By Phil Lewis, CEO, Titania
Cyberattack vectors change as often as the weather. Finding new ways to infiltrate systems allows criminals to thrive and cybersecurity teams to stay on their toes. The sheer number of threats can lead to severe “alert fatigue” and response delays that leave businesses exposed. Determine which threats constitute a real danger cyber risk to the enterprise, depending on where the attack surface is at any given time, quickly becomes the only way forward.
Of course, today it’s more critical than ever for businesses to be able to proactively block real attacks before they happen. Not only does preventing cyberattacks protect your business from losses (recent publication from IBM Cost of a data breach report calculated that the global average cost of a data breach in 2023 was $4.45 million), but it can also produce better business results. Accenture reports that some organizations are using cybersecurity as a differentiator to help them undertake effective digital transformations.
That’s why most organizations have invested significantly in trying to protect their networks from attacks, relying on solutions that automate both threat detection and response. Automation solutions range from searching for known threats with known signatures to anomaly detection – looking for potential indicators of security compromise. zero day threatswhere the signatures have yet to be identified.
There is no one-size-fits-all solution. One of the most essential elements when it comes to threat detection and management is the need for both a reactive and proactive approach to stopping attacks. While improving reactive approaches is often the priority for organizations, this should not come at the expense of proactive security.
What are cyber risk teams missing that they should consider for more comprehensive threat detection?
Even with effective response automation in place, knowing where to focus remediation efforts first, by viewing your attack surface through the lens of attackers, is a revolutionary way to reduce your attack surface and gain more time to discover and respond effectively to an attack. . Attackers target different sectors with different objectives, using different attack techniques and tactics. SO cyber Attack surface risks should be managed based on reliable, industry-specific attack vectors and threat analysis.
This can be achieved using industry-specific attack advice from trusted organizations such as DHS CISA, FBI, MITER in the US and NCSC in the UK, as well as security intelligence providers. threats to confidence. These organizations provide valuable information on the latest threats and attack techniques, which can help organizations stay ahead of emerging threats.
To complete this approach, vulnerability Leadership teams must apply the same attacker perspective to attack surface risk management. Prioritizing the remediation of vulnerabilities known to be used in industry-specific attack vectors allows teams to reduce the risk of an effective attack through better incident prevention.
Continuous vulnerability management solutions support the proactive approach, providing a view of the entire attack surface and improving incident prevention, investigation and response. This approach helps organizations identify and fix vulnerabilities before attackers exploit them.
Another often-overlooked detection strategy is historical attack surface posture analysis. This analysis is critical to incident investigation because it effectively informs the scope of incident response and focuses on position at the time of the first indicator of compromise rather than when the threat was first detected.
By analyzing the attack surface situation at the time of the first indicator of compromise, organizations can better understand the potential scope of the attack and focus their response efforts accordingly.
While these measures can help organizations improve their threat detection capabilities, it is important to keep in mind that the longer a threat remains undetected, the more it can move across the network to achieve its attack objective. It is therefore essential to have a comprehensive incident management plan that includes proactive incident prevention as well as reactive incident response.
Preventing incidents is better than reacting to incidents
Undervalued in recent years in favor of threat management automation solutions, cyber risk teams are now discovering that effective attack surface management and incident prevention are as important, if not more, than incident detection and response.
Incident prevention, by ensuring effective network segmentation, not only limits the threat’s ability to move laterally, but it also gives threat hunters more time and better analytics to track and respond to the threat before it occurs. does not cause significant damage to the company, its operations and its activities. his reputation.
The numbers also stack up; Simply put, an ounce of incident prevention is worth a pound of incident response. Together they are invaluable.
By using both proactive vulnerability management and reactive threat management measures, informed by industry-specific attack guidance and current and historical analysis of attack surface posture, organizations can improve their incident detection and management capabilities and accelerate the discovery and stopping of cyberattacks.
About the Author: Phil has a proven track record of strategic risk management, starting with Deloitte and moving on to market leaders in telecommunications, law enforcement and Cyber security before leading Titania’s global expansion, as a specialist in accurate and automated network configuration assessments.
He is passionate about enabling organizations to ensure network security through compliance automation by helping them prioritize resolving the most critical risks to their business.
Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is that of his or her opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.