March 20, 2023
What CISOs Need to Work On in 2023
Addressing these priorities will help organizations protect data from evolving threats in a dynamic environment.
In just a few short years, the world of security has changed dramatically. CISOs are now tasked with protecting not only traditional networks and data but also cloud-based systems and applications. They must also contend with an ever-growing number of risks, ranging from sophisticated cyberattacks to insider threats. Given all of these challenges, it's no wonder that security consistently ranks as one of the top concerns for companies. But what exactly should CISOs focus on this year? Here are four key priorities:
- Doing more with security data
- Preventing, limiting and recovering from data breaches
- Addressing insider threats
- Managing risk in a dynamic environment
Read on to find out more about each of these areas and why they're so important for CISOs.
Doing More with Security Data, Including the Use of Machine Learning and UEBA
The future of cybersecurity is here. Organizations are eagerly partnering with data scientists to extract greater intelligence from security data, using machine learning as well as user and entity behavior analytics (UEBA). Security professionals around the world are looking to these innovative technologies to get an edge on potential security threats.
Having too much data can be just as dangerous as having too little. Alert fatigue increasingly plagues security professionals today thanks to an overload of alerts from different applications and systems. Trying to identify which alert to focus on amid a flood of constant notifications can quickly overwhelm any team. The answer lies in finding which alert will actually lead to the source of security issues, and making sure that alert stands out among the others so it doesn't get lost in the constant noise. This requires data scientists who understand not only data and security but also how the organization’s business functions.
Preventing, Limiting and Recovering from Data Breaches
As data security becomes a top consideration for organizations’ security plans, data breach prevention, limiting data loss and response to data breaches are tasks everyone should prepare for. Just because hackers have the upper hand doesn't mean IT teams shouldn’t take the initiative to prevent data breaches with updated technology such as endpoint detection and response as well as newer approaches like zero trust. Additionally, setting up least-privilege access controls and properly classifying data are essential components of data security that can reduce the chance of a successful attack. Though data breaches may be inevitable this year, they don't have to be overwhelming or costly if the right steps are taken from the start.
Cybercriminals have increasingly turned their sights on cloud backups. To address this trend, organizations must be more diligent in safeguarding their backups from malicious intrusion. Organizations should investigate truly immutable backup solutions which lock any data written to them, making the backup impervious to cyberattacks. Additionally, organizations should consider having an air-gapped or isolated backup system that is not connected to their main network. This makes the backed-up data inaccessible even if hackers breach the main security systems. Hackers targeting backups can cause severe damage, so organizations need to remain vigilant and take immediate action by exploring immutable and air-gapped backup solutions to protect themselves from attack.
Addressing Insider Threats
With the rash of account compromises, insider threats and data breaches of 2022 still fresh in our minds, security teams are more aware than ever that they need to account for malicious actors on their networks. But what does this mean now? The key is zero trust paired with a robust UEBA system to ensure that user-based risks are identified and handled before they can cause serious damage.
When accounts are compromised or insiders go rogue, one major indicator is a change in the behavior of that user account or system. Compromised user accounts and applications connect to multiple systems, they access new and larger amounts of data, and often they use new applications. All of these are obvious if you are looking for a behavioral change.
We are also training systems to look for attackerlike behavior. This includes known methodologies used in attacks as well as behavioral changes that look similar to attacker operations. Looking for these behaviors without looking for specific tools or malware helps us find attackers “living off the land,” using native tools to attack other systems and escalate account privileges. Both types of behavior detection are required to spot skilled cybercriminals.
Managing Risk in a Dynamic Environment
As mobile workforces and dynamic cloud workloads continue to reshape the risk landscape in 2023’s rapidly evolving digital environment, organizations must prioritize the security of their data more than ever. By proactively monitoring and optimizing protection practices, companies can remain one step ahead of cyberthreats while building resilience against disruption. Creating an environment where security travels with the workload helps to maintain constant protection. This means making sure that security stays the same whether users and workstations are located at an office or a ski lodge. For server and ephemeral workloads, security needs to be embedded in the build, scripts and configuration so that whether they are running in an on-premises data center or jumping between cloud environments, those workloads are always secure.
Security won't be the same going forward, but that's a good thing. With these four priorities in mind, we can start to build a more dynamic and proactive security posture for the future. CDW has the resources and expertise to help you meet your security goals, whether it's with advisory services or a full white-glove implementation. Contact us today to get started. Together, we can address security threats throughout the year.
Story by Jeremiah Salzberg