The Cyber Defense eMagazine February Edition for 2024

More documents

Recommendations

Info

experts and best-practices guidelines that all recommended, “add layer upon layer of defenses”, only to watch this tactic often fail to deliver adequate protection. Many believe the only way organizations are going to get their arms around the escalation of successful extortion-inspired breaches is to go on the offensive, attack themselves with the same tactics, techniques, and procedures (TTPs) attackers are using, and finally find the reagents lying in wait within their IT and cloud environments that are enabling these attacks to succeed. This change in thinking is going to take a new class of security solutions mainstream, especially those that are offensive in nature and are underpinned with offensive AI capabilities. These AI-powered offensive solutions will not be used to attack others. Instead, they will be used by organizations to attack themselves with AI-based technology that comes as close to mimicking attackers as possible. Therefore, offensive focused innovators will likely garner great interest in the security buyer communities. To be clear, this branch of AI has little to do with Large Language Models (LLMs) like ChatGPT and others. It has to do with purpose-built, autonomous systems that are capable of doing the exact same things attackers do – breach your networks and steal your data. Finally, organizations of all sizes will be able to see their own environments through the eyes of an attacker. As a result of this change, younger security companies that offer purely defensive-based technologies will likely have increasing difficulty in raising new capital to stay afloat. Therefore, a significant consolidation movement is likely on the horizon this year in the security industry. Smaller security firms that have consumed their cash faster than anyone expected, primarily due to customers delaying purchases due to their own economic challenges, will be forced to either go into survival mode, close up shop, or sell to the highest bidder. Consolidators will be on the lookout to purchase moderately successful companies so they can grow their own customer base through inorganic methods. The reason for this awakening is also based upon the change currently happening, especially in terms of the latest legislative actions. In nearly every piece of new and/or proposed legislation (designed to address the current threat landscape of course,) every one of them calls for a new approach to security that is now focused on assessments, self-assessments, risk assessments, and so on. And often, these words are joined by the notion of “continuous”. When searching for those terms in the many pages of any new piece of legislation, you will see them peppered throughout these initiatives. This is a tell-tale sign that things are about to shift 180 degrees since the term “assessment” really means that organizations will be required to go on the offensive, using manual, automated, and autonomous adversarial exercises, and attack themselves so they can find their truly exploitable weaknesses before attackers do. Since this is the case, we can expect investors will shift their interests too, follow this trend, and place their bets on innovative companies that can address the foreknown growing demand for offensive-based, continuous self-assessment solutions, especially if they are underpinned by AI and machine learning. These assessments are not the run-of-the-mill vulnerability scans or once-per-year pentest. These are real-world, ongoing cyber readiness exercises. Cyber Defense eMagazine – February 2024 Edition 98 Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
Not only are legislators pushing for continuous self-assessments, cyber insurance companies, manufacturers who rely on their massive third-party supply chains, military hardware/software buyers, and other similar parties will also likely begin to embrace this offensive-based assessment mindset and require partners and suppliers to do so as well. In other words, if you want to do business with premium buyers, you will now be required to provide self-assessment scorecards before buyers buy, when applying or renewing cyber insurance, or doing business with the government in the very near future. Hold on tight, because in 2024, organizations are about to fully discover the overabundance of weaknesses already residing in their networks they previously knew