The Evolution of Cyber Resiliency and the Role of Adaptive Exposure Management
As cyber threats continue to evolve in complexity and frequency, organizations must adopt a cybersecurity strategy as dynamic as the threats they aim to combat.
August 7, 2024
The evolving threat landscape presents ever-increasing risks and costs driven by progressive factors like financial incentives for threat actors, the availability of malware, expanding attack surfaces, and the sophisticated capabilities of generative AI.
Of the latter, enterprises adopting AI solutions are doing so rapidly and often without full awareness or consideration of the risks involved, both from a data privacy and a data protection standpoint.
The availability of generative AI systems and large language models (LLM) like ChatGPT in enterprise environments presents many risks, including indirect and direct prompt injection attacks, which can override LLM controls to generate malware and fuel sophisticated social engineering attacks.
But while many security leaders are shifting their focus to these sophisticated threats, a rudimentary technique is behind many recent attacks. The Verizon 2024 Data Breach Investigations Report (DBIR) found that vulnerability exploitation for initial breach entry tripled in 2023, increasing by 108 percent. Once initial access is obtained, attackers can initiate stealthy, undetectable attacks like ransomware and pure extortion attacks.
In 2024, the number of common IT security vulnerabilities and exposures (CVEs) worldwide is expected to rise by 25 percent, reaching 34,888 vulnerabilities, or approximately 2,900 per month — an overwhelming volume for any remediation team.
This modern-day mix of rudimentary and complex attack techniques puts organizations in a constant state of omnipresent risk, demanding a shift from a more traditional, reactionary mindset to a preventative one.
Why Continuous Threat Exposure Management Matters
Patching gaps, emergency patching and overall application usage variances across an organization all contribute to an attacker’s success rate when it comes to vulnerability exploitation.
From a defense perspective, patching efforts should be prioritized to vulnerabilities that have a high probability of exploitability, but while the standard vulnerability severity rankings like the Common Vulnerability Scoring System (CVSS) represent severity, they don’t always represent risk. In many cases, teams lack insights into the usage of applications, business context, and the exploitability of a vulnerability to determine actual risk.
Coined by Gartner, Continuous Threat Exposure Management (CTEM) is a systemic approach and program used to identify, assess, and mitigate attack vectors and security risks linked to digital assets.
In application, enterprise teams can use CTEM to enhance vulnerability management, especially when it comes to increasing the speed and quantity of patching and improving the efficiency of breach detection and response.
By definition, a full CTEM cycle defines five key stages:
Scoping — Aligning assessments to key business priorities and risk.
Discovery — Identifying various elements within and beyond the business infrastructure that could pose risks in a comprehensive way.
Prioritization — Identifying threats with the highest likelihood of exploitation and flagging which could have the most significant impact on an organization.
Validation — Validating how potential attackers could exploit identifying vulnerabilities or exposures.
Mobilization — Ensuring all stakeholders are informed and aligned toward risk remediation and measurement goals.
Yet even as more enterprises adopt a CTEM strategy, cyber risk and cyber-attack volumes continue to climb. Many of the security solutions available today technically align with the CTEM framework. However, there’s an assumption that technologies and strategies will work together seamlessly and remain constant, which just isn’t the case.
In today’s fluid cybersecurity landscape, critical use cases like the expanding attack surface, ransomware, and security control gaps make the nature of enterprise security dynamic. Rudimentary techniques like vulnerability exploitation and more future-forward AI-driven attack methods alike call for adaptive defense strategies.
Exploring Adaptive Cyber Resiliency
Current strategies, and the technology used to action them, often rely on a reactive approach that informs common defense mechanisms including signatures, heuristics, and behavior analysis, and Indicators of Attack (IOAs) and Indicators of Compromise (IOCs).
Yet, to counter evolving threats that use a combination of rudimentary and sophisticated tactics, a proactive and continuously evolving strategy is necessary to strengthen the existing security framework, make it more resilient to cyber-attacks, and provide more robust defense.
Five key aspects form an adaptive cyber resilient strategy include:
1) Continuous Monitoring — Ensuring ongoing surveillance of both internal and external attack surfaces, which is critical for quickly identifying and mitigating threats.
2) Agility — Having flexibility baked into the strategy allows for rapid adaptation to changing threat landscapes using agile processes and tools.
3) Adaptive Security Controls —Incorporating emerging technologies to ensure current security measures are enhanced and support a comprehensive defense-in-depth framework.
4) Risk Assessments — Replacing static measures with dynamic risk assessments to reflect the real-time risk landscape and support timeline decision-making.
5) Continuous Validation — Ensuring regular validation of security controls and processes to maintain and improve cyber resilience.
An adaptive cyber resilient architecture is designed to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources. By optimizing CTEM with an adaptive approach, teams can effectively respond to evolving threats in real time, allowing teams to assume a proactive position rather than reactively fielding damage control.
Compensatory controls like virtual patching additionally provide a critical stopgap to mitigate vulnerability exploitation by preventing attacks on unpatched operating systems and application vulnerabilities. Mitigating controls like virtual patching can help teams implement patching schedules with fewer business disruptions and fewer resources, creating a bridge to cyber resiliency.
As cyber threats continue to evolve in complexity and frequency, organizations must adopt a cybersecurity strategy as dynamic as the threats it aims to combat. Strategically mapping an adaptive cyber resiliency strategy can banish the cybersecurity complacency that comes with traditional vulnerability management.
It’s an approach that can help leaders and their teams speed breach event response, minimize breach damages, and most importantly —get back to business as usual.
Related articles:
About the Author
You May Also Like
Maximizing cloud potential: Building and operating an effective Cloud Center of Excellence (CCoE)
September 10, 2024Radical Automation of ITSM
September 19, 2024Unleash the power of the browser to secure any device in minutes
September 24, 2024