It’s Friday, I’m [Writing That Typical CISO Email]>
Recorded Future – Kathleen Kuczma
Its a Friday afternoon.
As the CISO for a large manufacturing company, you receive a message from a board member with the subject line How are we affected by [insert the latest] cyber attack.
Despite the end-of-the-week fatigue, you explain:
Understanding company assets is crucial: The article highlights the importance of understanding the company’s assets in order to prioritize monitoring and mitigation efforts.
This includes identifying old domains that should be decommissioned and understanding which assets are critical to business functions.
Threat actors follow the path of least resistance: Threat actors will often exploit the easiest attack vectors, so it is important for security teams to understand their company’s weak points and prioritize monitoring and mitigation efforts accordingly.
Monitoring stolen credentials is key: The article emphasizes the importance of monitoring for stolen credentials, as more than three-quarters of breaches involved external actors, with nearly half of those external breaches involving stolen credentials.
Threat maps can help prioritize monitoring efforts: A Threat Map that analyzes past attacks and understands current vulnerabilities provides security teams with a short-list of actors to prioritize for monitoring.
Mitigation plans should improve security controls: The article highlights the importance of having a mitigation plan in place to improve security controls, such as detection rules that can quickly notify analysts of potential malicious activity.
Social engineering is difficult to combat: The article acknowledges that social engineering is a difficult aspect of cyber attacks to combat, and suggests using generative AI to produce an outline of the attack patterns used and how the company could be impacted.
The article also mentions the following tools and services:
Recorded Future AI: A tool that can help security teams generate a Threat Map and prioritize monitoring efforts.
Identity Access Management (IAM) platform: A platform that can help companies manage and monitor access to their systems and assets.
Initial Access Brokers (IABs): Threat actors who package and sell stolen credentials to other actors who plan to use them.
Intelligence providers: Companies that collect and integrate malware logs into IAM platforms, increasing the speed of detecting and resetting passwords before improper use.
Detection rules: Rules that can quickly notify analysts of potential malicious activity.
Overall, the article emphasizes the importance of understanding a company’s assets, prioritizing monitoring and mitigation efforts, and using tools and services to improve cybersecurity posture.
Link: https://www.recordedfuture.com/blog/its-friday-im-writing-that-typial-ciso-email
It’s Friday, I’m [Writing That Typical CISO Email]
Categories:
Tags: