As we prepare to toss out our old calendar and hang up a new one, it’s critical for CISOs to begin preparing their cyber new year's resolutions. Attackers are evolving just as fast as (if not faster than) security teams can adapt their defences. Couple that with the fact that networks are becoming increasingly huge, complex and dynamic, and it’s clear that the old techniques for warding off attackers are no longer adequate. Let's look at five resolutions that CISOs should consider in order to stay ahead of the game in 2020.
1. Enlist the help of a managed security service provider (MSSP)
In today's complex world, handling cybersecurity with your own resources is often a losing strategy. Most organisations need to shift the responsibility of defending their critical assets to an MSSP. As attack surfaces expand, it's imperative to understand the weak points within your security posture. This is a complex and comprehensive task often best left to external experts.
2. Remember this mantra: Cloud, Cloud, Cloud
Real estate agents often repeat the mantra "location, location, location." In a nutshell, the phrase emphasises the importance of location when considering the value of a property. Expect big players who still rely on on-prem to develop their own mantra: "Cloud, cloud, cloud." As large organisations migrate in greater numbers and reap the benefits of cloud, they'll need to do a better job of understanding how one small misconfiguration error can jeopardise an organisation's most valuable assets.
3. Automation: Do more, with less
Historically, penetration testing has been conducted by security experts -- ethical “white hat hackers” who apply their knowledge of how to breach defences to the task of penetrating an organisation’s networks.
Breach and attack simulation (BAS) tools automate the testing process by performing the cycle of scan, exploit and repeat while providing insight on security gaps and reducing the manual effort needed to test. BAS tools also offer another edge: They provide a dynamic window into an organisation's defences through continuous testing, rather than taking a single snapshot of a moment in time.
Because the standard vulnerability tools are not good enough, CISOs will need to shift to a smarter and more concrete prioritisation. Choose tools that know how to digest all your problems and malfunctions. At the same time, pick the ones that look for vulnerabilities and tell you how to remediate them.
Vulnerability management (VM) is a recommended best practice to protect your organisation and data. VM refers to an ongoing, comprehensive process or program that aims at managing an organisation’s vulnerabilities in a holistic and continuous manner.
Automation has unlocked extraordinary efficiency gains across virtually every industry, especially in developed countries where the technology is more mature. The security realm is no exception. When you don't have a large enough team -- and there are thousands of products to evaluate within IT security -- efficiency is an absolute mandate.
4. Prioritise better than the attackers
There is no more room for tools that give you long lists with endless things to remediate. The CISO needs to clearly understand what the most critical problems are and what to do in advance. In short, the CISO needs to be prepared and ready to know how to prioritise concrete things. In 2020, this will be the most cost-effective way to defend your critical assets.
Just like CISOs, hackers have their constraints and will need to prioritise in order to find easier targets with the least resistant points. Your duty is to keep your organisation from becoming a potential target. Your house should look safe and be more protected than your neighbour’s house.
Hackers will make full use of automated tools to try to infiltrate your systems and cause extraordinary damage to your most critical assets. If you don't leverage the power of automated tools to the same degree, you'll be at a significant disadvantage. Spreading a few simulators around the network isn't a viable solution. The critical tools needed to detect, investigate and respond to targeted attacks require a holistic view of the attack lifecycle and a real-world understanding of the attacker’s intent.
In short, automated tools are the only way that we can ensure that we're always one step ahead of the attacker. A smart CISO in 2020 will have BAS and second-generation VM as priorities, in order to find the most critical vulnerabilities and prioritise remediation.
5. IT hygiene: Don’t worry, be healthy
Many cyberattacks are surprisingly unsophisticated – so simple, in fact, that most of them could be prevented just by incorporating some basic best practices. Hackers no longer need to put in the time-consuming effort necessary to elaborate new attacks, because they know they can sneak through companies’ defences just by taking advantage of poor IT hygiene.
In order to keep the best security posture, keep your IT hygiene in good shape in 2020. How? Look for security tools that can continuously understand your IT hygiene problems, pinpoint the most critical IT problems to be fixed, and provide guidance for how to correct them. A system is like a human body: it needs to be clean and healthy.
As we head into a new decade, it’s important for CISOs to reassess the strengths and weaknesses of both their network security and the analysts employed to keep things secure. Every enterprise has its own, unique threat landscape, and it’s necessary for CISOs to identify the solutions that fit their specific needs.
Boaz Gorodissky, Co-founder and CTO, XM Cyber