CYBERSECURITY
Optimising the CISO Ross Brewer, Vice President and General Manager of EMEA and APJ for AttackIQ, unpacks how datadriven insight for CISOs and security team leaders can benefit the entire organisation.
Automated security control validation can leverage new threat intelligence about adversary tactics, techniques, and procedures (TTPs) through knowledge-based frameworks such as MITRE ATT&CK
18 www.datacentrereview.com Q3 2022
A
ll organisations face varying degrees of cyber-threat in an increasingly digitised world. In fact, there were over 300 million ransomware attacks recorded in the first half of last year. To mitigate these threats, the Chief Information Security Officer (CISO) is tasked with securing their organisation against breaches perpetrated by bad actors. However, nearly half of all UK businesses experienced a successful breach during the pandemic, and cybersecurity incidents rose by a staggering 600%. The threat landscape is expanding, but as innovation in the cybersecurity space affords new opportunities for the industry, businesses should be savvier than ever when choosing how to secure their infrastructure and seek to transition from a reactive, to a proactive, threat-informed defence. Creating a threat-informed defence Organisations across the UK are spending heavily on cybersecurity, with medium and large businesses in the UK alone spending over £800 million on their defence in 2021. However, a study by PurpleSec found that 75% of companies infected with ransomware were running up-todate protection, meaning that organisations investing large amounts of funding into their cybersecurity programme are not tackling the real problem: testing and validating the controls they already have. According to the 2021 Verizon Data Breach Investigations Report, CISOs have an average of over 70 security controls at their disposal, up from 45 just four years ago – but with controls failing often and silently, they cannot be validated if they are not continually tested. A multitude of budgetary cybersecurity solutions exist, but with the global average cost of data breaches reaching over £3 million in 2021, organisations must configure comprehensive cybersecurity solutions that can effectively remediate real-world threats. An illustration of this is the HAVEX strain of malware, reportedly used by the Russian government to target the energy grid. Companies should be running attack graphs that emulate these known threats end-to-end to bolster their cybersecurity preparedness in the event of an attack. To counter these sophisticated threats, using automation to test organisations’ security controls continuously, and at scale in production, is the key to unlocking a threat-informed defence. Automated security control validation can leverage new threat intelligence about adversary tactics, techniques, and procedures (TTPs) through knowledge-based frameworks such as MITRE ATT&CK. This strategy allows for the deployment of assessments and adversary emulations against their security controls at scale, enhancing visibility by enabling organisations to view performance data continually, and allowing them to track how effective their security programme is performing. Organisations aiming to successfully achieve a threat-informed defence should put Breach-And-Attack Simulation (BAS) systems at the centre of their cybersecurity strategy. A good BAS platform uses the MITRE ATT&CK framework to enhance, assess and test threat detection and threat hunting efforts by simulating real-world behaviours. Through the performance data gained from continual security control testing, CISOs and their teams gain visibility into the efficiency of their
