Transforming security for the perma-crisis age

In the labyrinth of perma-crisis security, we waltz through the stanzas of relentless challenges. From the global stage to the epiphany of transformative measures, through the nuances of strategic resilience – ultimately it impacts both physical and virtual security necessitating proactive crisis management.
a-propos-gatewatcher-d

Perma-crisis canvas: Emerging realities


Understanding the perma-crisis

Crises have been a constant in human history. What undergoes change is our understanding and approach to these challenges, especially in a globalized landscape. Certain factors, such as uncertainty, suddenness, and the impact on individuals, remain consistently present and well-defined. Managing a crisis necessitates an approach that considers the interplay of these factors. Presently, we find ourselves amidst a continuous cascade of crises, varying in intensity but unrelenting. From pandemics and climate concerns to political challenges and cybersecurity threats, these issues contribute to a pervasive sense of unease, exacerbated by tensions within international institutions. What sets this era apart is the transition from addressing ‘shared and common problems’ to acknowledging ‘global issues’. The interconnected nature of our world demands collaborative efforts to address these challenges effectively. The perma-crisis age is thus characterized by a perpetual state of uncertainty and threat. Security concerns are no longer sporadic events but have become a continuous backdrop, affecting individuals, organizations, and nations. The landscape is evolving, encompassing both physical and virtual dimensions, with threat actors exploiting vulnerabilities across various sectors. 

  

 

Cyber threats amidst perma-crisis

In its latest risk barometer, Allianz, one of the leading general French insurances, underlines the drastic increase in the risk associated with cybersecurity in recent years, securing the top spot on the podium of risks, surpassing even the interruption of company activities, economic market fluctuations or environmental concerns. The CESIN 2023 report indicates a decline in the number of successful cyber-attacks, but when successful, they are highly impactful and target specific sectors with precision. Indeed, Gatewatcher’s latest Cyber Threat Semester Report (CTSR) emphasizes the diverse typology of targeted sectors (technology, energy and education in the crosshairs), with threats becoming increasingly sophisticated. From an offensive standpoint, the report reveals the persistence of noteworthy trends like phishing, Microsoft-tailored malware, etc. The ominous shadow of Advanced Persistent Threats (APTs) looms large, posing a substantial risk to the security of critical infrastructure among others. Whether it’s scrutinizing PowerShell scripts, tracing Cobalt Strike infrastructures, or monitoring communication between the victim and the C2 server, the cybersecurity landscape demands a vigilant and adaptive response. Finally, our attention was particularly drawn to the increasing prevalence of supply chain attacks, a favored tactic among cybercriminal groups, as underscored by the incident involving 3CX. 

  

   

Encouraging resilience: Trends shaping security standards 

At the heart of security lies the realm of regulations and legislation. The European Commission is under scrutiny this year as it grapples with pivotal decisions, to address the growing demand for resilience. Key matters on its agend a include the Cyber Resilience Act (CRA), the AI Act, the Digital Operational Resilience Act (DORA), and expeditiously progressing on NIS 2 (Network and Information Security) among others. A pressing concern that has come to the forefront is the intricate web of the supply chain, once considered a vulnerable link but now squarely in focus. It’s imperative to acknowledge that compliance is not solely the domain of large enterprises; even small businesses intricately linked with critical sectors must adhere to robust security measures.  

Striking a resilient balance: The predictable and unpredictable in perma-crisis management:


The volatile new normal

In this ever-changing landscape, being adaptable is the name of the game. The scarcity of cyber experts adds a layer of complexity, urging organizations to adopt a proactive stance on security. Think of it as ‘Volatile is the new black’—a call to shift our mindset in navigating the constant threats. Now, managing in this environment involves dealing with the ‘unknowns.’ A smart approach? Begin with the ‘knowns’—the ‘nodes’ in the system. Ever heard of Donald Rumsfeld’s phrase, ‘there are known knowns… known unknowns… and unknown unknowns’? Well, it perfectly captures the essence of the perma-crisis, especially the expanding cyber risks. As a bulwark against cyber threats, anticipation emerges as the foremost defense, a strategy bolstered by security policies and sound practices. One being, it’s crucial to define personal responsibility for the best safety and security. Understanding your role and taking action when needed—that’s the heart of a top-notch Chief Information Security Officer (CISO). 

  

 

Orchestrating cyber-resilience: Guidelines for CISOs

To navigate the complex waters of cybersecurity in the perma-crisis age, a seasoned IT captain is essential—the CISO. This crucial role is instrumental in safeguarding organisations against ever-evolving threats. Building an inventory and mapping strategies is a paramount task. According to the latest Gartner report, the significance of cybersecurity is underscored by the projection that 40% of boards of directors will have a dedicated cybersecurity committee by 2025. This demonstrates the pivotal role of cybersecurity and the CISO function in a company’s strategic activities. 

  

Identifying risks is the initial step in any CISO’s action plan. It’s a delicate balance—avoiding the trap of dismissing unprecedented threats and shortsightedness under the assumption that solutions will easily unfold. Instead, the key lies in leveraging all available resources to adapt and fine-tune your strategy. Identification goes hand in hand with a deep understanding of the company’s architecture, encompassing devices, applications, communications, data flows, human resources, and more.  

Next is protection, involving the implementation of technical processes focused on identity management, access control, data security, and robust backup systems. Now more than ever, emphasis is placed on protection centered around the human factor. The third pillar emphasizes threat detection. In the context of identifying targeted Advanced Persistent Threats (APTs), the utilization of sophisticated automated tools, particularly grounded in AI and supervised machine learning, for real-time infrastructure detection represents a substantial advance in uncovering and preventing specific threats. This approach facilitates identification and response. Certainly, response stands as the linchpin in fortifying organizational resilience, acting promptly at the first signs of attacks and at every stage of the kill chain. 

  

 

 Network Detection and Response powered solution 

In the realm of cybersecurity, events loom like shadows, elusive and unforeseeable. It’s not a game of guessing when the storm will hit (because it will), but rather how to weather it. In the era of perma-crisis, the key to robust cybersecurity lies in mastering the ‘knowns’. Picture it like sketching a detailed inventory of network assets, where every line reveals a potential loophole. This artful process unfolds through two distinct methodologies. First, an intrusive ballet performed by EDR and scanners, placing agents strategically across the network’s stage. Alternatively, a silent waltz – the passive charm of NDR, a silent maestro that inspects the flow of network currents. Powered by AI, it becomes a precious ally for SOC teams offering continual evolution, automated responses, and adept adaptability to evolving threats. Its interoperability with EDR, SIEM, and SOAR ensures seamless integration, dynamically tailoring responses to a spectrum of cyber threats, from familiar adversaries to elusive zero-day exploits. 

In a few words…


In the perma-crisis age, the security scene is like a dynamic battleground where transformation is not just a choice but a thrilling necessity. It’s a captivating journey—from deciphering the current state of play to crafting proactive strategies and diving headfirst into crisis management. Taking a page from Ecclesiastes—perhaps not about cybersecurity, but still strikingly relevant—reminds us that “What has been will be again, what has been done will be done again; there is nothing new under the sun”, highlighting the timeless nature of challenges and the sheer excitement of being prepared for whatever surprises may come our way.