Given that the organization around the world is constantly struggling with constantly developing threats, the misunderstanding of the current trends of cyber security has never been essential.
Before Cyber Security & Cloud EXPO Europe, Bernard Montel, EMEA Technical Director and Tenable’s security strategist, he plunged light on cyber security changes in the last five years and offers valuable information about the challenges and trends that this industry is currently forming.
Given the increasingly sophisticated threats, Montel’s risk of risk management, proactive safety measures and roles of emerging technologies such as AI in cyber security, it offers instructions for navigation in these turbulent waters.
Cloud Tech: How has the landscape of cyber security changed over the past five years? ”
Bernard Montel: Global pandemia dramatically changes the way we work, and for some organizations this transition has occurred virtually overnight. We connect to offices or other remote jobs to travel to systems and resources.
In terms of cyber security, this had a huge impact in the way we need to think about security:
- The home network that has never been secured has suddenly become an extension of the business network. Domestic roads were the only way that employees could access resources and expand the threat nordicity.
- The use of virtual private networks (VPN) and multi -factor authentication (MFA) was the only way to secure these connections.
- As the organizations moved the sources to the cloud and did not nagger the need for VPNs, simplified life for distant workers and provided security layers for organizations.
If we could maintain one post-permical change, it is an acceleration of cloud services (Software-A-A-Service (SAAS), infrastructure-as-aa-service), platform-as-a-service (PaaS), etc. There is no need to be firmly connected to the company network to make it safe.
We still have the race deployed and the use of PEM solutions. However, the vast majority operates a hybrid environment and combines a mixture of private and public cloud with sources on-Pro.
Today’s new normal means that the “castle” represents a “company net”, is now fragmented – with the result that the surface of the attack has never been so large or more dynamic.
CT: What are the best trends in cyber security?
BM: Ransomware is still the highest threat today. The number of attacks experiencing everyday organizations is growing and violations violates more and more records in terms of the number of violated records or the volume of exFiltrate data.
Cloud Security is another real challenge for all organizations. Moving to cloud sources forces security teams to reconsider the way they can handle security. The traditional peripheral approach, with the end point and/or server focusing on security procedures, is almost unnecessary when we talk about micro -service without server and containers.
Identity returned as the main focus of fears. 25 years ago, we talked about the invitation of identity management with the beginning I & AM. The problem is still very obvious, but much more complicated: federated identity, MFA, Active Directory and Trading, combined with all cloud identities with AWS, Azure, GCP … List.
AI is, as in any other technology, they are different. The attackers are just beginning to realize the abilities it offers, and as Defnders are essential, we also determine how to use this technology.
The use of the strength and speed of generative AI-as Google Vertex AI, Openai GPT-4, Langchain and many others can return new intelligent information in minutes. This can be used to accelerate research and development cycles in cyber security, to find formulas and explanations of what is in a possible simple language. The use of the strength of the Aitables security teams to work faster, sought faster, analyzed faster and eventually decided faster.
CT: What organizations should keep in mind today when they are considering their security risks?
BM: We must remember that in most cases it is a known vulnerability that allows actors in the threat of the entrance point to the infrastructure of the organization. After obtaining entry threats, he will then try to infiltrate the organization to stole data, encrypt stems or other dangerous activities.
Funny incorrect configuration-so basic human error, from configurations to the left “by default” after sending the code of the developer via the high-speed cycle Devops-these are human. However, the uncontrolling of these incorrect configurations leaves the door open to the attackers.
Often there is a belief that because the organization is “smaller”, they will not be the goal of attacks. That could not be from the truth. Yes, they are usually big names that create subtitles, but even smaller organizations are also focused because the threat actors realize that they are part of the supplier chain and often open the door – giving interconnected work – for large companies.
Ten years ago, the ransomware attack was really obvious. The computer (PC) was horrified with a request for ransomware displayed on the screen. Today, the attacks are less obvious and may be undetected for several weeks, as the actors of threats are trying to consider their presence, allowing them to crawl around the infrastructure for dangerous purposes.
Ransomware gangs will use double blackmail methods that take encryption tactics and add another sinister element: before these files are encrypted, ransomware groups will steal them and threaten to publish them on a dark site if ransom is paid. The added pressure from this type of blackmail is what helped to make ransomware so successful.
The organization must understand the global context around us – a combination of pressure economy, activism and geopolic tension – to understand landcape threats. Focusing only on a pure “technological” part is not enough to reduce the risk.
The key to reduce risk is a proactive and preventive approach. Obtaining visibility where your greatest areas of risk are called this exposure control, it is absolutely crucial to the acquaintances which doors and windows are wide open and must first be closed. The threats move quickly and try to detect and respond to their movement today is not effective.
(Tagstotranslate) Azure (T) Microsoft