Blog

Recent Incidents Have CISOs — and Everyone Else — Talking

Posted: 31st July 2024
By: Levi Gundert

Recent Incidents Have CISOs — and Everyone Else — Talking

Unfortunately, we regularly see companies digitally compromised with associated massive data breaches. More recently, while not a cyber attack, the world has watched a defective software update cause widespread global system outages. And without fail, regardless of the event type, we subsequently observe threat actors immediately launch social engineering campaigns to trick people seeking technology fixes into sharing sensitive information. For example, and to ensure that threat actors aren’t able to do even more harm after calamity, Recorded Future identified approximately 25 new malicious phishing domains using the recent CrowdStrike incident as a lure which we’ve published to all of our customers as an indicator note.

Looking ahead, as the Paris Olympics began last week, Recorded Future’s Insikt Group identified three key risks: cybercriminals targeting critical sectors with ransomware, hacktivists attempting disruptions due to geopolitical conflicts, and state actors engaging in espionage and influence operations.

While these events or risks might seem unique, they have two things in common. They all have global repercussions, and we’re sure to see events on a similar scale happen again in the future. That’s why, when a cyberattack or IT incident occurs, organizations need to think beyond the immediate event and its resolution to identify the potential trickle-down effects that can occur. What are the second- and third-level ramifications of these types of global events?

What’s keeping CISOs up at night?

With every new security breach, IT incident, ransomware campaign, or social engineering attack that hits the news cycle, boards of directors and other business leaders naturally reach out to their CISOs with questions. In addition, these recent high-profile incidents have exposed a stark reality: our drive for efficiency and standardization has created a landscape riddled with potential single points of failure.

For example, as we’ve seen companies grappling with data exposures, the implications of breaches extend far beyond a company’s immediate operations. The unauthorized disclosure of customer data, internal documents, intellectual property, and strategic plans can have long-lasting effects on competitiveness and reputation. Board members want to know details about what’s happening, all the possible ways the business might be affected, and how the security team plans to beef up defenses and mitigate similar risks. They want to feel confident that they’re doing their due diligence, asking the right questions, and helping the executive team appropriately time investments.

In addition to managing the technical aspects of security, CISOs increasingly must navigate a complex patchwork of local, national, and international regulatory and compliance regimes.

This regulatory landscape is in flux, adding another layer of complexity to the CISO's role. Case in point: two weeks ago, a judge struck down much of the US Security and Exchange Commission's (SEC) fraud case against the former CISO of SolarWinds. This ruling adds to the increasing uncertainty about how cybersecurity is regulated in the US.

With all this uncertainty, there’s no shortage of potential questions keeping CISOs up at night. The answers lie not in reactionary measures, but in a fundamental shift towards resilience.

Resilience is the Word of the Year

Today's CISOs are navigating uncharted waters, facing unprecedented professional and personal risks. They need to clearly articulate the new landscape of risks to leadership, emphasizing the need for comprehensive resilience strategies. Key considerations include:

  • All-hazards planning: Assess and rank various hazards based on their likelihood and potential impact.
  • Data mapping: locate, with confidence, all protected data, both structured and unstructured, local and cloud, encrypted and not yet encrypted.
  • Comprehensive dependency mapping: Identify direct service providers and underlying infrastructure dependencies.
  • Cascading impact analysis: Model potential "splash damage" from major provider failures, including second and third-order effects.
  • Communication continuity: Establish backup channels independent of potentially compromised systems
  • Trust and reputation management: Develop strategies for rebuilding trust after breaches.

As we chart this new reality with higher technical complexity and global uncertainty, CISOs must lead the charge in reframing the conversation. It's no longer just about preventing breaches or minimizing downtime. It's about building organizations that can adapt, evolve, and thrive in the face of cyber disruptions. In a world where a single point of failure can have cascading global effects, resilience isn't just an IT issue – it's a business imperative.

For more expert insights, join us at Predict.

Related