nothing about - discovered by way of offensive-based security solutions that are ready for the mainstream. About the Author Stephen Gates brings more than 15 years of information security experience to his role as Principal Security SME at Horizon3.ai. He is a subject matter expert with an extensive hands-on background in security and is a well-known writer, blogger, presenter, and published author who is dedicated to conveying facts, figures, and information that brings awareness to the security issues all organizations face. He is reachable at Horizon3.ai and on X at @Horizon3ai Cyber Defense eMagazine – February 2024 Edition 99 Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
How One Industry Exemplifies the Im
Page 3 and 4:
Data Breach Search Engines --------
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s February 2024 Is
Page 9 and 10:
Cyber Defense eMagazine - February
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
2001 2024 Cyber Defense eMagazine -
Page 17 and 18:
Page 19 and 20:
How One Industry Exemplifies the Im
Page 21 and 22:
That is where things stand in my in
Page 23 and 24:
current on the mission and values o
Page 25 and 26:
So, monitoring and managing vendor
Page 27 and 28:
About the Author Caroline McCaffery
Page 29 and 30:
How so? Businesses can make things
Page 31 and 32:
Using Cmmc 2.0 To Transform Your Cy
Page 33 and 34:
equire the implementation of additi
Page 35 and 36:
for the Department of Energy’s Cy
Page 37 and 38:
• IT no longer controls where and
Page 39 and 40:
For example, the Cloudbrink service
Page 41 and 42:
5 Cybersecurity Resolutions for The
Page 43 and 44:
The Importance of Cyber Hygiene for
Page 45 and 46:
The key steps to improve your cyber
Page 47 and 48: Connecting Tech to Black America By
Page 49 and 50: Establish partnerships with HBCUs E
Page 51 and 52: Perhaps the most obvious example of
Page 53 and 54: Crafting AI’s Future: Decoding th
Page 55 and 56: The implementation of regulations c
Page 57 and 58: AI Is Revolutionizing Phishing for
Page 59 and 60: That’s why security awareness tra
Page 61 and 62: culmination of this race will revea
Page 63 and 64: Traditionally, DBSEs would only inf
Page 65 and 66: Enhancing Cybersecurity Defenses: T
Page 67 and 68: Social engineering testing In the e
Page 69 and 70: GitGuardian Researchers Find Thousa
Page 71 and 72: *Emergent trends While everything f
Page 73 and 74: There are multiple tools that will
Page 75 and 76: Good Security Is About Iteration, N
Page 77 and 78: to incorporate architectural and de
Page 79 and 80: Hacking and Cybersecurity Trends to
Page 81 and 82: detect attacks as they are occurrin
Page 83 and 84: Legacy solutions hinder an organiza
Page 85 and 86: About the Author Thomas Müller-Mar
Page 87 and 88: Having worked closely with financia
Page 89 and 90: device is emitting its signal the t
Page 91 and 92: Navigating the API Security Landsca
Page 93 and 94: that entities (users, services, or
Page 95 and 96: examine financial transactions, net
Page 97: Offensive Awakening: The 2024 Shift
Page 101 and 102: Let’s dive into how security lead
Page 103 and 104: Overcoming Common Data Security Cha
Page 105 and 106: The Risks of Over-Privilege Alongsi
Page 107 and 108: Quishing Campaign Exploits Microsof
Page 109 and 110: After inserting their email address
Page 111 and 112: more expensive and time consuming.
Page 113 and 114: Cotton Sandstorm or Static Kitten h
Page 115 and 116: Spike in Layoffs Pose Serious Cyber
Page 117 and 118: About the Author Adam Gavish is the
Page 119 and 120: The Crucial Role of Data Categoriza
Page 121 and 122: The Next Generation of Endpoint Sec
Page 123 and 124: Next-Generation Endpoint Security:
Page 125 and 126: As I reflect back on the past few m
Page 127 and 128: Why Is Hardware More Secure than So
Page 129 and 130: can achieve throughput levels of up
Page 131 and 132: ecome more secure. By the end of 20
Page 133 and 134: Zero Trust Matures, Insider Threat
Page 135 and 136: of the risk of insider threats and
Page 137 and 138: Zero Trust: Navigating the Labyrint
Page 139 and 140: • Enhanced Security: Zero trust b
Page 141 and 142: Cyber Defense eMagazine - February
Page 149 and 150:
CyberDefense.TV now has 200 hotseat
Page 151 and 152:
Books by our Publisher: Amazon.com:
Page 153 and 154:
Page 155:
i https://www.whitehouse.gov/briefi
show all

The Cyber Defense eMagazine February Edition for 2024

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?