How can a business develop continuous cyber asset management and uses automation to find and fix security gaps? To gain an insight, Digital Journal caught up with the CEO of Noetic Cyber, Paul Ayers, who was previously a top executive at PGP Corporation (acquired by Symantec) and Vormetric (acquired by Thales).
Ayers identifies three important trends underway in the area of cybercrime and the resources deployed to prevent it.
Supply Chain Cyber Attacks Will Persist
Ayers explains that what we are witnessing is part of a dynamic process: “In 2020 and 2021, the cybersecurity industry witnessed a shift in focus to supply chain security, with large supply chain attacks such as SolarWinds and Kaseya. From greater than 50 new vulnerabilities per day in 2020, there is no reason to believe that 2021 saw a decrease. Patching is hard, and prioritization is key. Looking ahead to 2022, it is evident that supply chain attacks will remain a huge threat and difficult for security teams to anticipate. For that reason, security teams must be able to map vulnerabilities to assets, business-critical applications and potential risk.”
The Cyber Industry Will See Renewed Focus on Prevention vs. Response
Prevention is always the best defense, explains Ayers: “Supply chain attacks continue to be a huge threat to organizations, and difficult for individual security teams to anticipate. The cyber industry swings back and forth between prevention and response, with a renewed focus on preventative approaches, such as security posture management, cyber hygiene, and cyber asset management, showing that organizations are trying to anticipate cybersecurity threats before the threat becomes an attack.”
Cyber Cartography Will Take Center-Stage
Greater detail and a holistic approach to understanding cyber-risks is required to boost business reliability, according Ayers. The expert states: “We continue to face the same problem we have seen for many years: we have too many single-use cyber tools. Forward-thinking security teams are investing in data scientists and working to unlock this siloed telemetry and generate a wider cybersecurity view of the organization to build an advantage over attackers.”
He adds: “Phil Venables, the CISO at Google Cloud, has discussed ‘cyber cartography’ as the way of mapping cyber risk, assets, vulnerabilities, users and more, in an effort to gain this advantage. To change the status quo in 2022, organizations must employ this proactive approach to ensure they are one step ahead of the adversary at all times.”
