishing attacks, and malware such as ransomware and backdoor software. CISOs will need to act outside of traditional methods to combat these attacks, rather than relying on assumptions.
In a cyber threat incident, it is crucial to understand and respond to the incident. How does Picus Security provide a benefit in this context?
When it comes to cyber threats, many organizations still act with assumptions and think that they will get 100 percent protection by conducting penetration tests a few times a year with a large number of security products. However, while these measures are useful, they are never enough. For example, even if you have the best penetration testing team in the world perform the tests and close all the findings detected as a result of the test, even a small change in your system in the period after the test is performed, such as adding a new web page to an open website, can cause your systems to be hacked. In addition to all this, given the increasing complexity of security environments and the lack of personnel in the field of cyber security, it is becoming more and more difficult to keep our information systems and networks secure with traditional approaches.
At this moment, Picus provides an important solution. Our Picus platform was created to assist you increase the effectiveness of your cybersecurity investments by giving evidence of their effectiveness, as well as to reinforce and scale your cyber defense capabilities by enabling you to become more threat-centric automatically and continually. With our technique, you may begin validating against the most recent cyber threats rather than assuming that your security products are performing properly.
Regulation and compliance are two of the most difficult concerns for IT leaders. How do you assure compliance with industry cybersecurity and data protection regulations?
Adapting to cybersecurity legislation rapidly is critical for enterprises, however adapting to the appropriate regulations can be difficult for organizations, and compliance processes can be exhausting. Picus products assist enterprises in confirming the effectiveness of their security controls and demonstrating compliance with the most recent security requirements and standards.
One of the most difficult issues for businesses is determining their cyber security status. How does your scoring system help them in this situation?
Continuously monitoring risks, taking appropriate actions to increase defenses, and adopting a threat-oriented approach provide firms an advantage against cyber threats. This option is also available to Picus platform users. At Picus, we think that continuous and automated verification is essential for every modern security team in order to find and close serious vulnerabilities before hackers actively exploit them. Using the Picus platform, you can improve your security posture and cyber resilience continuously and proactively before a cybersecurity breach occurs. Furthermore, the Picus solution offers a significant advantage in that it will be possible to manage security risks more proactively by shifting to a security approach based entirely on information and evidence, understanding how cyber security tools that cost millions of dollars work.
Can technology executives who fall short of industry standards, particularly when interacting with top management, use this score in budget negotiations?
They certainly can. Picus believes that in order to establish how safe a company is at any one time, security experts must first understand the dangers they face. One of the key issues to address in this context is, “Are we getting a return on our investment in security spending?” Because there is no relationship between the amount of money spent on security and comprehensive protection. Furthermore, nine out of ten board members see cyber security as a business risk, according to Gartner research. With the information and evidence provided by the Picus platform, it will be possible to proactively manage security needs by knowing exactly what steps should be taken in which areas, and CISOs will undoubtedly benefit from budget negotiations regarding investments to be made in this area.
Do you offer advice on how to improve your cyber security score?
Picus provides real-time analytics for your organization, including an overall security score, to help you monitor performance and demonstrate value.
To generate an overall score and provide a comprehensive perspective of defense capabilities, the Picus platform validates all network security, SIEM, and EDR products in use. This includes appropriately configuring investments to identify existing and developing threats, reviewing security logs and telemetry, and ensuring that alarms on all security-related events are reliably triggered.
Picus combines assessment results with MITRE ATT&CK to enable security professionals swiftly handle identified risks, and we offer over 70,000 vendor-specific prevention and detection capabilities, reducing the need for security professionals to design and test their own risks. Our platform, which is integrated with a wide range of security products, delivers precise performance insights and supports workflow automation to boost operational efficiency.
What are your long-term objectives? What are you up to, particularly on a worldwide scale?
Picus Security aspires to be the company that unlocks the floodgates of cyber security in Turkey. Our goal is to pioneer the establishment of more successful cyber security enterprises using our country’s technical and research talents, as well as to pioneer future investments in our country. We will strengthen our research and development skills in the next years to set a successful example and accelerate our worldwide growth through quick innovation. We will strengthen our presence in the Americas, Asia Pacific, the Middle East, and Europe with our channel and technology partners, and we will maintain our leadership in the Breach and Attack Simulation category.