What matters most to CISOs this year? CyberProof’s 5th SOC Masterclass, which took place this past week, included a series of four sessions with CyberProof’s experts and industry leaders who focused on everything from cyber warfare and the recession to cloud transformation, threat hunting, the MITRE framework, how CISOs prioritize with a tighter-than-ever budget, and everything in between.
CyberProof’s 5th SOC Masterclass included sessions with CyberProof’s experts and industry leaders. We focused on everything from cyber warfare and the recession to cloud transformation, threat hunting, the MITRE framework, how CISOs prioritize with a tighter-than-ever budget, and everything in between.
Here are some of the highlights from the event and you can also watch all the sessions on demand here.
1. CISO spotlight: Mitigating the risk of attack in an age of increasing threat complexity & hacker capabilities
-
Tony Velleca, CyberProof CEO: Security is as much about mindset as about experience. There are significant differences across regions. For example, we’re seeing massive variations in terms of talent. Countries that didn’t have extensive experience in cybersecurity are starting to catch up – and we’re trying to find that talent. In other countries, we’ve started training new populations – for example, by providing cyber training programs for U.S. army veterans.
-
Karenann Terrell, Technology Advisor, Former Chief Digital and Technology Officer, GSK: The impact of AI will be felt on the opportunity side – how are we going to harness this for our benefit? – as well as on the risk side – what happens negatively if our data is consumed by machines that are not working on our behalf? Being at the front and learning about the technology is very important.
2. How threat hunting can transform your security operations
-
Aviel Golrochi, Incident Response & Threat Hunting Team Leader: Threat hunting assumes adversaries are already in the environment. As threat hunters, we follow human-based detection processes; we do not rely on alerts. We access the client’s raw data through SIEM and EDR – and explore, jumping from one data source to the next. We seek infection evidence, working to pinpoint malicious activity that’s hidden in the network and slips under the radar.
-
Robert Lowery, Senior Threat Hunter: Banking trojan malware allows threat actors to steal banking credentials – and mainly targets businesses and steals payment information. IceID is perhaps the most significant banking trojan malware used today and the second version of the IcedID significantly reworked the code and made it modular, so that it is harder for traditional security controls to detect.
-
Brian Janower, Incident Response & Threat Hunting: Common challenges while creating hunting queries include building efficient and relevant queries – and gathering specific technical data and intelligence. Moreover, tools like the MITRE ATT&CK framework have their own set of problems. They are generalized, and there’s little guidance so it’s hard to know where to focus. This issue leads to poor – or no – prioritization.
3. Maximizing enterprise cyber readiness during a recession
-
Heidi Arsenault, Director of Strategic Alliances, CyberProof: I’ve seen over time that use cases & playbooks allowed us to respond quickly to attacks. You can’t prevent 100% of attacks; many security breaches are initiated by internal employees, for example. And while you can’t avoid every incident, you can leverage use cases & playbooks to predict and respond. That’s one of the goals: Can you increase the mitigation factor, by leveraging use cases?
-
Roee Laufer, Head of Global SOC, CyberProof: According to the “2022 Cost of a Data Breach” report by IBM, organizations that deployed AI and automation incurred $3 million less, on average, in breach costs. So, AI was their biggest cost saver; those that deployed AI and automation detected breaches faster. That says it all.
4. Trends in the use of cyber-attacks by nation states
-
Yuval Wollman, CyberProof President and former Director of Israel’s Ministry of Intelligence: The war in Ukraine did not start on February 24. It actually started back in 2014 – with Russia’s invasion and subsequent annexation of the Crimean Peninsula. On the cyber front, we saw DDoS attacks and other attacks that the Russian proxies waged on Ukrainian assets. Since then, the Ukrainian leadership started to build out its capability – both on the military side, and in terms of cybersecurity. However, it is also about deterrence. In the current conflict, we saw some deterrence-related activities by NATO allies. In fact, White House officials made public statements to deter the Russians from attacking Western assets. And yet, the Russian targets of cyberattacks were not only contained within Ukraine but also were seen in Germany, for example, where wind-energy companies were hit.
-
Asaf Kochan, Sentra Co-Founder and President: The most dangerous area I’ve seen for the private sector, comes from nation-states that collaborate with cyber-criminals. They provide cyber-crime groups with immunity to carry out activities without being punished. In return, these groups need to serve the nation-state at some point, supporting national missions. But their daily missions are connected to cash flow and revenue through stealing and extortion. This is the most toxic combination, in terms of its impact on enterprises in the private sector.
Interesting in learning more? To watch the SOC Masterclass on demand, click here.