You are currently viewing CISOs focus on these 3 trends, right?

CISOs focus on these 3 trends, right?

Security managers face increasing pressures in today’s rapidly changing cyber landscape. The rise of remote work means many organizations are managing a complex web of in-person, online, and hybrid work scenarios while juggling migration to the cloud to support their diverse workforce. There is also the increase in the volume of cyberattacks to be combated; between July 2020 and June 2021, there was a 1,070% increase in ransomware attacks alone.[1]

For chief information security officers (CISOs), this has created a variety of new challenges to overcome. Based on our conversations with security leaders, Microsoft has identified the top three priority areas that CISOs are prioritizing today so you can understand the steps your organization needs to take to guard against cybersecurity threats. In progress.

  1. Rapidly evolving threat landscape and attack vectors

Organizations’ attack surfaces are growing alongside the rise of the remote and hybrid workforce, spanning multiple clouds and platforms. However, the new technologies needed to boost remote collaboration and productivity have also opened up new vulnerabilities that cybercriminals can exploit. Fifty-five percent of security leaders have detected an increase in phishing attacks since the start of the pandemic, and 88% say phishing attacks have affected their organization.[2]

As the news headlines are dominated by increasingly aggressive nation-state attacks and new incidents like the attack on the NOBELIUM supply chain, even advanced threat actors tend to focus on low-cost, high-value opportunity attacks. Take the rise in password spray attacks, for example. Although large-scale attacks like the ones described above are not common, it is still important for security teams to be prepared in the event of a breach.

A healthy cybersecurity posture often comes down to a careful balance between managing risk and strengthening cyber hygiene practices. Microsoft estimates that basic security hygiene can protect against 98% of attacks.

The fundamental steps to securing your business today in the face of evolving threats are:

  • Implement multi-factor authentication (MFA) and a registration policy
  • Gain visibility into your environment
  • Focus on user training
  • Stay on top of patches and vulnerability management
  • Manage and protect all devices
  • Secure on-premises and cloud resource and workload configurations
  • Provide backup for worst-case recovery scenarios
  1. Rise in increasingly complex supply chain risks

The global supply chain is also a major concern for CISOs, as many have been forced to extend their security perimeter outside of the security and IT organization. This concentration makes sense given the 650% increase in supply chain attacks from 2020 to 2021.[3]

As security managers continue to outsource applications, infrastructure, and human capital, they are also looking for more effective frameworks and tools to assess and mitigate their vendor risk. Traditional verification methods can help reduce risk when choosing a new supplier, but they are not foolproof. Security teams also need a way to enforce compliance and mitigate risk in real time, not just during the screening process or a one-time review cycle.

Zero Trust is an effective method to reduce the impact of major supply chain attacks and improve the overall efficiency of supply chain operations. Many security managers rely on Zero Trust principles to protect their supply chains and strengthen their foundation of cyber hygiene. First, they start by checking explicitly. It’s just about looking at all relevant aspects of access requests instead of assuming trust based on weak assurances like network location. For example, attackers typically weaken the supply chain by exploiting gaps in explicit verification. They can target a highly privileged vendor account that is not MFA-protected or inject malicious code into a trusted application. With Zero Trust, security teams can strengthen their verification methods and extend security policy requirements to third-party users.

The next principle of Zero Trust is to use the least privileged access. This helps ensure that permissions are only granted to achieve specific business goals from the appropriate environment and on the appropriate devices. It also helps limit the amount of compromised resources, be it a user, endpoint, application, or network, that can access others in the environment. . It is critical that cybersecurity teams continuously assess all access requests or policies within their organization’s supply chain to minimize contact with critical systems and resources.

Finally, security officials must take responsibility for the breach. Rather than reducing the likelihood of an attack, assuming a breach means organizations can quickly detect and respond to threats by building processes and systems as if the breach had already happened. They can use redundant security mechanisms; collect system telemetry; use it to detect anomalies; and connect that insight to automation to prevent, respond, and remediate in near real time.

  1. Creative organizational security despite talent shortage

Finally, CISOs focus on finding and retaining top talent due to labor shortages in the industry. This is partly due to the “Big Resignation” which has left many teams (including security) understaffed. In fact, according to Cybersecurity Ventures, the number of unfilled cybersecurity jobs has increased by 350%, from one million positions in 2013 to 3.5 million in 2021.[4] However, there is also a drive to make security everyone’s job, regardless of their position in the organization or their level of knowledge of cybersecurity best practices. By adopting this mindset, security leaders have been able to take a more innovative approach to keeping their organizations safe amidst talent and skills shortages.

To begin with, development teams, system administrators, and even end users should be familiar with the security policies that affect them. Similarly, some CISOs said they “supplement” employees outside of the security team by building and improving end-user knowledge of security threats. Employees and end users need to know how to recognize common phishing techniques and signs of more subtle cyberattacks. IT teams also need to be kept up-to-date and informed about current security policies. Focusing on automation and other proactive workflow and task management strategies is another easy way for CISOs to maximize their impact.

These three trends are just the tip of the iceberg when it comes to determining where CISOs prioritize responsibilities; however, they paint a solid picture of the top concerns that concern them in today’s modern threat landscape. This is a great opportunity for organizations to reset and review their priorities to determine if they are adequately protected.

For more information on the latest cybersecurity trends, download the full CISO Insider report and explore our comprehensive library of security resources.


[2] Source: 2021 Microsoft CISO Research Study



Copyright © 2022 IDG Communications, Inc.

Leave a Reply