Cybersecurity must become more robust as a result of rising technological disruption, but CISOs must be explicit about the technology to be deployed.
Today’s cybersecurity perimeter is under continuous evolution, acting more as an organism than the castle walls we once imagined. Globally synchronized attacks, state-sponsored hackers, and growing hacking communities within the deep and dark web create confusion when trying to separate fact from fiction. The truth is, accurate mitigation techniques of yesterday may become the vulnerabilities of tomorrow.
Here are 5 common misconceptions that CISOs must challenge:
1. Mac is safer than Windows
‘Microsoft Defender’, ‘Windows Defender’, and now ‘Windows Security’. should offer all the security you need for a company that defends its own OS. Yet, ProxyLogon, ProxyShell, PrintNightmare, and HiveNightmare showed us otherwise. Microsoft Defender did little to halt any of the ransomware attacks by Hafnium and Conti gangs that relied on a 12 year old privilege escalation vulnerability.
Yet, Apple admitted earlier this year that macOS has a malware problem.
This means that the few servers and endpoints running on macOS are now valuable targets for threat actors interested in high-value attacks.
Meanwhile, Macs are prone to malware that beat the built-in security technologies, and the OS gives SOC teams virtually no visibility into what is happening on Mac endpoints. .
2. Detection above prevention
As CISOs and teams build up their detection techniques, preventative measures are vital. The return on hacking has never been better and restoring your network may take months. Vendors must replace signature-based detection with static AI engines that can prevent most types of malicious PE files. More importantly, CISOs should reject vendors that tell them prevention isn’t possible.
3. Mobile security is optional
Both Google and Apple take steps to secure mobile OSs. Despite their best attempts, the biggest exploit out there wasn’t developed by a nation-state actor but by the NSO Group. Mobile attacks are real and CISOs should apply mobile threat defense measures to keep track of user and device behavior and actions.
4. Backup and forget it
The world of information security moves fast, and what was true yesterday is not necessarily true today. In the last few years, we’ve seen NotPetya, WannaCry, and evolving ransomware.
By 2019 we saw the first human-operated ransomware gangs – Maze and DoppelPaymer – pivot to a double-extortion method: denial-of-access to files via encryption with the threat of public data leaks on top.
CISOs now know ransomware operators can afford to buy botnets and hit their networks with DDoS till they are forced to pay. Buying Initial Access from other criminals, some are known to pay human operators (aka “affiliates”) to carry out attacks. Once an attack occurs, backups will not help when the gang leaks or sells enterprise IP and customer data.
5. Bots over people
The cybersecurity skills shortage is real, but while automation can make valuable contributions to productivity and efficacy, automation will never replace the human element in the cybersecurity equation.
Three years ago, organizations relied on static analysis of PEs and other executable files to detect and prevent malware. Then, fileless, script-based attacks, and lateral movement attempts successfully began penetrating enterprise networks. Meanwhile, the ransomware economy created a massive network of affiliates that used new spam techniques to bypass traditional solutions.
[box type=”shadow” align=”” class=”” width=””]While humans need technology to help scale, maximize productivity, eliminate mundane tasks, and create focus on critical items needing attention, bots won’t replace the ability to manage new scenarios in real time.[/box]
Conclusion
Cybersecurity is a complex business, but getting the basics right is the first step. Reduce your dependencies on OS vendors, deploy on-device endpoint protection that offers visibility across your entire estate, and retain cybersecurity talent: these are all sound starting points for every CISO.
Meanwhile, try to see through the misconceptions that are passed around on a regular basis and remain up to date on today’s ever-evolving threat landscape.
[author title=”Author” image=”http://”]Diwakar Dayal, MD, SentinelOne[/author]
Disclaimer: The views expressed in this article are those of the author and do not necessarily reflect the views of the Economic Times – ET Edge Insights, its management, or its members
