The New CISO Podcast: Cybersecurity Trends and Practices
On this episode of The New CISO Podcast, Chuck Markarian, CISO for Paccar, and Sean Murphy, CISO for BECU, share their insights on current trends in cybersecurity, as well as delve into their predictions for the field and the changing relationships within it. They also discuss the political influence in cybersecurity, cybersecurity insurance, breach simulations, third-party vendors, and more.
In this article:
- Increasing political influence in cybersecurity
- Investment in preparation and prevention
- The value of breach simulations
- Cybersecurity insurance creates new questions
- Managing third-party vendor risk
Increasing political influence in cybersecurity
Chuck and Sean touch on the increasing presence of politics in cybersecurity. As the government becomes more involved, the blame on organizations for being attacked has now shifted to the attacker, and rightfully so. Adversaries are no longer just kids in their parents’ basements; hackers are real and potentially dangerous attacks that need to be better understood by executive leadership. This greater understanding of cyber warfare has better informed the public and organizations of what could truly happen. Chuck explains, “With the government getting more involved in raising that visibility, I think that helps shift this a little bit to: ‘These are bad people out there doing bad things. They’re not using guns, but they’re using digital.’ I think anything like that can help us in our defense, and help us in how it’s presented to the public that companies are doing things, and they are striving to do the right things to protect their material — whatever it is the bad guys are after — but it still can happen. Now the government is taking a stance to say, ‘Hey, we’re going to go in and help cross borders, and stop this from happening.’”
Sean also talks about a shift in how cyberattacks are perceived, “I think up until the last couple of years, cyberattacks weren’t looked upon as an act of war or some kind of a terroristic type of action,” he says. “You don’t meet a computer crime with the full measure of the US military, but when you start to look at the proportionality and how these cyberattacks are actually being proven to be disruptive against the nation’s critical infrastructure, they elicit panic within the systems.”
Regarding the role of the government in cyberattacks, Sean states, “I think the government is starting to come back and looking at this from a proportionality perspective and realizing there is a role to play in going after the people, and not just kind of excusing it as asymmetric and it’s not really that big of a deal.”
Investment in preparation and prevention
With this increasing awareness of cybercrimes, boards and executives are more willing to invest in CISOs and their teams. It’s better to invest in preventative and investigative tools than to pay a bigger price after an attack. Sean stresses the importance of preparation before a cyberattack, saying, “You’ve got to have these conversations ahead of time. Everything from a ransomware attack where you’re probably not going to have the time to have discussions, you’re going to almost have to have your playbook laid out to, ‘do you have the retainers in place to have people step in to negotiate on your behalf? Do you know if you can restore from backups? Are they also corrupted?’ That type of scenario, you’re going to have that kind of a playbook and timeline, and you’ve got to have that practiced and communicated.”
The value of breach simulations
When simulating a breach, Chuck and Sean urge any leaders to really mimic the chaos that would naturally happen at that time. Be sure to include executives in this simulation, so they can gain practice and understanding of what will be a stressful situation in the future. In doing so, you’ll also be able to identify who is making what decisions before an event occurs. Sean states, “If you have the ability to put the executive team or some portion of the executive team through a simulated breach sponsored by one of the managed security providers that do this stuff, up to and including having somebody be the local reporter that’s on the scene, asking questions, the members that are upset from what they’re hearing, those kinds of things. If you can simulate all that in the sense of urgency that’s built up around it, it can usually be helpful. Because that’s the part you just really don’t realize is you’re not going to have a lot of time.” Chuck adds to this, saying that it must be predetermined who is authorized to make decisions when an attack occurs.
Cybersecurity insurance creates new questions
Cybersecurity insurance is becoming more common. CISOs need to educate themselves on policies and the language of cybersecurity insurance. This brings up other questions such as: should individuals have coverage? Should CISOs and board members have coverage? Additionally, insurance forces companies and leadership to explicitly define what an incident and breach are. This helps in determining what to report externally.
Managing third-party vendor risk
With a third party involved, like vendors, your risk level increases. From there, you need to assess how important that third party is and the level of risk with which you’re comfortable. It is part of the CISO’s job to help navigate those relationships and dynamics and to make sure the organization is still protected. Sean states, “It’s going to be a process of us coming together as a community and trying to figure out how to best measure that and communicate it because it’s not real obvious right now. If there’s another prediction that I’d throw out there, I’ve watched the pendulum swing back and forth between wanting to own and operate all assets, to outsourcing and offshoring, and those kinds of arrangements. And then, moving into cloud service providers and third-party management of certain things. I could see a day where the compute and store environment is relatively inexpensive enough to start moving back towards in-house, on-prem types of arrangements because the cumulative risk becomes too much for some organizations.”
What’s New in Exabeam Product Development – November 2022
Exabeam News Wrap-up – December 1, 2022
Exabeam Achieves ISO 27017 and ISO 27018 Certifications
Fourth-gen SIEM is New-Scale SIEM™: Cloud-native SIEM at Hyperscale
The New CISO Podcast: Solving Security Puzzles
Understanding UEBA: From Scored Events to Stories
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!