The influx of attacks and vendor solutions in the first half of the year are overwhelming many CISOs and SOCs, resulting in some tools hindering operations. Darren Thomson, Field CTO EMEAI at Commvault, analyses the first half of the year and how organisations can better position themselves to create a more robust cybersecurity ecosystem.
In some ways, cybercriminals have never had it so easy. The tools that they have access to enable them to deploy more sophisticated attacks, while organisations’ attack surfaces only continue to expand.
It’s a never-ending cycle: a new attack vector emerges; a vendor claims to have the solution for this. As a CISO, you feel compelled to purchase it as soon as possible. What was once fewer than 10 security tools have now become as many as 80, all outputting data, log files and security analytics, which overwhelm an organisation’s SOC and security analysts.
Because of this, security tools can actually mask a breach, producing so much data that you can’t see the critical details that may indicate an attack.
Instead, organisations need dynamic models that consider more than just physical attributes; they must also include social and digital, too. As we approach the halfway point of 2024, we’re seeing six megatrends changing the threat landscape: cloud, remote working, IoT, software supply chains, AI and social networking. Together these are supercharging issues from ransomware and phishing to data exfiltration and social engineering. Criminals’ ability to gather data, manipulate it and use it against us in a targeted way is only set to increase over the next few years – unless we do something about it now.
Looking at these trends more closely helps put the risks in perspective:
Cloud
Ultimately, CISOs would have all adopted the cloud at some point, but many would have preferred to embrace the cloud in a more pragmatic way instead of the headlong rush that has occurred in many organisations. The problem is, these same CISOs are now struggling with cloud-related risks, ranging from massive DoS attacks and compliance issues to malware and the challenges of an unmanaged attack surface.
Remote working
Clearly, many organisations are not going back to the way they worked pre-pandemic. While remote working certainly brings a range of business advantages, there are risks as well. Whether it’s email scams, the use of personal devices, unsecured networks, or a myriad of other issues, remote working adds another layer of complexity to the job of keeping networks and data safe.
IoT
As the digitalisation of commerce and society continues apace, there are expected to be in the region of 30 billion IoT devices by 2027. The problem is that some of the IoT devices being adopted across business, industry and critical infrastructure are not secure. In the rush to create business value, not enough consideration has been given to the security implications of having so many connections.
Software supply chains
It’s very difficult to assess end-to-end risk across a supply chain. As supply chains become more complex and digitally integrated, guarding against all potential points of risk presents huge challenges.
AI
As the new frontier of cyber warfare grows, organisations everywhere need to prioritise their approach to protecting against AI-powered attacks. This includes looking very closely at resilience because the volume of sophisticated attacks is certain to increase in the years ahead.
Social networking
Generally speaking, people share far too much personal information on social media. For employers, the risks are exacerbated by employees mixing work and personal lives on social media platforms and apps. As a result, cybercriminals use social media data scraping as a major tool in their armoury.
Risk, readiness, recovery and resilience
So, where should CISOs focus their efforts? One way to understand the priorities is to look at the main issues set out by the cyber insurance industry, which now has more experience and data to draw on when assessing cybersecurity risk.
- Secure the active directory: A significant proportion of breaches seen by cyber insurers start with credential theft, so it’s vital to identify and address any blind spots.
- Implement identity and access management (IAM): For most organisations, passwords still represent their security Achilles heel. At the very least implement MFA and make sure that the solutions you’re providing embrace privileged access management.
- Patch your systems: There are also so many organisations out there that still don’t get this right (and others that probably never will). It’s a particularly important issue in contemporary data centres, where any failure to patch systems properly is a big indicator of risk.
- Create and test cyber-recovery plans: Although just about every organisation will claim to have tested its recovery plans, comparatively few do so properly, if at all. For many, the best-case scenario is they test one application once a week on the weekend, and in the current security environment, that’s rarely going to be enough. Part of the problem is that, until relatively recently, there has been no comprehensive way to test everything. Thankfully, applications and services are now emerging that can help close this capability gap.
Given the fundamental changes in the threat landscape in recent years, traditional cybersecurity approaches, models and frameworks need to be adapted. Security leaders need to think more dynamically to protect their entire attack surface against the key trends, particularly the emerging risks presented by AI. In this context, organisations that focus their attention on the ‘four Rs’ – risk, readiness, recovery and resilience – will be in a much stronger position to keep pace with the significant rate of change across the cybersecurity ecosystem.