[BreachExchange] How to tackle the ongoing challenges and opportunities for cybersecurity teams
Audrey McNeil
audrey at riskbasedsecurity.com
Thu May 20 15:47:33 EDT 2021
https://www.securityinfowatch.com/cybersecurity/article/21223684/how-to-tackle-the-ongoing-challenges-and-opportunities-for-cybersecurity-teams
The scale and scope of security risks are changing at an unprecedented
pace, propelled by the increasing interconnectedness of organizations and
rapid disruptions in business models and the technology landscape. As
organizations strive to manage these risks, what have been some of their
top priorities been in 2021 and what’s tracking beyond to achieve Cyber
Resilience? Let’s take a reflective look at some of the security threats
that plagued organizations in 2020 that may continue throughout the
remainder of this year and use these as stepping stones towards building
new resilient cybersecurity strategies.
Cloud Vulnerabilities and Misconfiguration Issues
Cloud vulnerabilities and misconfiguration issues continue to be top
concerns as cybersecurity teams redefine their organization’s network
perimeter. While we’ve discussed the intersection of cloud and network
transformation, we expect cybersecurity leaders to make a shift in how they
approach protecting this perimeter, having to control and monitor inbound
access to the corporate network. Legacy detection tools built for the data
center do not extend to the cloud, which enforces the need for this
foundational shift. We will continue to see a focus around vulnerability
and misconfiguration errors in response to an abundance of high-profile
data breaches as a result of improper Identity and Access Management (IAM)
policies or unpatched systems.
Weaponization of Tools
The security landscape is growing increasingly treacherous as hackers of
every type continue to evolve their attack strategies to evade detection
while maximizing profit from their time and effort. It doesn’t matter if
it’s an organized criminal group looking to make money from ransomware
schemes, covert state-sponsored groups attempting to steal data and disrupt
operations, or just malevolent individuals trying to impress others in the
hacker community - every bad actor is smarter than they were the previous
year, and better equipped to wreak havoc.
It’s not just that bad actors have become smarter - cybercrime has become
commercialized. This means that many of the components of an attack are
sold on the dark web and criminals can now launch cyberattacks without
needing knowledge around coding. Attacks can also be launched more quickly
and relaunched very easily with just a slight change, allowing criminals to
be more persistent than ever when trying to breach a network. IT staff will
need to be increasingly proactive in their approach to cybersecurity to
keep up with constantly evolving threats. Even the most sophisticated
defense strategies will become ineffective if they’re not regularly tested
and kept current. While able to mimic human behavior with artificial
intelligence, hackers are outpacing many organizations when it comes to the
technology and hacking techniques used to attack them.
Third-Party Risk Management
Attacks via third parties are increasing every year as reliance on
third-party vendors continues to grow. Organizations must prioritize the
assessment of top-tier vendors, evaluating their network access, security
procedures, and interactions with the business. Unfortunately, many
contradicting factors make this assessment difficult including a lack of
resources and an increase in organizational costs and insufficient
processes. Despite these challenges, the constant changes in compliance
policies, insecure connectivity to resources and sensitive data, and lack
of up-to-date risk visibility on current third-party ecosystems can lead to
loss of productivity, monetary damages, and loss of reputation.
Existing Tool Sets Aren’t Cutting It
As the months progress, organizations will notice the efficiencies of their
current toolsets and must determine exactly how to maximize their return on
such investments. To help to do this successfully, organizations can take a
look at a programmatic process that involves the following actions:
● Define who vendors are and what inherent risks they present
● Analyze results from assessments and provide risk-based scores based
on the broad ecosystem
● Remediate risks raised from completed assessments
● Stay up to date on industry and regulatory compliance policies
● Optimize security programs to adapt to changing requirements
Initiating this programmatic process means creating a cybersecurity program
that emphasizes:
● Standard, repeatable methodology
● A roadmap to program maturity with defined milestones and goals
● Onboarding vendors through a tiered approach, categorizing and
providing inherent risk scores
● Asking the right questions
● A collection method that enables flexibility and scale
● Continuous monitoring of the security program based on success
criteria
A Focus on Digital Trust
The focus on privacy has ramped up, with a lens towards digital trust. As
organizations work to build customer-focused, digital business models, it’s
critical to consider the role of trust and privacy in the customer journey.
Delivering digital trust isn’t a matter of propping up a highly secure
website or app, or avoiding a costly, embarrassing data breach. It is about
creating a digital experience that exceeds customer expectations, allows
virtually frictionless access to goods and services, and helps protect
customers’ right to privacy while using the data they share to create a
customized and valuable experience.
Attack Surface Management
As the attack surface expands, so do the number of different security
solutions that an enterprise must manage. Just a few years ago, a
cybersecurity organization needed to manage a handful of security
solutions. Today, this number has grown into a substantial snowball for
many organizations. Multiple point solutions are layered on top of each
other to fill potential gaps. And though it may vary from one organization
to the next, many enterprise use point products ranges between 6 and 50.
Enterprise security leaders add these multiple-point solution layers to
make it more difficult for a bad attacker to succeed. However, in some
instances, point-product solutions can add complexity and obstruct
cybersecurity professionals from detecting and preventing attacks. They
also add costs and require more staff resources. This is where effective
monitoring and alerting play a key role. The cloud is more
application-driven and governed partially by security controls at the
network layer, but largely at the application layer through identity and
roles. Just as data classification is important for Zero Trust and Data
Loss Prevention (DLP), identity and role activity are just as important to
enumerate to alert anomalous behavior.
The job is never finished when it comes to the cybersecurity of an
organization. This means staying one step ahead of the next potential
threat. Looking ahead now, means better preparation for the future.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210520/3e3bbd25/attachment.html>
More information about the BreachExchange
mailing list