CISO Fireside Chat Recap: Insights from 4 Cybersecurity Leaders
In the neverending battle against cybercriminals, knowledge-sharing is one of our most effective defenses. The more security leaders can both educate and learn from others in the industry, the more likely we all are to stay one step ahead of threat actors.
I recently had the opportunity to be a part of a fireside chat with three other cybersecurity CISOs to discuss some of the biggest security challenges facing today’s organizations.
During the session, Ryan Kazanciyan of Wiz, Michael Mestrovich of Rubrik, Karl Mattson of Noname Security, and I explored a few of the most common threats targeting our organizations and our customers, emerging attacks to be aware of, how to make smarter tech investments, the importance of relationship-building, and more.
Here are a few key takeaways from our conversation.
Cybercriminals Are Always Adopting New Strategies, but Social Engineering Attacks Remain a Significant Threat
Cybercrime and cybersecurity are both characterized by continuous evolution. As security tools evolve to address new threats, bad actors evolve their strategies to find new modes of attack.
As Karl Mattson explained, “[There are] more sophisticated actors who are targeting things like machine identities, code secrets, and API keys—that's very much emerging.” That being said, cybercriminals aren’t constantly reinventing the wheel. “The majority of compromises still involve phishing attempts or social engineering,” he added. “Those [emerging] threats have not displaced the standard threats of ransomware and social engineering.”
In short, although attackers may always be adding new strategies to their arsenal, they aren’t abandoning tried-and-true methods. Rather, they’re identifying ways to make their existing approaches more effective.
Threat actors conduct thorough research about a target organization and its industry, utilizing all possible information sources to customize their messages. They also leverage every opportunity to capitalize on any uncertainty caused by major events—or even changes within the organization itself.
Said Mattson, “While we're defending against this sort of new territory, there's still the basic blocking and tackling. And if we take our eye off that basic blocking and tackling, even for five minutes, we're gonna shoot ourselves in the foot.”
Threat Actors Are Exploiting Additional Communication Channels, Such as Slack and Microsoft Teams, to Launch Attacks
For decades, email has been an essential communication channel for organizations of all sizes and across all industries. And while there’s no reason to think it won’t continue to be a business-critical medium for years to come, modern organizations aren’t relying exclusively on email.
As more and more companies have shifted to remote-first and hybrid work environments over the past three years, the use of collaboration tools like Slack, Microsoft Teams, and Zoom has skyrocketed. Accordingly, threat actors have started identifying ways to compromise those platforms so they have yet another avenue to gain access to an organization’s other systems and coerce employees into fulfilling malicious and fraudulent requests.
Additionally, we live in an increasingly interconnected world built on third-party integrations and API connections. And although this technology streamlines operations and simplifies data-sharing, it also creates additional entry points for attackers to exploit.
Compromising employee inboxes is certainly an effective way to steal information and access other accounts, but the impact tends to be more noticeable more quickly. However, if an attacker can compromise a third-party app that’s integrated into other parts of the system, they can siphon data in a less obvious way, which allows them to remain undetected for longer.
Ask the Right Questions to Make the Right Security Investments and Avoid “Shelfware”
As tech budgets get progressively smaller and attacks continue to increase in volume and severity, making the right security investments is more important than ever.
A common mistake Mattson sees security leaders make when assessing platforms is getting enamored with a tool prior to diagnosing the organization’s own risk surface and capabilities. He explained, “Finding the right tool always starts with, ‘Know thyself.’ I first need to understand what my capabilities are—my staff, my assets. And then my threat model in terms of, ‘What are the attacker patterns that I'm most concerned with?’”
Often security leaders will fall into the trap of searching for a problem to fit a solution instead of approaching the evaluation of available security solutions with the problem already identified. But as Mattson explains, “By knowing yourself better, you can eliminate the vast majority of possible options out there because they don't fit the profile that you have as a team.”
Along with taking a risk-driven approach, Ryan Kazanciyan emphasized the importance of ensuring any tool being considered will solve the core issue—not just treat the symptoms. And Michael Mestrovich stressed the need to invest in more comprehensive solutions as opposed to stacking multiple individual point solutions on top of one another.
Relationships Are Crucial for CISOs and Security Leaders in Managing Cybersecurity Challenges and Risks
The importance of building relationships within your company and with your technology partners can’t be overstated. "If you're a CISO or an aspiring CISO, the one thing that from my perspective you need to take away is relationships, relationships, relationships,” said Mestrovich. “You need to have relationships across all the players who are going to help contribute to cyber success within the organization.”
Fostering these connections helps in understanding and addressing the specific cyber risks and challenges your organization faces. It also enables better cross-functional collaboration and communication, resulting in more effective risk management and security practices.
Kazanciyan added, "I think something I've always tried to do and learn from my peers is to think about security as a product and services organization rather than like a gatekeeper organization in a company. And in that model, your partner teams—IT, engineering, legal—across the company are your customers.”
The benefit of this approach is that it supports streamlined decision-making and helps teams identify how to address security issues more strategically. It also makes it easier to prioritize what to invest in with respect to security tools and solutions for the organization as a whole.
For additional insights, including how to leverage automation to address the cybersecurity skills shortage, check out the on-demand recording of the webinar.