How to respond to the threat landscape

Understanding widespread security threat trends helps create security issue awareness, but often is not the best focus for security teams. Security and risk management leaders should confront the threat landscape based on a continuous assessment of threat and business evolutions.

Security and risk management leaders overseeing security operations should follow these four recommendations: 

CISOs might suffer from breach and threat statistic fatigue but must still quickly assess the organization’s security posture when business executives ask about newsworthy incidents.

Unfortunately, sometimes statistics are the only tool security professionals have. These statistics can be valuable however, only when put into the context of your particular business risks as supporting facts, rather than to replace a business case.

 

The threat still begins with traditional and well-known entry points, such as email. 

Attacks on emails remain the easiest way for attackers to breach an organization, as shown by these statistics:

  • Email delivery is involved in 94% of malware detection.
  • Phishing is present in 78% of cyber espionage incidents.
  • Losses of over $1.2 billion came from business email compromise in 2018.

 

An emerging microtrend indicates that identities are now taking new forms. 

Identity is the new treasure for cybercriminals, and CISOs don’t yet fully comprehend the extent of the challenge:

  • 64% of stolen records in 2018 were stolen identities.
  • 29% of breaches involved the use of stolen credentials.
  • Yet, only 19% of CISOs think they encountered a stolen credential incident in 2018.

 

Security and risk management leaders must evaluate their future security purchase for a specific threat vector, instead of issuing an RFP to compare similar solution from a single market. They should benchmark all the considered security solutions from multiple market silos against the same relevant evaluation metrics for the assigned threat vectors.

Security and risk management leaders must evaluate their future security purchase for a specific threat vector, instead of issuing an RFP to compare similar solution from a single market. They should benchmark. Security leaders should focus on the discovery of new business and technology practices within the organization.

 

A CISO and thier team must:

  • Maintain a culture of trust between teams to be aware of experimental business and technology approaches
  • Be flexible in the evaluation of emerging security practices through pilots and experiments
  • Build a continuous exposure assessment that goes beyond ad hoc threat report 

A resilient organization has the following qualities:

 

  • Rebounds, resumes and sustains decision making quickly
  • Coordinates, manages and mitigates organizational risks on a continuous basis
  • Operates with dispersed, but interdependent operations, electronically and physically
  • Is communicative, collaborative, cooperative and creative
  • Fosters a diverse and empowered workforce
  • Invests in an adaptive, elastic and flexible infrastructure — physical, IT and suppliers
  • Has committed leadership and program management
  • Embeds resilience into the culture of the organization, and leverages its “resilience story” to be competitive and prosper
Gartner predicts that, through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year