Successful CISOs
are those investing
in surveillance and
reconnaissance tools
that can show how
their digital attack
surface appears to
attackers.
The mobile movement
A prime example of the need for this
approach are the mobile applications
the organisation develops for customer
use, as they by default sit outside the
perimeter in one or more app stores.
Many people aren’t aware of the
exponential growth of the mobile
ecosystem, both in terms of number of
apps and the number of app stores.
While Google Play and Apple iTunes
capture a significant segment of the
market, there are hundreds of other
app stores out there competing to drive
traffic and increase their market share.
Official apps and apps leveraging the
brand are widely copied and distributed
across the mobile ecosystem.
As a result, the number of mobile apps an
organisation owns or that leverages their
brand is far higher than they suspect.
For larger organisations, the proportion
of apps in unofficial stores versus official
www.intelligentciso.com
|
Issue 09
stores can be more than 90%. Mobile
app proliferation has a direct impact on
consumers, as there is a risk of using an
unsupported application or worst case, a
malicious one.
Finding the unknown
Most organisations lack a full view of
their Internet-exposed assets. Today’s
CISOs must operate on the assumption
that their organisation has a far bigger
digital footprint than they realise. It is
common to have 30% more publicly
exposed digital assets than are visible
to corporate IT and security teams.
Many of these ‘missing’ assets are
the result of shadow IT; development
activity performed by third parties – i.e.
marketing funded web sites, or sites,
apps and social media accounts created
by line of business teams.
Agile development, in all its forms,
helps the business to keep pace
with customer expectations but if the
assets delivered are unknown to the
corporate IT and security teams, it
is unlikely that the proper security
controls and governance are in place
and, as a result, these unknown
or forgotten assets have a higher
likelihood of being compromised. They
must be actively managed to reduce
the low-hanging fruit available for
cybercriminals to exploit.
An ever-evolving role
The traditional security strategy for the
previous generation of CISOs has been
a defence in-depth approach starting
at the perimeter and layering back to
the assets to be protected. As outlined
earlier, there are clearly disconnects
between that kind of strategy and the
threat landscape in which companies
need to protect themselves today.
In a world of digital channels, users –
customers and prospects – sit outside
the perimeter, an increasing number of
corporate digital assets sit outside the
perimeter on third party hosting services
or are exposed on the Internet and
the majority of the malicious actors sit
outside the perimeter.
As such, CISOs need security
strategies that encompass this
change while continuing to defend
the corporate network and all that sits
inside it. The good news for CISOs
is that there is now much more data
available, which can provide needed
Internet visibility to complement existing
security tools and processes.
Experienced CISOs need to be trusted
to invest in security strategies that
encompass this change by leveraging
the vast amounts of data that is at their
disposal and by better aligning their
external threat programme with other IT
security and operations teams.
By understanding their exposures,
expediting enterprise-wide threat
investigations and monitoring their
Internet attack surface, CISOs can
proactively address external threats and
reduce their online risks. u
65