October is internationally recognised Cybersecurity Awareness Month. This comes at a time of new data breaches and identity theft being announced daily. For businesses, 76 percent of organizations report they have been attacked by ransomware in the past two years.
For 2022, the theme is “See yourself in Cyber?” This is an attempt to draw more people into the professions of IT security. But what does this mean in practice?
To gain an insight, Digital Journal spoke with David Anteliz, Senior Technical Director at Skybox Security.
According to Anteliz keeping cybersecurity in the public’s imagination is essential to protect services and organisations. The 200 cybersecurity awareness period is a key way to do this.
Anteliz says: “This October, Cybersecurity Awareness Month serves as a reminder that hope is on the horizon – despite how quickly threat actors are evolving. According to Skybox Research Lab threat intelligence, 20,175 new vulnerabilities published in 2021, up from 18,341 in 2020.”
These figures are alarming. Says Anteliz: “That’s the most vulnerabilities ever reported in a single year and the most significant year-over-year increase since 2018. Initial research shows 2022 will result in a significant uptick in vulnerabilities as well, particularly those impacting critical infrastructure.”
To address these issues, new approaches are needed. As Anteliz finds: “The world has seen the traditional cybersecurity approach built on point products inadvertently created silos and dangerous gaps in visibility. Attackers know that many organizations are behind on patching and still rely on traditional approaches to vulnerability management based on CVSS scores, so they’ve learned to take advantage of vulnerabilities rated as less critical to carry out their attacks.”
As to what needs to be considered, Anteliz recommends: “Today, organizations must begin evolving toward a radically more flexible security architecture. To improve overall cybersecurity effectiveness, mature organizations are leveraging advanced risk-based prioritization, which includes threat intelligence, asset information, and modeling to determine what is truly exposed to an attack.”
In a telling final comment, Anteliz states: “In fact, nearly half of organizations with no breaches in 2021 took a risk-based approach.”
In contrast, 48 percent of organizations with no breaches were those that took a risk-based approach. This represents a situation of greater maturity in the areas of attack surface visibility and context, attack simulation, exposure analysis, risk scoring, vulnerability assessments.
