By Michael Kiefer, General Manager, BrandProtect
Anyone working in cybersecurity today can’t help but feel that their organization is constantly under siege from an ever-growing army of attackers, foreign and domestic. As organizations expand their digital footprints and become recognized and trusted across social media, mobile and other online outlets, they become more attractive targets for cybercriminals. Cyber risks are exploding, and the stakes are high. Organizations could lose everything, from highly valuable intellectual property to their hard-won reputations.
What has this meant for CISOs and the IT departments directly responsible for security? Cyberattacks have spread like an epidemic over the last two years, beginning with the eye-opening 2013 holiday attack against Target, and sweeping up some of the most prominent brands in the world – and one out of every two companies – along the way.
As CISOs look ahead to 2016, they’re reassessing which strategies and tools have kept them safe, which ones haven’t and which threats may loom on the horizon. Here are four cybersecurity predictions for 2016:
Prediction #1: Security Beyond the Perimeter Will Become a Priority for CISOs
CISOs have spent much of the last several years fortifying their cybersecurity perimeter with a whole suite of sophisticated new defenses – next-gen firewalls, sandboxes, network monitoring platforms, SIEM tools and more. Unfortunately, these additional defense layers provide no protection from threats that never touch the perimeter in the first place.
From simple phishing attacks and counterfeit schemes, to elaborate job posting scams or even employee or executive masquerades, cyber criminals opportunistically try to monetize a company’s good name. And since these attacks all occur completely outside the traditional security perimeter, they are invisible to security teams that have focused their efforts inside the firewall. Sometimes the attack is a simple cash grab, like an auction fraud. Other times, the external attack is a reconnaissance mission where criminals look for individuals they can compromise, for example, by gaining access to an address book that can be mined for more valuable contacts in a social engineering scheme.
As external attacks become more common, it is no longer possible for CISOs to ignore them. Particularly at firms with very high-value assets, such as financial institutions, insurance companies, retailers, luxury goods manufacturers, entertainment firms, etc., CISOs are building external monitoring teams and practices. These CISOs recognize that the front lines of cyber defense have shifted. The battle is being initiated far outside the perimeter, by cyber criminals and threat actors who are playing a long game.
Only by taking their defenses beyond their perimeter, in some cases, all the way to the dark web, will CISOs manage to stay one step ahead of the bad guys. Large enterprises are building teams and/or working with deeply experienced external services providers for proactive external threat monitoring, actionable intelligence, incident correlation, and timely mitigation.
External threat monitoring is no longer a luxury for security teams. It is a requirement of the new reality. Additionally, they are recognizing that by monitoring the web, they are assured that their controls are working and that their data inside the firewall does not make its way outside of it.
Prediction #2: CISOs will partner with CMOs
The CISO job has historically been to protect the network: Intellectual property (IP), personally identifiable information (PII) and operational resiliency. It is also the security team’s responsibility to keep employees safe. But who owns keeping the customers, the folks outside the firewall that create revenue and profits, safe?
Marketing is in charge of the customer experience, of course, and new marketing roles, like social and mobile marketing, have become standard in the past few years. In some organizations, new governance functions have even emerged – the Digital Governance Officer and Reputation Officer. These marketers and governance officers focus almost exclusively on activities that take place outside the firewall, but they are not generally thinking about security matters when they create external campaigns.
In 2016, CISOs will increasingly take advantage of the opportunity to partner with marketing to keep customers and prospect safe. By adding their security perspective to the way marketing teams design their external social and mobile experience, CISOs can help marketing ensure that customers have a safe and pure online – social and mobile – experience with the company. By acting proactively, the security team can ensure that the branded mobile application on the download site is the one marketing wants the customer to download, and not some lookalike app criminals have created to trick customers into revealing their browser history, phone book, login credentials and passwords, and much, much, worse.
As partners, the CISO and CMO can work together on outside-the-firewall initiatives to attract new customers and grow customer relationships, while keeping them safe from external attackers. They will create what we call a “One Click” experience – when the customer clicks on branded content online, it is authorized, safe content.
Prediction #3: Cyber Security Initiatives Will Become Strategic Corporate Initiatives
As cyberattacks (activists and hacktivists) make more frequent headlines, and corporate cyber risk profiles explode, CISOs are finding that executive teams are taking personal interest in cyber security readiness and response procedures. The spotlight is squarely on the CISO to take on a leadership role in organizational readiness and awareness.
In preparation for the worst-case scenario of an attack, a CISO must have an institutionalized response plan in place. The first step in this process is to form a dedicated incident response team that spans multiple departments, including IT, marketing, risk management, compliance, and legal. It is essential to take a multi-departmental approach, because cyber incidents can impact every department in the company. By organizing this team quickly and holding regular communication and status meetings to discuss potential threats and responses, CISOs not only better prepare the company for the inevitable major incident, but they build important cross-departmental relationships while they assume a prominent leadership role as a subject matter expert and change agent within the organization.
A second critical component of a CISO’s internal implementation strategy should be internal cyber awareness education. The most successful security practices begin with strong, regular internal programs that stress cyber threat awareness and vigilance. CISOs will work more often with HR to build cyber threat training into regular employee onboarding. Ideally, those programs would be augmented
with quarterly – or even monthly – internal cyber threat seminars or newsletters to reminder employees of the potential risks and threats on the internet.
Prediction #4: Threat Intelligence Collaboration Across Organizations Will Increase
As cybercriminals become increasingly sophisticated, attacks against one institution or enterprise are sometimes harbingers of attacks against other institutions or enterprises. Large scale phishing attacks, for example, often rotate from institution to institution.
Although each responding institution has their hands full trying to respond to the increasing volume of attacks, a growing trend in the market is the collaboration between the companies and institutions that are facing similar cyber threats and threat actors. To facilitate and drive this valuable collaboration, threat intelligence sharing organizations such as ISACs and ISAOs are rapidly attracting members and partners, and standards for threat sharing data, such as STIX/TAXII and Cybox, are also gaining momentum.
Information sharing as a deterrent to cybercrime is sure to remain in the news over the next year, particularly if the Cybersecurity Information Sharing Act (CISA) becomes law. CISA would permit organizations to share threat data with the Department of Homeland Security so that government agencies may, in turn, use that information to protect the organizations and others like it that face similar threats.
Organizations will need to determine for themselves whether they choose to share threat data with the government and their peers, but they may find that doing so will provide them with actionable intelligence on these threats. If they opt out, this intelligence will need to come from somewhere – threats are too prominent and prevalent to overlook.
Gain a Cyber Threat Advantage in 2016
In the face of the current wave of cyberattacks, CISOs are fighting valiantly and winning battles. But in 2016, to continue to be successful, CISOs will need to up their game. By extending threat monitoring beyond the perimeter, building a stronger internal culture around cyber threat awareness and response, and collaborating with others fighting the same enemies, CISOs and security operations teams will stay ahead of their adversaries.
About the Author: Michael Kiefer, general manager of BrandProtect, is a recognized network and security expert and risk visionary. Michael brings more than 25 years of network, telephony, internet risk and predictive analytics experience to his role at BrandProtect.
Widget not in any sidebars
- Five Questions You Need To Ask Yourself When Evaluating SIEM Solutions - November 8, 2017
- Winning the Data Breach War with User and Entity Behavioral Analytics - November 3, 2017
- 5 Alternatives to The Gartner Magic Quadrant for SIEM - October 31, 2017