Solving cybersecurity challenges
John Grancarich, Executive Vice President Product & Growth Strategy at HelpSystems (now Fortra), talks about the steps to enhance your organisation’s cybersecurity resilience
What are the biggest attack vectors we need to watch out for in 2023?
Phishing and credential theft will likely remain at the top of the list for 2023 and with good reason: they’re an effective strategy where the odds are stacked in an attacker’s favor. Think about it: an organisation needs to be right 100% of the time, while the attacker only needs to be right once. Who’s likely to come out on top? The attacker of course, unless an organisation doubles down on mitigation from both a solutions and training perspective.
Something else to keep in mind is that these attack vectors, due to their success, are coming in ever greater varieties to further improve an attacker’s chances of success. Just look at how phishing has evolved – we now have spear phishing, smishing, and vishing, among others. In the wrong hands, these vectors will open opportunities to launch business email compromise attacks, supply chain and partner attacks, and of course, ransomware attacks – which we believe now affect upwards of 90% of organisations at one time or another.
What are your tips for CISOs to build cyber resilience?
I speak with CISOs and their teams regularly and have noticed a somewhat troubling trend: many are not quite sure where to focus their time and resources to build organisational resilience. When we dig deeper, there is an interesting root cause we often hear, which is that organisations are trying to treat all assets equally from a defense perspective. However, given the incredibly dynamic nature of the threat landscape, this is going to be all but impossible to do.
I think the way to start solving that problem is decidedly old school, but in my experience, quite effective: the business, IT, and security leaders need to come together and have a conversation to define what is actually most important to protect. It could be your intellectual property, your financial data, or something similarly critical, but you need to know what it is, where it is and how to protect it. Despite the hype and confusion, in my view, this is where zero-trust architecture comes in. By starting out focused and not trying to boil the proverbial ocean, you can prioritise this architecture around your most valuable assets and then proceed methodically from there.
Why is security automation important?
We have over 3 million open cybersecurity jobs around the world, and these are difficult jobs to train and prepare for – you can’t just drop someone into a security operations role and task them with protecting your organisation against attacks. Anyone who’s tried to hire just one developer or IT professional knows how hard it is, and yet we’re somehow going to hire millions of new cybersecurity professionals? It’s not going to happen, and we need to rethink the problem and how we’re going to solve it.
Every industry is ultimately revolutionised by automation when demand for output outstrips the supply of skilled labor. Cybersecurity today is no different. We have too many vendors, too many products, and too many alerts, which creates an unsustainable signal-to-noise ratio. We have frustrated and burnt-out cybersecurity professionals who were promised a balance of professional challenges and growth, but in reality, find themselves facing challenges of a very different and undesirable nature. And this is where automation will play a key role in maturing the cybersecurity industry over the next several years. We can use it to amplify what a single professional can accomplish by taking on the routine, repetitive, and high-volume work that weighs them down and free them up to focus on more rewarding and higher-value work like security architecture, research, and strategy.
How can regional enterprises protect against ransomware attacks?
Something we need to keep in mind is that ransomware is the output of a successfully exploited attack vector, whether that be credential theft, phishing, exploiting a vulnerability, or something else. The better an enterprise does at monitoring, protecting, and evolving how it protects against the attack vectors, the more successful it will be. So how do you do this?
A key strategy is ongoing testing. Utilising a testing strategy that encompasses automated and non-automated tools regularly is going to yield insights about an enterprise’s security posture that will likely come as a surprise. By combining both automated and non-automated testing – from vulnerability assessment and management to penetration testing and red teaming – an enterprise will develop a valuable view of where it is most resilient and where it is not. It can then prioritise where it focuses its remediation efforts and resources to yield the most benefit for the organisation.