WME Security Briefing 06 January 2025
Windows Management Experts, Inc. (WME)
Helping the B2B mid-market and enterprise technology sector scale with Microsoft Project, IT staffing & Managed Services
Evolving Strategies for Managing Expanding Attack Surfaces
Overview
As remote work gained incredible traction and an already-existing digital transformation accelerated, the domain of attack surface management, as previously?understood, has changed profoundly. Modern?infrastructures are normally spread over multiple endpoints, cloud services and third-party applications, which makes it difficult to get a sense of what is going on and ensure compliance. WME’s chief, Matt Tinney, addresses the challenges that?Chief Information Security Officers (CISOs)?struggle with when it comes to securing the ever-evolving attack surfaces of their companies.
Impact
The attack surface has expanded as we shift to a cloud-heavy decentralization, combined with the move to mobile devices, resulting in a huge transition from a perimeter-centric security?approach. In this new?era, with employees working from anywhere around the world at any time of the day, protecting data becomes a challenge. Out-of-sync, buggy asset inventories have an incomplete posture of the attack surface, which?can easily put organizations at risk from subdomain takeovers or server misconfigurations. Of course, CISOs are expected to strike a balance between all the new types of attacks they must be protected from and limited resources with growing demands on the business and regulatory pressures.
Recommendation
To create an?accurate picture of your security landscape and to ensure constant coverage of the attack surface, CISOs will need to include real-time monitoring platforms in this comprehensive exercise so as to include automated response capabilities. This will enable them to quickly recognize risks and take on high-priority in-house threats. Tools that continuously scan your assets and maintain automated inventories ensure that you have a fully up-to-date picture of all your assets. Additionally, a cloud-native technique?to feed those findings back into workflows assists in automating the detection and response processes, resulting in faster and less manual work. In this manner, your teams will be able to spend time?remediating actual risks, mitigating false positives.
How NIS2 Will Reshape Cybersecurity Across Sectors
Overview
The NIS2 Directive is set to bring sweeping changes to cybersecurity practices in several sectors. Basically, they are pushing themselves beyond the confines of purely IT security. The regulation will now impact nearly all sectors critical to societal and economic stability. NIS2 establishes new national governance obligations regarding compliance?and oversight in these sectors, and raises cybersecurity to a top-line focus of organizational leadership.
Impact
NIS2 expands cybersecurity compliance to more than 110,000 entities across the EU, a substantial increase from the NIS1 Directive. Particularly, all these sectors will face strict deadlines for incident reporting?and will need to implement cybersecurity. This encompasses things like cybersecurity?training for executives, risk insight sharing with leadership teams, and compliance planning. Registration with and compliance with cyber authorities will also?improve overall accountability for organizations.
Additionally, the updated regulations will force crucial infrastructure suppliers i.e. corporations in the power and health sectors, to contend with extra regulatory complexities and examine supply chains. It will also escalate third-party risks and necessitate more technology?investments. Noting the above hurdles, compliance with NIS2 is nevertheless a chance for?organizations to enhance their resilience to the evolving threat of cyberattacks.
Recommendation
Organizations impacted by NIS2 must prioritize the following:
Governance and Risk Management:?Cybersecurity decision-making should not be made in a vacuum. It must be integrated with the business objectives.
Incident Reporting:?Ensure compliance with the strict reporting timelines set by NIS2. Maintain it thorough documentation for cross-functional coordination.
领英推荐
Supply Chain Security:?Implement robust monitoring of third-party vendors to mitigate risks.
How Nation-States Exploit Political Instability to Launch Cyber Operations
Overview
In a period of?political turmoil, we see the emergence of cyberattacks both organically and orchestrated as part of geopolitical strategy. For instance, instability creates opportunities for nation-states and politically motivated groups to exploit such insecurity against the US through weaponized?cyber operations. They are targeting?governments, critical infrastructure, and defense, because these are the high-value targets to cause disruption of key operations and tactical advantage in businesses.
The growing application of cyberspace in warfare is further illustrated by?cyber operations during Russia’s invasion of Ukraine and the ongoing tension between India and Pakistan. One of the key objectives of these conflicts is the collection of intelligence into adversarial activities targeting U.S. and allied?interests. That said, we should be able to disrupt adversary operations and even influence regional dominance.
Impact
In this environment of geopolitical insatiability, cyberattacks will become more common and?deadly. Keep in mind: the internet?has no physical borders. A conflict in one theatre can then?have cyber reverberations around the world. Unlike the normal types of hackers, these groups, usually supported by a nation-state, work in a far more tactical approach that is quite difficult for an ordinary business to deal with. They usually focus on important sectors i.e. energy and water supply, through attacks that intend either to disrupt essential services or to breach the integrity of data necessary for survival.
Supply chains are also at risk. They are?falling prey to cyberattacks aspiring to get intelligence or to create a larger-scale disruption to their operations. The Russian cyber activities during the Ukraine war, China in the South China Sea, and new?US election interference operations by two US adversaries: Iran and Russia, provide evidence for why states believe that hacking is an ideal tool to exploit states’ vulnerabilities.
Recommendation
Organizations need to consider geopolitical risks as part of their threat-mitigating model and should be proactive in adopting relevant defense strategies.
Key actions include: