APTs Will Force CISOs to "Grow-or-Go"

It seems to be generally accepted that advanced persistent threats (APTs) caught the business community off guard, although we did see them coming - the TJX and Heartland breaches made headlines prior to 2010. Fast-forward to 2016, data is currency –for cyber criminals, it’s seemingly good as gold. One out of four organizations were targeted by APTs and 66% of organizations believe they will be targeted by them. Clearly, APTs are here to stay.. Businesses need to accept that, and implement cyber defense strategies that address the reality that they currently are and for the foreseeable future will remain under constant attack by hostile forces.

I’m not saying this is a simple task. If you have not been trained as a soldier, then it is not intuitive to know how to handle a war-like situation, but today’s organizations ARE at war. This leaves them with two choices – adapt your cyber defense strategies to the times, or don’t, and suffer the consequences.

One huge step forward would be to start actively hunting for attackers who are already inside their networks. We have all read enough Verizon and Ponemon reports to know that attackers are not “getting in” - they already are in. So why wait until an alert reveals they finally made a mistake?

I believe that 2015 was the year the business world got the memo that when it comes to cyber security, the world has changed, and that 2016 will be the year they recalibrate their approach to cyber security accordingly.

Important Issues: 

  • Active Cyber Defense
  • Corporate Re-orgs around and within cyber security
  • APT becoming everyone's business: all industries, all company sizes

Direction for CSOs and Decision Makers:

  • Don’t fortify defenses based on what might happen, fortify them based on what is happening
  • Divorce the information security group from IT
  • Work under the assumption that your network is already compromised.  Develop a post-breach plan.
Lior Div
About the Author

Lior Div

Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.

All Posts by Lior Div