www.securityweek.com
Open in
urlscan Pro
2606:4700:20::6818:a103
Public Scan
URL:
https://www.securityweek.com/its-time-to-reassess-your-cybersecurity-priorities/
Submission: On July 10 via api from US — Scanned from DE
Submission: On July 10 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
GET https://www.securityweek.com/
<form method="get" id="zox-search-form" action="https://www.securityweek.com/">
<input type="text" name="s" id="zox-search-input" value="Search" onfocus="if (!window.__cfRLUnblockHandlers) return false; if (this.value == "Search") { this.value = ""; }"
onblur="if (!window.__cfRLUnblockHandlers) return false; if (this.value == "Search") { this.value = ""; }">
<input type="submit" id="zox-search-submit" value="Search">
</form>Name: ccoptin — POST https://visitor.constantcontact.com/d.jsp
<form class="sw-newsletter-cc" style="" method="post" target="_blank" action="https://visitor.constantcontact.com/d.jsp" name="ccoptin">
<input type="hidden" value="1102592012458" name="m">
<input type="hidden" value="oi" name="p">
<div class="form-item">
<input type="text" class="form-text required" value="" placeholder="Business Email Address..." size="60" name="ea" maxlength="128">
<input type="submit" class="submit" value="Subscribe" name="go">
</div>
</form>Name: ccoptin — POST https://visitor.constantcontact.com/d.jsp
<form class="sw-newsletter-cc" style="" method="post" target="_blank" action="https://visitor.constantcontact.com/d.jsp" name="ccoptin">
<input type="hidden" value="1102592012458" name="m">
<input type="hidden" value="oi" name="p">
<div class="form-item">
<input type="text" class="form-text required" value="" placeholder="Business Email Address..." size="60" name="ea" maxlength="128">
<input type="submit" class="submit" value="Subscribe" name="go">
</div>
</form>Text Content
SECURITYWEEK NETWORK: * Cybersecurity News * Webcasts * Virtual Events ICS: * ICS Cybersecurity Conference * Malware & Threats * Cyberwarfare * Cybercrime * Data Breaches * Fraud & Identity Theft * Nation-State * Ransomware * Vulnerabilities * Security Operations * Threat Intelligence * Incident Response * Tracking & Law Enforcement * Security Architecture * Application Security * Cloud Security * Endpoint Security * Identity & Access * IoT Security * Mobile & Wireless * Network Security * Risk Management * Cyber Insurance * Data Protection * Privacy & Compliance * Supply Chain Security * CISO Strategy * Cyber Insurance * CISO Conversations * CISO Forum * ICS/OT * Industrial Cybersecurity * ICS Cybersecurity Conference * Funding/M&A * Cybersecurity Funding * M&A Tracker * Cybersecurity News * Webcasts * Virtual Events * ICS Cybersecurity Conference Connect with us * * * Hi, what are you looking for? SECURITYWEEK * Malware & Threats * Cyberwarfare * Cybercrime * Data Breaches * Fraud & Identity Theft * Nation-State * Ransomware * Vulnerabilities * Security Operations * Threat Intelligence * Incident Response * Tracking & Law Enforcement * Security Architecture * Application Security * Cloud Security * Endpoint Security * Identity & Access * IoT Security * Mobile & Wireless * Network Security * Risk Management * Cyber Insurance * Data Protection * Privacy & Compliance * Supply Chain Security * CISO Strategy * Cyber Insurance * CISO Conversations * CISO Forum * ICS/OT * Industrial Cybersecurity * ICS Cybersecurity Conference * Funding/M&A * Cybersecurity Funding * M&A Tracker RISK MANAGEMENT IT’S TIME TO REASSESS YOUR CYBERSECURITY PRIORITIES A cyber resilience strategy is vital for business continuity and can provide a range of benefits before, during, and after a cyberattack. By Torsten George July 10, 2024 * * Flipboard Reddit Whatsapp Whatsapp Email This article marks my 100th column for SecurityWeek over a ten-year span. This milestone has prompted reflection on my initial goal of educating the market about the essentials of cybersecurity. Unfortunately, not much has changed. Cyber breaches are now bigger and worse than ever. Hardly a week goes by without headlines about a new devastating cyberattack. In fact, the International Monetary Fund reports that the number of cyberattacks has more than doubled since the pandemic. And, when it comes to breaches, the shift to work-from-anywhere hasn’t helped either. Many companies had to adopt a “move first, plan later” approach and leave their network-centric security bubble behind that allowed IT teams to own and control most of the network. Ultimately, punching holes in existing security controls in the name of business continuity created vulnerabilities and exposed many organizations to increased risks. Cyber adversaries capitalized on the rapidly changing environment by intensifying their attacks and targeting the weakest link in the attack chain – the remote worker. Despite the advancements in technologies, strategies, and artificial intelligence employed by security experts and threat actors alike, one thing remains constant: the human element. Humans are fallible—a fact that threat actors frequently exploit through phishing and social engineering campaigns to establish a foothold in their victim’s IT environment. Ultimately, hackers don’t hack in anymore—they log in using weak, default, stolen, or otherwise compromised