Cybereason Blog | Cybersecurity News and Analysis

APTs Will Force CISOs to "Grow-or-Go"

Written by Lior Div | Feb 5, 2016 2:03:51 PM

It seems to be generally accepted that advanced persistent threats (APTs) caught the business community off guard, although we did see them coming - the TJX and Heartland breaches made headlines prior to 2010. Fast-forward to 2016, data is currency –for cyber criminals, it’s seemingly good as gold. One out of four organizations were targeted by APTs and 66% of organizations believe they will be targeted by them. Clearly, APTs are here to stay.. Businesses need to accept that, and implement cyber defense strategies that address the reality that they currently are and for the foreseeable future will remain under constant attack by hostile forces.

I’m not saying this is a simple task. If you have not been trained as a soldier, then it is not intuitive to know how to handle a war-like situation, but today’s organizations ARE at war. This leaves them with two choices – adapt your cyber defense strategies to the times, or don’t, and suffer the consequences.

One huge step forward would be to start actively hunting for attackers who are already inside their networks. We have all read enough Verizon and Ponemon reports to know that attackers are not “getting in” - they already are in. So why wait until an alert reveals they finally made a mistake?

I believe that 2015 was the year the business world got the memo that when it comes to cyber security, the world has changed, and that 2016 will be the year they recalibrate their approach to cyber security accordingly.

Important Issues: 

  • Active Cyber Defense
  • Corporate Re-orgs around and within cyber security
  • APT becoming everyone's business: all industries, all company sizes

Direction for CSOs and Decision Makers:

  • Don’t fortify defenses based on what might happen, fortify them based on what is happening
  • Divorce the information security group from IT
  • Work under the assumption that your network is already compromised.  Develop a post-breach plan.