Cybersecurity trends for board members

Cybersecurity as an industry has evolved massively since the early 2000s, and one of the most significant changes in its ubiquity. Erstwhile, the prevailing idea within organisations was to add more hurdles – more layers of complexity into their technology stack. It was argued that cybercriminals would have a more challenging time breaking into complex systems and had numerous barriers to entry. It was predominantly a reactive solution, and these solutions were expensive and relied on hiring costly consultants to investigate and fix the flaws that led to a cyber attack. At a personal level, we relied on antivirus software installed on our PCs and laptops to protect us from spyware, viruses, malware etc.

All of this has now been transformed due to Saas (software as a service) companies democratising the access to enterprise-grade Cybersecurity solutions that are more preventive in their approach. We have moved on from more on-premise software to truly cloud-based solutions that use AI and machine learning to stop attacks.

Due to Covid-19, we have witnessed a shift to digital transformation and organisations entirely moving to the cloud. Along with the increase in mobile devices and IoT (the Internet of Things), this secular trend has increased the opportunities for targeted attacks, and Cyberthreats have become a lot more sophisticated; the pandemic has genuinely been an accelerant and has oxygenated various forms of cyberattacks including but not restricted to phishing, malware, ransomware and social engineering.

According to IDC, the cloud computing market is projected to be over a trillion dollars in the next few years; with every part of the organisation moving to the cloud, the risk of cloud breaches has never been higher.

The cloud threats can be divided into four distinct categories:

• Misconfigured cloud storage – All data being generated by organisations are now stored online. Though this is highly scalable, it comes with several challenges; if not configured properly, access to this data could go to someone outside the intended audience, which is a considerable risk.
• Reduced visibility and control – Organisations are now outsourcing all their infrastructure to cloud providers like AWS, Azure and Google Cloud; even though this is highly cost-effective, it also reduces the control they had regarding their on-premise data. Organisations can no longer oversee their infrastructure and data.
• Incomplete data deletion – When switching between cloud providers, organisations run a massive risk of “data migration” going wrong. Data may or may not be deleted entirely, removed and disposed of securely when switching to another cloud vendor’s platform and incomplete data deletion is a considerable risk.
• Vulnerable cloud apps – All cloud apps are trying to scale as fast as possible, but unfortunately, their security does not scale at the same pace. Cloud providers are now trying to put safety at the centre of everything they are building.

In the past, threat detection was done using Indicators of Compromise, commonly known as IOCs, which is the evidence that indicates that the security of the network has been breached. This is a reactive approach.

Now companies are using Indicators of Attack, commonly known as IOAs, to focus on the intent of what the attacker is trying to accomplish. This is a proactive approach based on AI (artificial intelligence) and ML (machine learning).

To give an example, imagine if you were a police officer trying to catch a suspect. You have been told that the suspect is wearing a blue shirt. What happens if the suspect is wearing a different coloured shirt? The result? The suspect gets past you because you were relying on indicators that reflected an outdated profile (IOCs).

However, if you had used the IOAs approach, you would be looking at the characteristics of a suspected person trying to escape the cops. Possible characteristics would be a person behaving suspiciously, having their eyes on the surveillance cameras, and fidgeting constantly; maybe there’s even face recognition software involved. This system would be better at identifying a suspect and increase the odds of you being successful.

Unlike the Antivirus of the past, cloud cybersecurity providers now use a graph database called Threat Graph. As more data and events are fed into the network, there is more data to train their AI models, making the entire protection smarter, creating a powerful network effect.

This means that if Organisation A suffers from a potential breach, this data is fed immediately into the Threat Graph. It will be automatically shared across the rest of the Organisations in real-time.

Extended detection and response or XDR is a novel approach to detecting threats and responding in a way that provides holistic protection against cyberattacks, unlicensed access and misuse. It collects and automatically correlates data across multiple security layers – emails, individual devices, servers, cloud workload, and networks. It provides an analysis of both internal and external traffic. This method helps security teams to respond at a much faster pace than traditional methods. Since XDR will be deployed as a platform, it is easier to maintain and manage and reduces the number of interfaces that security must access during a response.

Zero Trust is a modern security framework requiring all users, whether inside or outside the organisation’s network, to be continuously authorised, authenticated, and validated for security configuration before being granted or keeping access to applications and data. It addresses the modern challenges of the post-pandemic business world, including securing a remote workforce, hybrid cloud environments, and ransomware threats.

What this means is:

• Do not grant access for the whole duration of the session just because a user has submitted the correct username and password.
• Do not grant access for the whole duration of the session just because a user has connected from inside the corporate network.
• Do not grant access for the whole duration of the session just because a user has connected using a corporate-managed device.

By implementing Zero trust, architecture organisations ensure that all access requests are continuously and constantly vetted before allowing access.

• Is your organisation thinking about these latest trends in cybersecurity?
• Is your board asking the right questions to the management team with regards to cybersecurity?
• Do you have systems and processes in place to treat breaches?
• Is cybersecurity on top of your risk register?