CISOs have a unique perspective on the world. They see security threats to which most people are oblivious, and they face challenges keeping one step ahead of hackers who are looking to penetrate their networks. This threat landscape is outlined four times a year in the "CISO Insider" — an actionable report that explores the top three issues that are most relevant in today’s threat landscape.
This quarter, rising ransomware rates, the promise of extended detection and response (XDR) in helping rapidly address emergent threats, and the need for increased automation and better tools to empower security teams to do more with limited resources have come to the forefront. Keep reading to learn how you can apply these insights to your own operations.
How Organizations Can Respond to Extortion — and Rising Ransomware
The risk profile of ransomware is changing as cybercriminals gain easier access to improved tools and automation. When combined with the economics of successful attacks, it has put ransomware on a rapid growth trajectory.
CISOs differ on which is the more catastrophic cost to the business: business disruption or data exposure. Regardless, preparation is key. Here are some of the top ways that CISOs can guard against rising ransomware.
- Prepare to defend and recover: By adopting an internal culture of zero trust with assumed breach while also deploying a system of data recovery, backup, and secure access, organizations can isolate attacks and make it much harder for threat actors to move laterally across the network. This strategy has the added benefit of minimizing an attack’s impact thanks to backups and encryption, both of which can help defend against data loss and exposure.
- Use a privileged access strategy: This can minimize the potential for credential theft and lateral movement. Privileged credentials are foundational to all other security assurances — an attacker in control of your privileged accounts can undermine all other security assurances. We recommend teams focus on building a closed-loop system for privileged access that ensures only trustworthy “clean” devices, accounts, and intermediary systems are used for privileged access to business-sensitive systems.
- Leverage comprehensive, integrated threat detection and response capabilities: Siloed point solutions often result in preventative gaps and slow down the detection and response to pre-ransom activities. By integrating security information and event management (SIEM) and XDR, organizations can extend prevention, detection, and response across the entire multicloud, multiplatform digital estate.
XDR Can Help Accelerate Threat Detection and Response
Beyond prevention, how should enterprises respond in the event of an attack? Many security leaders are turning to XDR for a cross-platform vantage point. XDR helps coordinate signals across the entire ecosystem — not just endpoints — to facilitate faster threat detection and response. And while endpoint detection and response (EDR) is a proven asset that many CISOs in the "CISO Insider" report have already implemented, XDR is the next evolution.
XDR helps bring together data from disparate systems, allowing security teams to visualize the entire incident from end to end. Point solutions can make this comprehensive visibility difficult because they only show part of the attack and rely on an often-overwhelmed security team to manually correlate multiple threat signals from different portals. When we think about today’s dynamic threat landscape, XDR is particularly compelling because of its coverage and speed in helping detect and contain threats.
Automate to Elevate the Security Team
Security leaders are faced with a security talent shortage. Automation is one way for them to help free up their existing workforce from mundane tasks so they can focus on defending against threats.
Most CISOs report adopting event-triggered or rule-based automation, but there’s a greater untapped opportunity to capitalize on built-in artificial intelligence and machine learning capabilities that enable real-time, risk-based access decisions. Automation can serve as an early warning system for future cyberattacks, and its inconveniences can be mitigated or eliminated. The most effective automation runs alongside human operators so that its artificial intelligence can both inform and be checked by human intelligence.
Customize Cybersecurity to Meet Your Team’s Unique Needs
Ultimately, while cyber threats continue to grow and evolve alongside the Internet, security teams can still take preventative measures to help safeguard their operations. Some are more prescriptive than others — like leveraging zero trust, privileged access, and integrated threat detection and response. But it’s also important that organizations leverage their existing toolsets to its fullest capacity through automation features and built-in security detections. By learning from CISOs who are on the front lines of cybersecurity, organizations can better understand how to defend their own operations.
Read more Partner Perspectives from Microsoft.