editor ’ s question
?
he pandemic has
T triggered many new cybersecurity challenges that have propelled the role of the CISO to one of extreme importance . Security leaders are under even more pressure to protect the business with security now elevated as a boardroom-level conversation .
In terms of setting expectations , CISOs should make it very clear now that their security teams will not be able to patch every new vulnerability . According to Skybox Research Lab , 2020 was a record-breaking year for new vulnerabilities . Unfortunately , CISOs do not have more resources to deal with this surge .
To accurately prioritise remediation , organisations must be able to quantify their threat landscape as it evolves . Steps to ensure security strategy stands the test of time :
1 . Shift to risk-based prioritisation : A shortage of security talent , rapid cloud migration , regulatory compliance rules and the unrelenting changes to the threat landscape have created a perfect storm . There are too many vulnerabilities for an organisation to ever be totally confident that their network is 100 % patched . It is simply not possible due to the ever-changing threat landscape . To future-proof security strategies , CISOs must establish a framework that enables risk-based prioritisation across the entire enterprise . 2 . Implement network modelling : A network model is a dynamic representation of the entire enterprise infrastructure – across IT , hybrid infrastructure , Operational Technology ( OT ) and security configurations . Network modelling provides accurate insight into new risks and enables advanced attack simulation to explore all attack paths . By
RON DAVIDSON , VP OF R & D AND CTO FOR SKYBOX SECURITY
To futureproof security strategies , CISOs must establish a framework that enables risk-based prioritisation across the entire enterprise .
modelling the entire attack surface , defenders can see all of the exposures that an attacker could infiltrate to determine the best course of action to stop breaches .
3 . Adopt a Zero Trust approach : Traditional network perimeters have vanished . Many organisations are adopting Zero Trust frameworks to verify any connections to their network before granting access to combat this issue . Developing true ‘ no trust ’ zones is dependent on an understanding of the entire enterprise infrastructure – including all configurations across the environment as a whole . As the enterprise environment evolves , so too must security strategies .
28 www . intelligentciso . com