Amid sweeping changes, cyber defenders face increasing visibility – and pressure


The past two years have seen a myriad of changes for cybersecurity professionals as the pandemic, ransomware tsunami, and increased political and regulatory scrutiny have created growing expectations as their role has become an integral part of the lifeblood of organizations.

In a session next week Sector 2022 At the Toronto conference, Tony Anscombe, Chief Security Evangelist at ESET, will address this latest phase of disruption and role evolution and what cyberteams can expect in the future. The bottom line? You should be prepared for pressure, pressure and more pressure.

2020-2022: Cybersecurity becomes more important, pressure increases

During his October 5 panel entitled “Two years of accelerated cyber security and the requirements for cyber defenders‘, Anscombe will discuss how the importance of implementing a good cybersecurity team and platforms really became a conversation when the COVID-19 pandemic lockdown sent everyone home – and more importantly, how this marked the start of a two-year development of cyber defense marked take a central role in business talks.

“The use of cloud technologies and Remote Desktop Protocol (RDP) have been hallmarks of 2020, the year of digital transformation,” he tells Dark Reading. “But it was also a year of cybersecurity transformation as these teams began moving from a back office role to a front office; they became business enablers, not business obstacles. The companies said, ‘Okay, everyone’s gone home — what’s next?’ And realistically, it was the security team that enabled remote working, online ordering for the sandwich shops, taking remote payments, and other basic needs.

Thus, in 2020, cybersecurity teams became much more visible in the daily life of companies; but that was just the beginning of a steady rise, Anscombe explains, as ransomware attacks began to accelerate and ransoms began to grow.

He explains that this period marks a tipping point where it became commonplace for ransomware-as-a-service (RaaS) gangs to hunt down millions of dollars in a single hit, say $4.4 million for colonial pipeline; $40 million for CNA Financial; and $70 million for Kaseya, just to name a few. As a result, ransomware has become a major existential crisis for businesses and ransomware gangs a near-ubiquitous threat.

“We saw a whole evolution of monetization in that particular year that attracted cybercriminals and made it a business imperative to deal with, and then it became a frontline political issue after the Colonial Pipeline attack,” says anscombe “So you saw the government step up and say, ‘Hey, we need to do something about cybercrime, we have voters lined up outside gas stations.'”

This year the political aspects of cybercrime have only been exacerbated by the conflict in Ukraine, he says: “You see all the authorities around the world saying we have to protect critical infrastructure from nation-state attacks etc., so that’s it increasingly out of the game.”

Defending is now easier said than done as ransomware actors become more sophisticated.

“Right now, I think as a cybersecurity defender … you have these ransomware attacks that were once attachments to emails that are now Advanced Persistent Threat (APT) style attacks that exploit long-term vulnerabilities in systems and their Set markers in networks and come back to them later,” says Anscombe.

Regulatory and Reporting Obligations Raise the Stakes

Where cyber teams sit in the corporate hierarchy, they have also been impacted by additional regulations and cyber incident reporting requirements, creating the need for cross-discipline risk discussion with legal and compliance departments, Anscombe notes. This creates tremendous pressure on cyber teams as the sheer number of requirements grows and creates thorny complexities.

“Imagine you are a publicly traded company in the insurance or finance industry and you do international business, then you need to comply with data protection regulations California Consumer Privacy Act and GDPR, you must comply with the FDIC’s cyber incident reporting requirements,” he explains. “The SEC has proposed others. And if you’re a water utility, you may need to comply with critical infrastructure reporting. It’s going to be very bureaucratic and has to be harmonized somehow.”

He adds: “Most importantly, the role of the cyber defense attorney will change significantly again, as you will likely need to have a paralegal at the end of the desk during incident response. And one of the big , big challenges for many companies will be compliance with their cyber risk insurance policy, which affects the finance department. It’s kind of a backstop, you’re going to have to resort to those policies. And the policies are getting stricter.”

In the meantime, all of these increased and new stresses faced by security teams are exacerbating some of the existing challenges, such as: issue of labor shortages – which Anscombe believes will bring even more change for cyber defense teams.

“I think all of these changes are only adding to the problem of resource sourcing for cybersecurity and making it even more difficult for organizations to find the right staff,” says Anscombe. “Does that mean that companies will then close Managed Service Providers (MSP’s)? Does that mean they’re starting to attract more resources from partners? Does that mean more of it is being outsourced? I think maybe that’s what to watch for the cyber segment in 2023.”

Source link
#sweeping #cyber #defenders #face #increasing #visibility #pressure


Please enter your comment!
Please enter your name here