February 2, 2018
Ed Snodgrass, CISO, Secure Digital Solutions
2017 was a busy year for cybersecurity professionals and the organizations they’re chartered to protect. In addition to several high-profile breaches, some new themes continued to emerge and develop as did – unfortunately – some old ones, making the design and implementation of an effective cybersecurity strategy even more difficult.
Attack surfaces increased significantly due largely to the rapid expansion of cloud infrastructure and cloud-based services and applications, data center virtualization and the addition of millions of connected devices, forcing companies to extend their security posture externally in an attempt to protect an ever-dissolving perimeter. Companies use hundreds of applications that span internal networks, cloud services and remote devices, making security incredibly dynamic and complex.
2017 also saw a huge increase in the commoditization of ransomware. Ransomware-as-a-service and malware-as-a-service can now be purchased on the dark web in addition to a service known as fully undetected that allows cybercriminals to upload code and malware to an analysis service for a fee. Upon completion of the analysis service, uploaders receive a report detailing whether commercial security technologies can detect it, allowing for refinement of the malware to better defeat security tools employed by a targeted organization.
Not all trends were new. Security ‘housekeeping’ suffered significantly in 2017. Inefficient/ineffective patching and failure to sunset potentially vulnerable legacy apps and processes contributed to the vast number of exploits that targeted known vulnerabilities. WannaCry targeted vulnerabilities for which the respective vendors had already released a patch. On its heels, Petya targeted the same fixable vulnerability.
Bottom-line? Cybersecurity is a tough gig – at every level. Some days it seems like pushing sand up a sand dune. There are, however, some things that can make a difference in terms of creating and enhancing an effective cybersecurity strategy despite the dynamic landscape. I recently read an article about cybersecurity in 2018 that quotes, among others, Lenny Zeltser, Vice President of Products at Minerva in which he talks about some of the cybersecurity strategy ‘difference makers’. While I could provide my take, I think Lenny does it extremely well. He suggests the following:
- Evaluate the gaps that exist in the current security controls and processes.
- Determine if there is any additional protection to be gained through configuration of existing security tools or implementing controls and features that aren’t currently being used in the products you already have.
- Consider whether any new security investment adds unique value and ensure that it doesn’t simply overlap existing security controls.
He sums up with, “Organizations should understand the gaps in their security mechanisms and address them by getting the most out of their existing products and augmenting them with mechanisms that compensate for the remaining gaps.”
Our team here at TrustMAPP agree the three points highlighted by Mr. Zeltser are key to having a successful security strategy. This is why we’ve done our part in automating cyber security program strategy activities, improvement tracking and reporting. With TrustMAPP teams address the three points above and gain clarity of investment and effectiveness of existing countermeasures.
For additional content on this subject read the story on TechTarget “CISO’s map out their cybersecurity plan for 2018“.