Darktrace Predicts Changing Role for CISO

Darktrace Predicts Changing Role for CISO

  • By Marcus Fowler
  • Jan 18, 2023

Looking forward, Darktrace is offering its 2023 Predictions, including where we can expect to see changes in MFA where accessibility and usability continue to dominate the discussion; continued Hactivism from non-state actors where ‘know thy enemy, CISOs lean in on more proactive security and crypto-jackers will get more savvy. CISOs will turn to AI-driven methods to understand attack paths.

Attacker Tradecraft Centers on Identity and MFA
At the core of the vast majority of cyber incidents is the theft and abuse of legitimate credentials, including the recent Uber attack. In this case, Uber experienced a Multi-factor Authentication attack, and we saw that MFA can be defeated, and with Okta, that the MFA companies themselves become targets - potentially as a mechanism to reduce its effectiveness in other customer environments.

Once considered a ‘silver bullet' in the fight against credential stuffing, it has not taken attackers long to find and exploit weaknesses in MFA and they will continue to do so in 2023. MFA will remain critical to basic cyber hygiene, but it will cease to be seen as a stand-alone ‘set and forget' solution. Questions around accessibility and usability continue to dominate the MFA discussion and only to be amplified by increases in cloud and SaaS along with the dissolution of traditional on-prem networks.

Today and in the future, MFA should be viewed as one component of a wider zero-trust architecture, one where behavior-based analytics are central to understanding employee behavior and authenticating the actions taken using certain credentials.

Continued ‘hacktivism' from Non-state Actors Complicates Cyber Attribution and Security Strategies
The so-called ‘vigilante' approach to cyber geopolitics is on the rise. Recent attacks launched by groups such as Killnet, though limited in their operational impact, have not failed in their aim to dominate global headlines in light of the Russo-Ukraine conflict, mounting concerns that these citizen-led operations could become more destructive or that states could use these groups as a deniable proxy.

Yet claims that ‘Russia' launched these attacks can be misleading and add fuel to an already complicated political fire. Cyber attribution and deciphering the extent of state-level tasking is difficult, with blurred lines between state-aligned, state-involved and state-directed increasing the risk of escalation, collateral and misattribution.

In 2023, ‘knowing thy enemy' in cyber will be more complicated than ever before - but it is critical that organizations remain aware of the realities of cyber risk and cease to focus on the ‘boogie man' of the internet that features in sensationalist reporting. Persistent, widely available, lower-sophistication malware and run-of-the-mill phishing campaigns statistically remain a greater global risk to corporations than the newest, most devious exploit kit or ransomware typically associated with APT groups. As it gets harder to name the enemy, we should see organizations moving away from the headlines and towards ensuring operational stability based on a bespoke understanding of their unique risk profile.

Crypto-jacking Neglect Gets Dangerous
The hijacking of computer resources to mine cryptocurrencies is one of the fastest growing types of cyber-threats globally. These attacks are often overlooked as unthreatening ‘background noise', but the reality is that any crypto-mining infection can turn into ransomware, data exfiltration or even an entry point for a human-driven attack at the snap of a finger.

To achieve the scale of deployment that crypto-jackers are looking for, illegitimate network access may use something relatively low-cost - a pervasive software vulnerability or default, weak or otherwise compromised credentials. Straying from the basics may well allow a ransomware actor from following the same path.

In 2023, crypto-jackers will get more perceptive and we might start to see the detrimental effects of what is inevitable or negligible. Security leaders need to ask themselves: "How did this person get in?" How was this person able to shore up the easiest points of entry into the organization? Companies should not live with rogue software and hackers siphoning off their resources - particularly as rising energy prices will mean a greater financial loss is incurred because of illicit crypto mining.

Ransomware Rushes to the Cloud
Ransomware attacks are ever evolving, and as cloud adoption and reliance continue to surge, attackers will continue to follow the data. In 2023, we are likely to see an increase in cloud-enabled data exfiltration in ransomware scenarios in lieu of encryption.

Third-party supply chains offer those with criminal intent with more places to hide and targeting cloud providers instead of a single organization gives attackers more bang for their buck. Attackers may even get creative by threatening third-party cloud providers - a tactic which already impacted the education sector in early October when the Vice Society ransomware gang blackmailed Los Angeles Unified School District (LAUSD), the second largest school district in the United States, and published highly sensitive information, including bank details and psychological health reports of students on the darknet.

Recession requires CISOs to get Serious with the Board about Proactive Security
Cyber security is a boardroom issue, but with growing economic uncertainty, organizations are forced to make tough decisions as they plan 2023 budgets. Rising cyber-insurance premiums are one thing, but as more underwriters introduce exclusions for cyber-attacks attributed to nation-states, organizations will struggle to see the value in such high premiums. Both insurance and compliance have long been seen as ways of ticking the ‘protection' checkbox without achieving true operational assurance, and we need look no further than Colonial Pipeline to see that insurance cannot compensate for long-term business disruption and reputational damage.

In 2023, CISOs will move beyond just insurance and checkbox compliance to opt for more proactive cyber security measures in order to maximize ROI in the face of budget cuts, shifting investment into tools and capabilities that continuously improve their cyber resilience. With human-driven means of ethical hacking, pen-testing and red teaming remaining scarce and expensive as a resource, CISOs will turn to AI-driven methods to proactively understand attack paths, augment red team efforts, harden environments and reduce attack surface vulnerability. Maturity models and end-to-end solutions will also be critical, as well as frank communication between CISOs and the board about the efficacy of continuously testing defenses in the background.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.