credentials. Many breaches can be prevented using basic cyber hygiene tactics, coupled with a Zero Trust approach. Yet most organizations continue to invest the largest percentage of their security budget in protecting their network perimeter rather than focusing on security controls that can effect positive change to protect against the leading attack vectors: credential abuse and compromised endpoints. This is a big mistake. Implementing an effective enterprise security strategy requires understanding hackers’ tactics, techniques, and procedures (TTPs). Security practitioners must review the entire cyberattack lifecycle to gain a full grasp of the areas that need to be addressed as part of an in-depth cyber defense approach. Here are six best practices for defeating most attacks, hopefully making my reflections 10 years from now more positive. Go Beyond Passwords Advertisement. Scroll to continue reading. Simple static passwords are not enough, especially for sensitive enterprise systems and data. With static passwords, there is no way to know if the user accessing data is valid or just someone who bought a compromised password from the millions found on the Dark Web. Organizations need to realize that multi-factor authentication (MFA) is the lowest hanging fruit for protecting against compromised credentials. The recent data breach at Snowflake, which impacted Ticketmaster and other organizations, illustrates how the lack of proper identity and access management best practices can derail a business’s security posture. Identities include not just people but also workloads, services, and machines. Non-human identities represent the majority of “users” in many organizations. Machine identities, often associated with privileged accounts, typically have a much larger footprint than traditional human privileged accounts within modern IT infrastructures. This is especially true in DevOps and cloud environments, where task automation plays a dominant role. Organizations should transition to a dynamic password approach. These ephemeral, certificate-based access credentials address the major security issues plaguing static passwords without impacting usability and agility in highly digitalized IT environments. Boosting Endpoint Security Once in possession of stolen, weak, or compromised credentials, attackers leverage brute force, credential stuffing, or password spraying campaigns to gain access to their target environment. Increasingly, cyber adversaries take advantage of the fact that organizations and their workforce rely on mobile devices, home computers, and laptops to connect to company networks. In turn, these endpoint devices become the natural point of entry for many attacks. A Ponemon Institute survey revealed that 68 percent of organizations suffered a successful endpoint attack within the last 12 months. To disrupt the cyberattack chain and minimize risk exposure, organizations should deploy security tools like data loss prevention, disk and endpoint encryption, endpoint detection and response, and anti-virus or anti-malware. Cloud(y) with a Chance of a Data Breach Understanding the threats, risks, and vulnerabilities associated with cloud environments is critical to preventing data breaches. Organizations need to understand that securing access to cloud environments is their responsibility. This begins with implementing a common security model across on-premises, cloud, and hybrid environments, while avoiding identity sprawl by repurposing existing identity repositories to broker authentication and access to cloud environments. Tackling the Supply Chain Hazzard As companies improve their defenses against direct network attacks, hackers shift their focus to the weakest link by exploiting the supply chain to gain backdoor access to IT systems. Organizations need to monitor and manage IT security risks downstream in the supply chain. This entails implementing advanced supplier risk management practices, securing the software development pipeline, and cybersecurity essentials like hardening the environment, multi-factor authentication, and enforcing least privilege. Risk-Based Prioritization Effective prioritization of vulnerabilities and incidents is crucial for staying ahead of attackers. While security monitoring generates significant data, its raw form remains only a means to an end. Information security decision-making should be based on prioritized, actionable insights derived from correlating internal security data with business criticality and external threat intelligence. Without a risk-based approach, organizations are in danger of allocating valuable IT resources to mitigate vulnerabilities that pose little or no threat to the business. Cyber Resilience: Balancing the Right and Left of the Boom More and more cyber risk and security management frameworks are adopting the concept of cyber resilience, such as the Department of Homeland Security’s Cyber Resilience Review (CRR) or the National Institute of Standards and Technology (NIST) Special Publication 800-160 Volume 2. Leading analyst firms like Gartner advise clients to shift their cybersecurity priorities from defensive strategies to the management of disruption through resilience to make a real