Bolstering Resilience In The Age Of Expanding Threats

Uploaded on 2024-02-09 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The recent implementation of the Securities and Exchange Commission’s (SEC’s) cybersecurity regulations has mandated public companies reveal any material cybersecurity incidents within a stringent four-business-day timeframe. This signifies that high-profile breaches, like the recent 23andMe breach, which compromised the data of approximately 7 million customers, will now carry significantly more severe ramifications.

The SEC's regulations represent a new wave of transformative alterations in regulatory compliance, hinting at a more profound shift in how companies approach and adhere to regulatory standards.

These regulations, just a fraction of the evolving landscape of compliance changes, signify a broader shift in accountability amid an increasingly broad attack surface and complex threat landscape. As the scope and complexity of potential threats continue to grow, navigating this complex environment emphasizes the critical need for comprehensive cyber exposure management.

Navigating The Expanding Attack Surface

The contemporary organizational attack surface is undergoing exponential expansion, propelled by the digital shift: migration to cloud infrastructure, widespread remote work setups, accelerated development timelines, insufficient validation processes, and heightened software complexity. Collectively, these factors present numerous openings for cyber attackers to exploit.

As hybrid networks expand in size and complexity, the attack surface expands, increasing the likelihood of experiencing a cyberattack. An organization requires comprehensive visibility into vulnerabilities across its environment and needs to achieve this efficiently. However, the production of reports is often a manual and time-consuming process. Additionally, determining whether the focus is on remediating the riskiest vulnerabilities with the greatest potential impact on the business can be challenging.

Organizations must find ways to manage their cyber exposure more effectively in a world of heightened risk. It is imperative for security teams to handle and mitigate their cyber exposure adeptly. The number of vulnerabilities listed in the National Vulnerability Database (NVD) nearly reached 200,000 at the beginning of 2023. The emergence of new vulnerabilities is escalating rapidly - NVD reported an addition of over 25,000 vulnerabilities in 2022, signifying a 25% surge compared to the preceding year. Vulnerabilities aren't just increasing; they're surging at an unprecedented pace.

Shifting From Conventional Responses

Amid the exponential rise in vulnerabilities, a stark reality emerges: the era of addressing every single vulnerability has become obsolete.

The sheer volume of vulnerabilities surpasses the capacity to fix them all, rendering the conventional response - often a mix of impromptu vulnerability scans, spreadsheet tracking, and periodic patching cycles - ineffective in meeting this formidable challenge.

This is why more and more organizations are looking for vulnerability management solutions to help them address this challenge. However, not all vulnerability management solutions are created equal.

The Five Stages of Comprehensive Vulnerability Management

A comprehensive vulnerability management program integrates technologies across five distinct stages:

1.    Assess:   This phase involves compiling an exhaustive inventory encompassing assets, endpoints, servers, network devices, cloud infrastructure, applications, and users essential for inclusion within the vulnerability management program.     

2.    Discover:   Here, aggregated security data from various sources, such as vulnerability scans and threat intelligence feeds, is overlaid to unveil comprehensive insights.

3.    Prioritize:   Quantifying cyber risks based on individual exposures takes precedence in this phase, allowing for the prioritization of resources to maximize effectiveness in addressing vulnerabilities.

4.    Remediate:   Choosing the most suitable remediation methods is pivotal in this stage. If a complete resolution isn't viable, selecting from an array of compensating controls becomes necessary.

5.    Report:   Effectiveness evaluations of remediation efforts and communication of risk levels to pertinent stakeholders form the core focus of this phase, ensuring transparent and informed decision-making.

Strategic Prioritization For Cyber Resilience

This strategic prioritization empowers efficient allocation of resources, ensuring that critical vulnerabilities receive immediate attention, reducing the likelihood and impact of potential cyber threats.

Organizations can use this comprehensive strategy to identify vulnerabilities more effectively and execute tailored remediation plans while providing clear and transparent reporting mechanisms. This approach ensures a systematic and efficient response to the evolving threat landscape, enhancing overall cyber resilience.

Howard Goodman is Technical Director at Skybox Security

Image: Shubham Dhage

You Might Also Read: 

Reducing The Risk Of Weak Links With Consolidation:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Neuralink Implant A Brain Chip In A Human
Chinese Hacking Campaign Targets US Critical Infrastructure »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Zentek Digital Investigations

Zentek Digital Investigations

Zentek has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

Paraben

Paraben

Paraben provides digital forensics solutions for mobile devices, smartphones, email, hard drives, and gaming system.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

Secure Recruiting International (SRI)

Secure Recruiting International (SRI)

SRI is an industry leader in Information Security , Networking, Wireless and Storage recruitment.

Riverside Research

Riverside Research

Riverside Research is a not-for-profit organization chartered to advance scientific research in areas including Trusted & Resilient Systems.

Visium Technologies

Visium Technologies

Visium Analytics provides innovative data visualization, cybersecurity technologies and solutions to businesses to protect and secure their data assets.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

Vention

Vention

Vention (formerly iTechArt) is the partner of forward-thinking tech leaders around the globe.

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

ARGOS Cloud Security

ARGOS Cloud Security

ARGOS aims to simplify and strengthen cloud security, by creating a visual map of security vulnerabilities, to your priceless information stored in any cloud provider environment.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

Invisinet Technologies

Invisinet Technologies

Invisinet is a cybersecurity technology company specializing in innovative solutions that protect network infrastructure and critical assets from advanced threats.