EDITOR ’ S QUESTION
RON DAVIDSON , VP OF R & D AND CTO FOR
SKYBOX SECURITY
The pandemic has triggered many new
cybersecurity challenges that have propelled the role of the CISO to one of extreme importance . Security leaders are under even more pressure to protect the business with security now elevated as a boardroom-level conversation .
In terms of setting expectations , CISOs should make it very clear now that their security teams will not be able to patch every new vulnerability .
According to Skybox Research Lab , 2020 was a record-breaking year for new vulnerabilities . Unfortunately , CISOs do not have more resources to deal with this surge .
To accurately prioritise remediation , organisations must be able to quantify their threat landscape as it evolves . Steps to ensure security strategy stands the test of time :
1 . Shift to risk-based prioritisation : A shortage of security talent , rapid cloud migration , regulatory compliance rules and the unrelenting changes to the threat landscape have created a perfect storm .
There are too many vulnerabilities for an organisation to ever be totally confident that their network is 100 % patched . It is simply not possible due to the everchanging threat landscape .
To future-proof security strategies , CISOs must establish a framework that enables risk-based prioritisation across the entire enterprise . infrastructure – across IT , hybrid infrastructure , Operational Technology ( OT ) and security configurations . Network modelling provides accurate insight into new risks and enables advanced attack simulation to explore all attack paths .
By modelling the entire attack surface , defenders can see all of the exposures that an attacker could infiltrate to determine the best course of action to stop breaches .
To future-proof security strategies , CISOs must establish a framework that enables risk-based prioritisation across the entire enterprise .
3 . Adopt a Zero Trust approach : Traditional network perimeters have vanished . Many organisations are adopting Zero Trust frameworks to verify any connections to their network before granting access to combat this issue .
Developing true ‘ no trust ’ zones is dependent on an understanding of the entire enterprise infrastructure – including all configurations across the environment as the whole .
2 . Implement network modelling : A network model is a dynamic representation of the entire enterprise
As the enterprise environment evolves , so too must security strategies .
www . intelligentcio . com INTELLIGENTCIO EUROPE 35