Curtis Simpson, CISO at Armis, draws insights from the past year’s cybersecurity challenges and discusses how they can inform a proactive strategy for 2024 and beyond.
Unpredictable. Dynamic. Perilous. These are just some of the terms that could be used to describe the current cybersecurity landscape.
Cybersecurity has become influenced by technological advancements, societal shifts and bad actors who continuously adapt and evolve in sophistication to exploit unmitigated known and unknown vulnerabilities. It’s a digital battleground that demands constant vigilance.
Over the past year, organisations have faced unprecedented cyber-risks and threats, navigating blind spots in their environments and contending with their growing attack surface. There are around 45,000 assets connected on average to a UK organisations’ network on a given business day and each one has the potential to pose a significant risk.
Arguably, what’s even more worrying is that over a third of IT and security decision-makers lack complete visibility over company-owned assets connected to the business environment and a further 42% reported a lack of control and management over these assets.
This paints a stark picture of the reality faced by security teams. In fact, the role of a CISO in this cyber battleground has never been more crucial. After all, you can’t stop and manage threats you can’t see.
If any CISO is to turn the tide in this fight, it starts with a simple approach. This starts with taking stock and reflecting on the lessons that can be gleaned from the developments of 2023.
Lessons from the past
Renowned psychologist Dr Bill Crawford stated: “One key to success is knowing the difference between knowledge and wisdom. One is information from the past while the other is the key to the future.” Put simply, to create a successful cybersecurity blueprint for the year ahead, we must first apply what we’ve learned.
And 2023 has been generous. From attacks on critical infrastructure such as the NHS and Royal Mail to retailers like JD Sports and payroll giant SD Worx being targeted, it was a year that gave the UK a lot to consider about its cyberdefence capabilities. In fact, 39% of UK organisations were unable to fend off attackers and suffered a security breach as part of a cyberattack in the past 12 months.
Moreover, it was the year of understanding and establishing GenAI-based capabilities to augment security, technology and other business functions in direct support of company objectives. Yet, AI has proven to be a double-edged sword.
While it can be used to rapidly identify threat anomalies and enhance cyberdefence capabilities, Artificial Intelligence (AI) and Machine Learning (ML) can also be used by bad actors. Malicious platforms such as WormGPT, FraudGPT and DarkBERT are already being used to streamline malicious attacks with growing simplicity, so much so that nearly anyone with malicious intent can execute cyberattacks with little effort or experience.
What’s more, organisations’ overreliance on technology and the Internet of Things has contributed to their attack surface growing in both size and complexity. As the attack surface continues to grow, so does the opportunity for attackers to find a vulnerability and exploit it.
The last 12 months have also shown that prioritising the remediation of vulnerabilities is jeopardised by an absence of automation for the operational and contextual consumption of threat intelligence, leaving once more, an open door for malicious actors. With minimal automation, a lot of the work needed to make use of the intelligence sources is a manual effort, leading to one in four UK cybersecurity teams feeling overwhelmed.
To stay ahead of the threat, CISOs must now consider these hard lessons. Knowledge is power, after all.
Strategic priorities for 2024
For a CISO to successfully navigate the digital battlefield in 2024, there are several key considerations. Firstly, the visibility of an organisation’s attack surface must be the top priority. It’s crucial to implement a security solution that allows organisations to effectively identify and prioritise emerging threats and the exposures likely to be exploited by such threats with the potential for material business impacts.
Having visibility of the entire attack surface allows organisations to be proactive in how they approach device management, prioritising their security remediation efforts and having increased visibility into security risks before it’s too late. By having this foresight, organisations can limit, if not stop cyberattacks, reducing the risk and meeting the strict and evolving compliance and regulatory obligations.
Second, focus on implementing proactive measures for threat prevention and detection. Security and IT leaders will need to prioritise the implementation of AI-powered cyber exposure management solutions, recognising their critical role in the security stack for 2024 and beyond. Systems that monitor billions of endpoints and correlate their patterns and trends to evolving global threat intelligence through AI will offer organisations an edge on the digital battlefield.
Third, as GenAI becomes widely adopted at scale within the bad actor community, the value of traditional security awareness training will decline rapidly. Attackers will use deepfakes strategically to steal funds and information, antiquating current security training.
The focus next will then be for companies to modernise their security programmes to include continuous user-focused controls to better defend against modern social engineering attacks, alongside real-time guidance to prevent users from accidentally falling victim to such attacks.
And finally, automation.
Organisations need to prioritise security across the entire organisation, including employee-owned devices, to mitigate risk. This can’t be done manually, as there’s just too many assets with potentially unknown vulnerabilities. That’s why automation is key in helping bridge the security skills gap, manage the security posture at scale and see, protect and manage the entire attack surface in real-time.
The evolving role of a CISO
Modernising security programmes may be one part of the blueprint, but to ensure a successful strategy for 2024, it ultimately rests on the shoulders of the person in post – the CISO. The evolving ecosystem of cybersecurity demands a proactive individual who keeps their finger on the pulse, taking stock of any future challenges, such as the quantum threat to cybersecurity.
With its superior computational capabilities, next-gen quantum is set to make existing cybersecurity cryptographic protocols obsolete. While still in development, there’s a risk to current data as bad actors collect encrypted information now in the hope that quantum computers can break encryption in the near future, giving rise to ‘harvest now, decrypt later’ attacks. This future problem requires immediate solutions for a CISO.
The role also requires leaders who can forge collaborations beyond the realm of IT. Collaborative efforts with peers from various business functions – often those related to risk management, regulatory compliance and privacy concerns – not only align the security programme with business objectives but also provide better communication and support across the enterprise.
In recent years, the voices of CISOs have gained prominence in the boardroom too, fuelled by the increasing frequency and impact of cyberattacks across industries. The COVID-19 pandemic further heightened the focus on security exposures and the potential for disruption. Since then, CISOs are not just heard but are directly accountable for cybersecurity risks in board discussions. It’s a role that must co-operate with other parts of the business to better understand and analyse threats to the business and relay this to the board and stakeholders in terms they can understand and act on.
Fortifying for the future
In a recent advisory, the National Cybersecurity Centre (NCSC) emphasised the critical need for organisations to accelerate their cyber-resilience in the face of changing threats. Ultimately, that starts with the visibility of the entire global attack surface in a central platform.
To achieve visibility, it involves a holistic examination of an organisation’s entire digital footprint. This includes the identification and assessment of all assets, networks and systems that could potentially be targeted by cyberthreats. By thoroughly mapping the attack surface, CISOs can better comprehend their organisations’ vulnerabilities and proactively address potential weak points. A robust defence is built on the foundation of awareness and understanding. Only then can an organisation implement effective security measures, promptly respond to emerging threats and bolster their overall cyber-resilience in 2024.