What advice would you give security practitioners regarding evolving cyber threats?

2.1k views1 Upvote6 Comments

Chief Technology Officer, Self-employed
Just like you can’t defend what you can’t see, another hard truth is that you can’t secure that which you don’t understand. I think the #1 issue in this space today is the pace of change and the difficulty that security practitioners have keeping up, especially in environments that have multiple generations of technology. If I had one piece of advice for security practitioners, it’s that you need to stay current with new technology as, or before it's being adopted in your firm. Your colleagues can’t and won’t put their deadlines on hold to wait for security to catch up. I can't emphasize that enough. If you take a job as a CISO or security analyst at an AWS shop, you need to be getting AWS knowledge and certifications to demonstrate to your peers that you understand the space. If you take a job at an Azure shop, a GCP shop or a mainframe shop, you need to be gaining knowledge on those platforms and technologies that you're responsible for securing. 

Fundamentally, you can’t do it without your colleagues and teammates, and if you don’t understand mainframe security, the mainframe operator who's been doing it for 30 years isn't going to listen to you. If you're not constantly learning and taking courses from places like Coursera or Pluralsight or somewhere, you'll be stale in two years. The idea is to stay ahead of the curve, which is only possible if you have already caught up and can keep up. And if you aren’t caught up with today, it’s almost impossible to anticipate the attacks of tomorrow. 
CIO / Managing Partner in Manufacturing, 2 - 10 employees
The simplest thing to say is always keep up to date, the threats change or increase daily, you need to understand the risks to your orgnisation and how you need to react to them. 

1. Understand your environment
2. Identify appropriate Threat Intelligence sources to stay informed
3. Stay connected with forums of other professionals to understand threats and approaches
4. Take prompt action when needed
Independent Consultant & Industry/Market Reseacher in Finance (non-banking), 1,001 - 5,000 employees
(1) The cyber security risks are evolving very fast. They are becoming more complex. They are unfortunately very much a reality now. All of us, both individuals & institutions, are susceptible to cyber security risks. Therefore, we must continuously update ourselves on the existing & emerging types of cyber security risks. All of us must duly & continuously prepare ourselves against cyber security risks and build up our cyber security postures, as required, duly monitored/ reviewed and strengthened from time to time. Every organisation has to have its robust cyber security posture based on strong cyber security consciousness. Similarly, every individual must also have one’s robust cyber security posture based on strong cyber security consciousness.
(2) We have to ensure authorised & authenticated access only to our computing resources & networks, irrespective of whether operational on-premises and/or in cloud environment. Policy of Zero Trust based Network Access has to be seriously implemented.
(3) Reportedly, nearly 90% of the cyber security breaches happen based on insider’s support. This aspect has to be very seriously considered. Every change made in the computerised environment has to be a duly authorised one only. The implementation of SOC/SIEM technology to analyse any & every such change is a must, not withstanding the issue of false-positives.
(4) Phishing emails with malicious attachments/ contents, reportedly, account for more than 90% of the security breaches. Therefore, email security has to be duly & seriously considered including duly monitored & reviewed end-point protection infrastructure/arrangement.
(5) We can not wait for cyber security risks to reach us. We have to be proactive and reactive as well. We have to carry on with VA, PT & Application Security exercises, as frequently as practicable. We have to move from DevOps environment to DevSecOps environment. We have to accept security/cyber security as part of core business functions. Application security testing has to be an integral part of SDLC. Open source codes contribute to more than 90% of software code developments. Therefore, the vulnerabilities inherent in the open source codes used have to be identified and removed/remediated.
(6) We have to keep ourselves abreast of the existing cyber security as also emerging risks and continuously take action for prevention, detection, identification, response, containment & remediation of every such risk. We must hold simulated exercises from time to time involving existing & emerging cyber security risks for better preparation & response in the event of an incident.
(7) The employees in an organisation work as the firewalls at every stage of business operations. Therefore, they have to be duly & continuously trained, skilled and made cyber security conscious with due expertise. This will reduce the cyber security problems for every organisation by more than 50%.
(8) Sound Practices, based on due cyber security counter measures, have to be ingrained in our consciousness, both of an institution and an individual, forming part of our daily existence, activities 24x7x365. This is a must for both the real & virtual worlds.
Director of IT in Energy and Utilities, 10,001+ employees
Cybersecurity is evolving so fast that it's very important to get updated on latest threats. For this purposes my recommendation is to read a lot from security sites and forums and subscribe to threat sources.
It is also important to understand the cyber security tools and solutions in the company and their capabilities. With this you will be able to realize what's your current protection and what threats you're not fully covered.
Director of Engineering in Software, 11 - 50 employees
It's really difficult to keep updated on the technological advances happening. So better to have faith in your team who specializes or focuses on one particular domain. Of course, as others have pointed out, you should understand your environment, and keep updated on the new vulnerabilities discovered via Security forums. Understand different tools that can help to analyse your assets and prompt for any vulnerability that exists. Take action on the vulnerabilities discovered or notify the concerned team who can take immediate action. 
CISO in Finance (non-banking), 10,001+ employees
Basics should be in place and defense in depth approach must be followed. Visibility is the key element in protecting your critical assets across the network and impact analysis must be done that how much threats pose risks to assets. Existing security controls must be reviewed and enhanced and one must not forget basic security hygiene with patching of vulnerabilities on time, reviewing access and configurations of firewalls and security tools. Implementation of security controls must be done based on risk assessment results. Robust security incident response must be there to tackle the incidents and reduce the impact to minimal. They must simulate the real incidents in test environment and accordingly verify the effectiveness. Regular VAPT for digital assets must be done. Cyber Insurance must be there for organizations. There must be more focus on legacy systems as those are more vulnerable to latest threats. 

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41.8k views131 Upvotes319 Comments