Intelligent CISO Issue 9 - Page 65

Successful CISOs are those investing in surveillance and reconnaissance tools that can show how their digital attack surface appears to attackers. The mobile movement A prime example of the need for this approach are the mobile applications the organisation develops for customer use, as they by default sit outside the perimeter in one or more app stores. Many people aren’t aware of the exponential growth of the mobile ecosystem, both in terms of number of apps and the number of app stores. While Google Play and Apple iTunes capture a significant segment of the market, there are hundreds of other app stores out there competing to drive traffic and increase their market share. Official apps and apps leveraging the brand are widely copied and distributed across the mobile ecosystem. As a result, the number of mobile apps an organisation owns or that leverages their brand is far higher than they suspect. For larger organisations, the proportion of apps in unofficial stores versus official | Issue 09 stores can be more than 90%. Mobile app proliferation has a direct impact on consumers, as there is a risk of using an unsupported application or worst case, a malicious one. Finding the unknown Most organisations lack a full view of their Internet-exposed assets. Today’s CISOs must operate on the assumption that their organisation has a far bigger digital footprint than they realise. It is common to have 30% more publicly exposed digital assets than are visible to corporate IT and security teams. Many of these ‘missing’ assets are the result of shadow IT; development activity performed by third parties – i.e. marketing funded web sites, or sites, apps and social media accounts created by line of business teams. Agile development, in all its forms, helps the business to keep pace with customer expectations but if the assets delivered are unknown to the corporate IT and security teams, it is unlikely that the proper security controls and governance are in place and, as a result, these unknown or forgotten assets have a higher likelihood of being compromised. They must be actively managed to reduce the low-hanging fruit available for cybercriminals to exploit. An ever-evolving role The traditional security strategy for the previous generation of CISOs has been a defence in-depth approach starting at the perimeter and layering back to the assets to be protected. As outlined earlier, there are clearly disconnects between that kind of strategy and the threat landscape in which companies need to protect themselves today. In a world of digital channels, users – customers and prospects – sit outside the perimeter, an increasing number of corporate digital assets sit outside the perimeter on third party hosting services or are exposed on the Internet and the majority of the malicious actors sit outside the perimeter. As such, CISOs need security strategies that encompass this change while continuing to defend the corporate network and all that sits inside it. The good news for CISOs is that there is now much more data available, which can provide needed Internet visibility to complement existing security tools and processes. Experienced CISOs need to be trusted to invest in security strategies that encompass this change by leveraging the vast amounts of data that is at their disposal and by better aligning their external threat programme with other IT security and operations teams. By understanding their exposures, expediting enterprise-wide threat investigations and monitoring their Internet attack surface, CISOs can proactively address external threats and reduce their online risks. u 65