TNBT: Preparing for the next Big Threat

In an increasingly uncertain world, with internal risks and external social, economic and geopolitical threats to organizational development and automation looming overhead, CSOs have been adopting strategies to be prepared for operating in uncertain times. Ransomware, data breaches and fraud are unabating, with cyber insecurity as well as misinformation and disinformation being the top and fourth risks, respectively, for the upcoming two years as projected in the World Economic Forum’s Global Risks Report 2024.

The attack surface gets ever more complex with the increased adoption of cloud, AI, thanks to generative AI and IoT connectivity. Hackers are already attacking concentrations of common software and services to leverage their returns on investment. Critical infrastructure continues to be targeted as entire city networks, emergency networks, water treatment plants and power utilities are breached amidst rising geopolitical tensions.

Ultimately, preparing for the next big threat entails focusing on cyber resilience, because there are simply no silver bullets in the cyber world. Embracing the hard truth with the inevitability of breaches entails a holistic approach towards developing as well as sustaining strong resilience. Strengthening cyber resilience will increasingly be a core part of the entire enterprise security strategy and entails a few techniques including coordinated protection, analytical monitoring and adaptive response.

Coordinated Protection

For coordinated protection, as we demand greater cyber integration and reliance in Industry 4.0, CISOs will have to extend oversight not only into vendor environments as hackers leverage weaker entry points of the enterprise. 

The increased scrutiny and oversight into TVRA of environments supporting crown jewels needs to extend to CSPs, OEMs, OSS as well as social media platforms. Cloud security enhancements will be implemented to address the use of multi-cloud environments.

Strengthening coordinated protection also entails the management of third-party risk, tighter remediation timeline on KEVs, especially those flagged with ransomware indicators, adversarial simulation with red/purple teaming engagements and extension of table-top exercises to suppliers will see greater traction and oversight.

Addressing emerging threats, CISOs will have to incorporate controls to counter adversarial AI tactics and foster synergies with data and AI governance teams. Controls to ensure quantum-resistant cryptography in the symmetric space to future-proof encrypted data and transmissions will also be put in place if they are not already.

Zero Trust as a mindset and approach will be very important, especially to address insecure by design components of OT environments used in Industry 4.0. Therefore, one of the key areas of strengthening protection would also be Identity and Access Management (IAM). Defense against Multi-Factor Authentication (MFA) fatigue attacks have to be deployed and we need to look towards password-less authentication as we try to optimize security and convenience in as frictionless a manner possible as we step up our game.

Analytical Monitoring and Adaptive Response

Key success factors of strong cyber resilience also entail analytical monitoring and adaptive response beyond just coordinated protection. This encompasses taking an assumed Breach approach which is often a neglected yet important component of Zero Trust. 

Consume actionable threat intelligence, subscription to cyber threat intelligence, information sharing and analysis centres, threat hunt, have adequate incident response, if possible, with security orchestration and automated responses.

While it is inevitable for sophisticated breaches to happen, especially those that live off the land in stealth, we can limit the attack blast radius, disrupt the cyber kill chain to prevent OT systems from being compromised by ingesting threat intelligence, detecting fast through threat hunting and containing fast through orchestration. Not least, we need to also extend this to vendor environments. 

As part of strong cyber resilience, we need sound IR playbooks to effectively draw bridges, we need plan Bs and plan Cs, business continuities as well as table-tops and red teams that involve our supply chain vendors. 

And finally, response to the ever-evolving threat landscape will entail greater adaptability and agility. This demands that control processes reach a high level of maturity. Policies, standards, procedures, risk registers, OKRs, KRAs and KRIs will have to be updated more frequently against the increasingly volatile threat landscape.

If you have stayed with me to this point in the article, you would have realized by now that preparing for the next big threat entails a lot of getting the fundamentals of risk optimization right and establishing a mature process to sustain cyber and business resilience. And we can’t work alone in the cyber resilience journey. 

It requires the whole village to come together and involve our supply chain as the whole of ecosystem. We are, after all, only as strong as our ecosystem.