Events , Governance & Risk Management , IT Risk Management

Threat Versus Risk: Rethinking Cybersecurity Fundamentals

Splunk's Anthony Pierce on Cybersecurity Strategies Beyond Threat Management
Anthony Pierce, field CTO, cybersecurity and infrastructure, Splunk

Cybersecurity strategies often focus primarily on threat response, which only solves part of the problem. To effectively implement threat identification and risk management, companies should first distinguish between threat and risk. "We spend all of our stuff in cybersecurity addressing modern-day threats, but the whole goal is to reduce risk," said Anthony Pierce, field CTO, cybersecurity and infrastructure, Splunk.

See Also: Is Cyberstorage the New Paradigm for Data Security?

Pierce recommended taking a more comprehensive approach centered around risk management. While threats are inevitable, effective control and a deep understanding of your environment can substantially mitigate risks, enhancing an organization's resilience against cyberattacks, he said.

"When you think about risk, you think about controls. Controls address threats. But in cybersecurity, we have become reactive in nature. We see threats, so we do something. When you address risks, you are actually doing a whole lot of things," he said. "For example, when you think about risks, you think about frameworks like NIST, CSF, ITIL, ISO. And when you think about threat, you're thinking about MITRE."

In this video interview with Information Security Media Group at RSA Conference 2024, Pierce also discussed:

  • How a data-driven approach to cybersecurity can enhance resilience;
  • Why layering defense mechanisms is essential for effective cybersecurity;
  • The shift toward outcome-based cybersecurity strategies.

Pierce is an information security investigator and technologist with a deep technical understanding of the managed security services technologies, TS/SCI network security, vulnerability detection, incident response, internal and external threat and hunt operations, intrusion analysis, and secure and protect methodologies.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.