Our Roundtable Sessions are invite-only events hosted by peers for peers that bring together a select group of senior IT leaders from across industries for topic-driven, intimate dialog on current trends and topics. The group met remotely to discuss preparing for next-gen data security attacks, led by an IT Executive of an American multinational conglomerate holding company focused on transportation, e-commerce. This Session was sponsored by Tanium.
More cyberattacks are happening today than ever before. New vulnerabilities are being discovered more frequently in commonly used third-party software. Developers are including external libraries and modules within their applications without getting them approved by the security team. Under such circumstances, how do you protect your organization from sophisticated cyberattacks? How do you minimize your attack surface without slowing down the development process?
A speaker remarked that third-party software governance has become more critical than ever before. A third-party library or module adds to your attack surface, and you need to find ways to minimize it. To that end, every third-party library or module should pass a security checklist and/or governance process before they become a part of an application. This ensures that you have 100% visibility into what’s being used inside your applications and prevents you from integrating with potentially malicious software.
A participant said they find it difficult to get funds approved for implementing new governance policies. Their CIO believes that adding more guardrails will just slow the development process down and hamper productivity. They added that it’s important to be on good terms with the higher management and talk to them in their language (financial risk, reputational damage) to get their buy-in.
A CIO shared that in their organization, security is everyone’s job. All team members are required to participate in security trainings. Everyone has at least a baseline understanding of what information security is and what guidelines they must adhere to. If a vulnerability is discovered or a breach occurs, everyone has a vivid understanding of their roles towards recovery. You can never have enough security architects in your organization to deal with all the issues; everyone must play a part.
An executive mentioned the five functions described in the NIST framework: Identify, protect, detect, respond, and recover. They added that most of us try to focus on protect, but the first step should always be “identify.” You can’t protect what you don’t know exists. Numerous applications help create asset inventories, find vulnerabilities, and run penetration tests. For detection, you should place the strictest access controls on the most sensitive resources. It’s also crucial to have a well-formulated incident response and recovery plan in place.
Multiple attendees agreed that tabletop exercises are a great way to create and optimize recovery action plans. Simulate attacks of different nature and see how people react under pressure. The goal should always be to protect security critical assets and incur the least amount of damage. These exercises will enable you to find gaps in your recovery plans and backup systems and identify the people you can rely on— those who excel under pressure and have the required technical knowledge to get you out of trouble.
An exec talked about how their security strategy has evolved from defense to offense. Instead of trying to implement more and more security controls, they have started to look for vulnerabilities, issues, and incidents proactively. They are using software to find anomalies, performing more penetration tests, conducting compliance audits, and trying to be more aggressive in general.