Same Soup, Reheated – Dismantling the Modern Attack

While threat actors constantly adapt and evolve their techniques, the tactics they employ remain limited and unchanging. A CISO with an understanding of modern attack trends can hone their focus on enduring tactics, rather than ever-changing techniques, to reverse the adversarial advantage and enable the business to better anticipate and defend against threat actors.

Recently, the Dallas CISO Community had a virtual discussion about the challenges and best practices in dismantling the modern attack. Anthony (Tony) Lauro, Director of Security Technology and Strategy at Akamai Technologies, set up the discussion, and Dallas CISO Governing Body members Scott Moser, SVP, Chief Information Security Officer at Sabre Corporation, Harold Rivas, SVP and CISO at Trellix, Patrick Benoit, CISO at Brinks, and Shamoun Siddiqui, VP, CISO at Upbound, led the small group discussions.

Lauro kicked off the conversation by observing that the news stories about data breaches and ransomware attacks do not indicate that security was not being done correctly by the organizations that these events happen to. Lauro noted that security leaders are always preparing for a big cybersecurity event, but asked CISOs to think about the question, “What if it wasn’t a big thing, but a little thing, like operational changeovers that didn’t take place properly, unauthenticated APIs, or certificates expiring?”

He challenged CISOs in their discussion groups to not only think about strategies to protect against new and emerging threats, but also any misses, gaps or “old threats” that may come their way, too. CISOs look at the key areas of risk as a business and are now increasingly focusing on resilience, or limiting the impact of an attack and “keeping the lights on,” as Lauro stated.

Ultimately, he noted, CISOs are trying to protect the interests of the company and keep the business operating. With many areas of the organization that could be at risk, CISOs are strategizing about what to do differently to address threats and have visibility into the problem each time.
 

Key Takeaways from the Discussion

1. Focus on operational resilience.

CISOs said that a central theme of their discussion groups was the idea of resilience, and while it has always been part of the cybersecurity playbook, it’s more of a focus area this year. Security leaders said that the prevailing view is that “eventually, something is going to happen,” rather than “it will never happen to us.” Thus, preparing for how the organization is equipped to respond is more important now than ever. 

As one CISO pointed out, the key question with resilience is determining what will happen if 30 of your company’s 100 systems go offline and whether or not the remaining systems will keep operating as usual. As the security leaders said, resilience is having a strategy in place to keep the business running “when something breaks.”

Another CISO said that resilience should be built into every functionality of your platforms. Some executives shared that if you assume that something will happen or has already happened, you should think about your company’s “resilience score,” reflecting the total impact of a breach or attack.
 

1. Create alignment across the enterprise.

With the objective of creating improved operational resilience, security leaders noted that you have to think about all the teams that work together, such as legal, communications, HR, and more. This cross-functional collaboration is the idea being built into cyber fusion, or a unified group incorporating all security and related functions. 

Some security executives said that their idea of cyber fusion was primarily an incident response model or approach, rather than a fixed group. Others noted that resilience requires you to address your greatest risk areas – and as one discussion group pointed out, you cannot overlook human failures. Another CISO said that you need to enable visibility into the security organization so that internal stakeholders understand why you are taking certain actions and what they can do to help.
 

1. Tools and strategies for risk management.

CISOs also discussed the best tools for managing risk, but some said that “the devil is in the gaps between best-in-breed tools.” They agreed that tools must be viewed holistically inside of a complete risk management plan. 

Security leaders also noted that they have to ensure that they are executing the full and proper implementation of the tools they already have. As one said, tools are often not implemented to the “full degree of their capabilities.” That means that buying more tools is not necessarily the solution. 

Another CISO pointed out that “point solutions don’t make up for a lack of training.” They generally agreed that making the tools that you have work is the best place to start. One CISO also shared that you cannot forget about “processes and people” when it comes to holistic risk management.

Overall, security leaders agreed that their organizations are following security basics, while focusing on cyber resiliency. As one CISO summarized it, they are being careful not to “overlook basic hygiene while focusing on shiny new attacks.”
 

CISOs can continue the discussion on cybersecurity threats, risk management and operational resilience at an upcoming Evanta community gathering. If you are already an Evanta community member, you can register in MyEvanta, or you can apply to join a community of your CISO peers to stay fully up-to-date on key topics like these for security leaders.
 

by CISOs, for CISOs
 

Join the conversation with peers in your local CISO community.