SVP, Strategic Engagements and Threats at Darktrace
The biggest unknown for both nation-states and businesses of all sizes is understanding how best to identify, measure and reduce cyber-risk. An organization’s unique level of — and appetite for — risk should be the driving factor for resource and prioritization decisions, determining the scope of the cybersecurity program needed to ensure the continuity of operations. However, understanding the level of risk can be incredibly difficult, especially when threats can quickly change, as we have seen in recent events, including the global pandemic, geopolitical conflict and new supply chain vulnerabilities.
Organizations might think that understanding attackers and threats should be the priority, but the true level of risk is more directly connected to business operations awareness, resilience and sustainability. Cyber-risk is only understood when organizations put a premium on visibility across their entire digital environment and understanding normal business operations and behaviors.
The conversation around cyber-risk needs to move beyond the likelihood of a breach. Businesses should assess risk with a focus on business resilience to reduce the possibility of disruption or data loss. To minimize risk, organizations can proactively understand attack paths, harden systems and prioritize critical choke points to deny potential attackers. Organizations can also work to reduce their internet-exposed attack surface. Finally, to ensure business continuity, they must also adopt a security posture that can actively defend beyond the breach with autonomous actions to enforce normal business operations.
With summer quickly approaching, many cyber-insurance providers are vetting their long list of current clients and are preparing to make some drastic cuts. As July marks the time of year where these providers reevaluate their rosters, many organizations may soon be labeled as “uninsurable.”
Due to losses from the past 12-24 months from debilitating cyberattacks and data breaches costing insurers millions of dollars, for the first time ever, cyber-insurance carriers will be letting go of many of their customers to course correct due to the far-reaching economic impacts of the aggressive threat landscape. Although the demand for cyber-insurance has grown tremendously, the availability of this insurance has quickly become more limited. As a result, this could cause a lot of unknown uncertainty in the industry as companies look for alternative protection plans.
Given the series of cybersecurity incidents that have dominated headlines recently, many cyber-insurance providers are looking only to work with clients who are practicing proper hygiene. For example, these insurance companies will be looking to see if companies have things like multifactor authentication (MFA) and other security protocols to ensure that these proposed clients are doing their due diligence. In short, they are looking for clients who could pose the least amount of risk.
Although this new era of the “Great Firing” in the cyber-insurance industry is around the corner, companies can dodge this uncertainty by staying vigilant, onboarding security solutions and maintaining proper security hygiene to remain insurable.
The biggest unknown in cybersecurity right now would probably be the gap in the workforce. The demand for cybersecurity workers has only increased in recent years. A recent study reported that we need 2.72 million cybersecurity professionals to fill the gap in the workforce. In order to address this issue, organizations need to focus on diversity, equity and inclusion; training their employees; and investing in early talent. For example, at SAP, we have launched multiple partnerships with colleges and universities, including HBCUs, to close the talent gap.
We are at an inflection point where attacks have become monumental in technical sophistication and potential impact. Following two great wake-up calls, SolarWinds and Microsoft Hafnium, we have seen six months of ongoing cyberattacks targeting Ukraine. This adversarial activity reflects the rapid evolution of the threat landscape. Our new normal is being defined in real time — undoubtedly a challenge to our industry.
We’re also observing the blurring lines between cybercriminals and nation-state actors, with states providing cover for criminal groups to execute attacks on opponents in return for information. A key factor in preparing to mitigate cyberthreats is understanding bad actor motivation and what information they seek. An attacker looking for data to hold for ransom will have different impact than a stealth actor conducting espionage for months at a time. This change means organizations need to be incredibly diligent to identify threats quickly and ensure that backdoors are not left open.
Attacks are becoming increasingly multivector, and linear security solutions that identify just one vector are no longer sufficient. This is where XDR technology can make a difference. As threats become more hostile and sophisticated, SecOps teams need a new approach to combat these challenges. XDR harnesses the power of machine learning to predict and detect attacks, identify root cause and accelerate automated response. XDR increases SOC efficiency; protects organizations from data loss, phishing attacks and ransomware; increases efficacy and decreases mean time to respond — all of which are critical in addressing today’s biggest unknowns.
Three things come to mind. First — the economy, second — the paths that will be taken if Russia has an economic fallout from the war in Ukraine and third — the effect of the Great Resignation and rising costs for employers. When the economy pulls back so does all areas of spending, halting the plans and strategies of many security leaders. This leaves companies and organizations in vulnerable positions at a time when the White House is asking agencies, suppliers and corporate America to continue to take action.
Furthermore, when and if the war in Ukraine continues, resources in Russia will become increasingly difficult — resulting in cyber-warriors looking for work from private bidders, and opening the door for the potential use of “cyber-bombs” being fired against organizations that are vulnerable.
Companies are also grappling with funding their programs, especially as the economy struggles. Combined with the number of employees that are struggling with returning to work, and maintaining other work they got accustomed to during COVID — there is more strain on security programs and their success as a corporate program.
The actual realization is for companies to pivot to cyber-resilience from traditional risk and business continuance approaches. The current state of world affairs, fiscal pressures and cyber-program operational expectations require many levers to be pulled in parallel. The digital economy is demanding resilience in current times, but navigating execution and measure will be a challenge.
Kevin McAllister ( @k__mcallister) is a Research Editor at Protocol, leading the development of Braintrust. Prior to joining the team, he was a rankings data reporter at The Wall Street Journal, where he oversaw structured data projects for the Journal's strategy team.