difference to the impact of cybersecurity incidents. A cyber resilience strategy is vital for business continuity and can provide a range of benefits before, during, and after a cyberattack, such as enhanced security posture, reduced financial loss, improved compliance posture, enhanced IT productivity, heightened customer trust, and increased competitive edge. Conclusion Achieving 100 percent protection in cybersecurity is unattainable. However, by supplementing traditional perimeter defense mechanisms with principles of identity management, endpoint security, cloud and supply chain risk management, risk-based prioritization, and shifting towards cyber resiliency, organizations can significantly reduce their exposure to data breaches. I look forward to my next 100 columns with SecurityWeek before ultimately retiring. Many thanks to Mike Lennon and his team, as well as you—the readers of my articles. Written By Torsten George Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell). MORE FROM TORSTEN GEORGE * Upleveling the State of SMB Cybersecurity * Shields Up: How to Minimize Ransomware Exposure * Cybersecurity Mesh: Overcoming Data Security Overload * The Imperative for Modern Security: Risk-Based Vulnerability Management * How to Align Your Incident Response Practices With the New SEC Disclosure Rules * Refocusing on Cybersecurity Essentials in 2024: A Critical Review * Five Cybersecurity Predictions for 2024 * Lost and Stolen Devices: A Gateway to Data Breaches and Leaks LATEST NEWS * US Disrupts AI-Powered Russian Bot Farm on X * ICS Patch Tuesday: Siemens, Schneider Electric, CISA Issue Advisories * Microsoft Warns of Windows Hyper-V Zero-Day Being Exploited * Adobe Issues Critical Patches for Multiple Products, Warns of Code Execution Risks * BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol * Command Zero Emerges From Stealth Mode to Speed Up Cyber Investigations * SAP Patches High-Severity Vulnerabilities in PDCE, Commerce * Evolve Bank Data Breach Impacts 7.6 Million People Click to comment TRENDING SUPREME COURT RULING THREATENS THE FRAMEWORK OF CYBERSECURITY REGULATION MICROSOFT BANNING ANDROID PHONES FOR STAFF IN CHINA TWILIO CONFIRMS DATA BREACH AFTER HACKERS LEAK 33M AUTHY USER PHONE NUMBERS BLASTRADIUS ATTACK EXPOSES CRITICAL FLAW IN 30-YEAR-OLD RADIUS PROTOCOL ATTACKERS EXPLOITING REMOTE CODE EXECUTION VULNERABILITY IN GHOSTSCRIPT HACKER STOLE SECRETS FROM OPENAI MANDIANT HIGHLIGHTS RUSSIAN AND CHINESE CYBER THREATS TO NATO ON EVE OF 75TH ANNIVERSARY SUMMIT RANSOMWARE GANG LEAKS DATA ALLEGEDLY STOLEN FROM FLORIDA DEPARTMENT OF HEALTH DAILY BRIEFING NEWSLETTER Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. VIRTUAL EVENT CLOUD & DATA SECURITY SUMMIT July 17, 2024 Learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Register EVENT: ICS CYBERSECURITY CONFERENCE Oct. 21-24, 2024 | Atlanta The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity. Register PEOPLE ON THE MOVE Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer. Outpost24 has appointed Ido Erlichman as its new Chief Executive Officer. Managed security platform Deepwatch has named John DiLullo as Chief Executive Officer. More People On The Move EXPERT INSIGHTS HOW TO FIX A DYSFUNCTIONAL SECURITY CULTURE Moving from a state of indifference about security to a place where users actively champion it can be transformed through a focused effort. (Stu Sjouwerman) CLOUDY WITH A CHANCE OF CYBERATTACK: UNDERSTANDING LOTC ATTACKS AND HOW ZTNA CAN PREVENT THEM With Living Off the Cloud (LOTC) attacks, hackers abuse APIs of trusted cloud services to remotely control botnets but also to make malicious traffic appear as trusted cloud traffic. (Etay Maor) HOW INTELLIGENCE SHARING CAN HELP KEEP MAJOR WORLDWIDE SPORTING EVENTS ON TRACK The Olympic Games is only 29 days long, so set up and take down is a very intense period, where the threat actors can take advantage. (Marc Solomon) FROM THE SOC TO EVERYDAY SUCCESS: DATA-DRIVEN LIFE LESSONS FROM A SECURITY ANALYST By taking a data-driven approach to life, grounded in truth and facts, we can improve our chances of making better decisions and achieving better results. (Joshua Goldfarb) THE PERILOUS ROLE OF THE CISO: NAVIGATING MODERN MINEFIELDS As organizations grapple with the implications of cybersecurity on their bottom line and reputation, the question of whether the CISO role is worth the inherent risks looms large. (Jennifer Leggio) * * Flipboard Reddit Whatsapp Whatsapp Email * * * POPULAR TOPICS * Cybersecurity News * Industrial Cybersecurity SECURITY COMMUNITY * Virtual Cybersecurity Events * Webcast Library * CISO Forum * AI Risk Summit * ICS Cybersecurity Conference * Cybersecurity Newsletters STAY INTOUCH * Cyber Weapon Discussion Group * RSS Feed * Security Intelligence Group * Follow SecurityWeek on LinkedIn ABOUT SECURITYWEEK * Advertising * Event Sponsorships * Writing Opportunities * Feedback/Contact Us NEWS TIPS Got a confidential news tip? We want to hear from you. Submit Tip ADVERTISING Reach a large audience of enterprise cybersecurity professionals Contact Us DAILY BRIEFING NEWSLETTER Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox. * Privacy Policy Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved. Close