How to tackle the ongoing challenges and opportunities for cybersecurity teams

May 20, 2021
As the myriad threats expand, so do the number of different cybersecurity solutions

The scale and scope of security risks are changing at an unprecedented pace, propelled by the increasing interconnectedness of organizations and rapid disruptions in business models and the technology landscape. As organizations strive to manage these risks, what have been some of their top priorities been in 2021 and what’s tracking beyond to achieve Cyber Resilience? Let’s take a reflective look at some of the security threats that plagued organizations in 2020 that may continue throughout the remainder of this year and use these as stepping stones towards building new resilient cybersecurity strategies.

Cloud Vulnerabilities and Misconfiguration Issues

Cloud vulnerabilities and misconfiguration issues continue to be top concerns as cybersecurity teams redefine their organization’s network perimeter. While we’ve discussed the intersection of cloud and network transformation, we expect cybersecurity leaders to make a shift in how they approach protecting this perimeter, having to control and monitor inbound access to the corporate network. Legacy detection tools built for the data center do not extend to the cloud, which enforces the need for this foundational shift. We will continue to see a focus around vulnerability and misconfiguration errors in response to an abundance of high-profile data breaches as a result of improper Identity and Access Management (IAM) policies or unpatched systems.

Weaponization of Tools

The security landscape is growing increasingly treacherous as hackers of every type continue to evolve their attack strategies to evade detection while maximizing profit from their time and effort. It doesn’t matter if it’s an organized criminal group looking to make money from ransomware schemes, covert state-sponsored groups attempting to steal data and disrupt operations, or just malevolent individuals trying to impress others in the hacker community - every bad actor is smarter than they were the previous year, and better equipped to wreak havoc.

It’s not just that bad actors have become smarter - cybercrime has become commercialized. This means that many of the components of an attack are sold on the dark web and criminals can now launch cyberattacks without needing knowledge around coding. Attacks can also be launched more quickly and relaunched very easily with just a slight change, allowing criminals to be more persistent than ever when trying to breach a network. IT staff will need to be increasingly proactive in their approach to cybersecurity to keep up with constantly evolving threats. Even the most sophisticated defense strategies will become ineffective if they’re not regularly tested and kept current. While able to mimic human behavior with artificial intelligence, hackers are outpacing many organizations when it comes to the technology and hacking techniques used to attack them.

Third-Party Risk Management

Attacks via third parties are increasing every year as reliance on third-party vendors continues to grow. Organizations must prioritize the assessment of top-tier vendors, evaluating their network access, security procedures, and interactions with the business. Unfortunately, many contradicting factors make this assessment difficult including a lack of resources and an increase in organizational costs and insufficient processes. Despite these challenges, the constant changes in compliance policies, insecure connectivity to resources and sensitive data, and lack of up-to-date risk visibility on current third-party ecosystems can lead to loss of productivity, monetary damages, and loss of reputation.

Existing Tool Sets Aren’t Cutting It

As the months progress, organizations will notice the efficiencies of their current toolsets and must determine exactly how to maximize their return on such investments. To help to do this successfully, organizations can take a look at a programmatic process that involves the following actions:

●    Define who vendors are and what inherent risks they present

●     Analyze results from assessments and provide risk-based scores based on the broad ecosystem

●     Remediate risks raised from completed assessments

●     Stay up to date on industry and regulatory compliance policies

●     Optimize security programs to adapt to changing requirements

Initiating this programmatic process means creating a cybersecurity program that emphasizes:

●     Standard, repeatable methodology

●     A roadmap to program maturity with defined milestones and goals

●     Onboarding vendors through a tiered approach, categorizing and providing inherent risk scores

●     Asking the right questions

●     A collection method that enables flexibility and scale

●     Continuous monitoring of the security program based on success criteria

A Focus on Digital Trust

The focus on privacy has ramped up, with a lens towards digital trust. As organizations work to build customer-focused, digital business models, it’s critical to consider the role of trust and privacy in the customer journey. Delivering digital trust isn’t a matter of propping up a highly secure website or app, or avoiding a costly, embarrassing data breach. It is about creating a digital experience that exceeds customer expectations, allows virtually frictionless access to goods and services, and helps protect customers’ right to privacy while using the data they share to create a customized and valuable experience.

Attack Surface Management

As the attack surface expands, so do the number of different security solutions that an enterprise must manage. Just a few years ago, a cybersecurity organization needed to manage a handful of security solutions. Today, this number has grown into a substantial snowball for many organizations. Multiple point solutions are layered on top of each other to fill potential gaps. And though it may vary from one organization to the next, many enterprise use point products ranges between 6 and 50. Enterprise security leaders add these multiple-point solution layers to make it more difficult for a bad attacker to succeed. However, in some instances, point-product solutions can add complexity and obstruct cybersecurity professionals from detecting and preventing attacks. They also add costs and require more staff resources. This is where effective monitoring and alerting play a key role. The cloud is more application-driven and governed partially by security controls at the network layer, but largely at the application layer through identity and roles. Just as data classification is important for Zero Trust and Data Loss Prevention (DLP), identity and role activity are just as important to enumerate to alert anomalous behavior.

The job is never finished when it comes to the cybersecurity of an organization. This means staying one step ahead of the next potential threat. Looking ahead now, means better preparation for the future.

About the author: Bindu Sundaresan, CISSP, CEH, CISM, is a Director at AT&T Cybersecurity. She has over 15 years of information security and risk management consulting experience across various industries with multiple Fortune 50 clients. Ms. Sundaresan maintains CISSP, CISM, CEH and Microsoft certifications and is a published author in The ISSA Journal, CSO Magazine and has published numerous articles and whitepapers on information security and is a frequent speaker on the topic.

About the Author

Bindu Sundaresan, CISSP, CEH, CISM | Director at AT&T Cybersecurity

Bindu Sundaresan, CISSP, CEH, CISM, is a Director at AT&T Cybersecurity. She has over 15 years of information security and risk management consulting experience across various industries with multiple Fortune 50 clients. Ms. Sundaresan maintains CISSP, CISM, CEH and Microsoft certifications and is a published author in The ISSA Journal, CSO Magazine and has published numerous articles and whitepapers on information security and is a frequent speaker on the topic.