RB GLOBAL , INC .
Building an internal security operations centre “ We manage all of our security tools in house . Just because you worked somewhere else as a Tier One analyst doesn ’ t mean that you have to get pigeonholed into one area and get stuck there ,” says Dulberger .
The team at Ritchie Bros . is unique in that there is no formal tier system for managing cybersecurity threats . As explained by Dulberger , the team operates on a single tier with some members more experienced than others . The idea being that there is always someone within that group in the SOC that is capable of investigating and dealing with an incident .
Through the company ’ s strategic approach of enriching the skill sets of its employees , it is able to manage cybersecurity in this way and analysts are capable of dealing with problems from the point of interception to overcoming that challenge .
“ We have some more senior analysts that can come in and support . I think that ’ s one of the advantages . I think understanding the business is probably key because there are certain technologies that have a higher rate of false positives where SIEM are probably going away at some point , but as of today , they ’ re still not perfect to fully rely on ,” says Dulberger .
Bringing AI to handle compliance Of course it wouldn ’ t be a modern cybersecurity conversation without touching upon artificial intelligence ( AI ) and its input into a more reputable security network . One
of the ways in which Ritchie Bros . leverages the technology allows for greater action in terms of compliance , but also supports machine learning ( ML ) in long-term functions .
“ It ’ s one of those necessary evils , right ? Without compliance and regulation , there will be chaos . But I think there are certain regulations that hinder the business a bit . It ’ s painful in some cases , and not everybody ’ s doing a good job , from an auditing perspective , to understand your business and map the regulatory requirements to it ,” Dulberger says .
“ On the flip side , it helps drive projects and programmes sometimes . I think that our company rarely says no to stuff when it comes to security , but I ’ ve talked to other CISOs when they ’ re like , ‘ oh , we have a hard time getting budgets ’.”
108 January 2024