The “New Year’s blog” is an established — if not exactly cherished — tradition in business communication. It’s an opportunity to reflect on the past year and prepare for what lies ahead.
This year, however, we at XM Cyber want to get an early jump on our thoughts on cybersecurity for 2021. The latest research shows the cybersecurity threat landscape continues to pose difficult challenges. According to the 2020 Data Breach Investigations Report, credential theft, phishing, and human errors are now responsible for more than two-thirds of all successful attacks. Meanwhile, the number of attacks on web applications surged to 43 percent in 2020, more than doubling from the year before.
The COVID-19 pandemic has also dramatically raised the stakes for enterprises and their defenders, who must deal with new threats, shadow IT concerns, and a greatly expanded attack surface.
Given this, we want to skip the tired “five trends to watch for this year” approach to blog writing and instead deliver an urgent message: It’s time to return to cyber hygiene basics, recalibrate your approach to reducing human error, beef up cloud security and support these efforts with the most powerful security tools on the market.
With that in mind, let’s dive right into XM Cyber’s look ahead to 2021.
First, an Introduction
If you’re a newcomer to our website, allow us to make a quick introduction. XM Cyber is the global leader in Attack-Centric Exposure Prioritization. The XM Cyber platform enables companies to rapidly respond to cyber risks affecting their business-sensitive systems by continuously finding new exposures, including exploitable vulnerabilities and credentials, misconfigurations, and user activities.
How? XM Cyber constantly simulates and prioritizes the attack paths putting mission-critical systems at risk, providing context-sensitive remediation options. XM Cyber eventually helps to eliminate 99% of the risk by allowing IT and security operations to focus on the 1% of the exposures before they get exploited to breach the organization’s “crown jewels” – its critical assets.
In other words, we provide you with the most powerful tools you can possibly wield against attackers who want to steal your crown jewel assets. Our advanced breach and attack simulation (BAS) technology allows you to, in essence, hack yourself before someone else does.
If you think that sounds like having an unintrusive and safe expert-level purple team or pen-testing team at your disposal on a 24/7 basis, you’re exactly right. XM Cyber goes way beyond manual penetration testing. Playing chess with another human being is one thing, playing chess with a computer is a whole new ball game. In short, we prevent cybercrime by enabling continuous security posture improvement — the gold standard at a time when cloud migration and complexity make the likelihood of misconfigurations and other errors much greater.
Yet it’s also important to remember something else: tools are only part of the answer.
XM Cyber battleground dashboard
Your Top Priority for 2021: Resolve to Get Your Cybersecurity Basics Right
A new year is always a good time to take stock and re-evaluate. This year, we want to get off on the right foot by re-emphasizing something that’s critically important: You have to commit to mastering the basics. One simple slip up due to poor cyber hygiene can create an existential threat to an organization. Without good cyber hygiene and a strong security posture, even the most powerful set of tools won’t keep you safe. It’s the equivalent of buying a sophisticated alarm system for your home and leaving the doors and windows wide open every evening.
So what does this mean from a practical standpoint? You’re probably aware of the usual list of best practices: regular patching, authentication, firewalls, virus scanning, strong passwords and encryption, careful oversight over permissions, pruning data and servers that are no longer needed, etc. The truth is that most organizations do not need to have the cornerstones of good cyber hygiene reinforced on an annual basis. They already know what needs to be done.
Yet this raises an interesting question: If we have the rules of good cyber hygiene down pat, why do simple human security errors keep leading to catastrophic data breaches? The truth is that human fallibility is the overarching and eternal challenge of cybersecurity. Here is where automation plays a pivotal role. Manual work is doomed to a failure with the size and complexity of networks.
However, to truly promote good hygiene and a strong security posture, the focus should be less on what to do, and more on how we can nudge ourselves into compliance with those best practices.
Part of this comes down to training and education. In 2021, organizations should endeavor to avoid a paint-by-numbers, box-ticking approach to security training. Instead, shake things up and train and educate in a manner that engages workers, helps them think situationally, and makes them feel invested in the security of the enterprise. Training is more likely to stick if it’s delivered in a way that forges some new neural pathways.
It’s also important to reflect on the human tendency to avoid labor — even something as small as updating a password — if the penalty for doing so remains abstract. This time-saving calculation may pay off in our favor 999 times out of 1,000, but when the odds finally turn against us the consequences are often enormous. Human beings struggle to perceive risk properly and suffer from optimism bias (“it won’t happen to me”).
While these things may not harm us (or may even confer some advantage) in our daily lives, when translated into an organizational context, significant problems can occur. Because organizations are composed of people, they share these same limitations and vulnerabilities. Acknowledging and addressing them up front is key for getting the well-understood rules of cyber hygiene practically applied.
The Takeaway for 2021
Here’s the bottom line: We can’t eliminate human error. Cyber hygiene will never be perfect. Yet we can quickly eliminate gaps in cybersecurity. XM Cyber is the best tool for accomplishing this because our technology has completely changed the way cybersecurity postures are measured, prioritized, and continually improved.
By layering Attack-Centric Exposure Prioritization into an already strong foundation, organizations can seize the initiative from attackers, give their security team a much-needed edge — and set the stage for a more secure 2021.
Uri Levy is SVP Worldwide Sales & Field Operation, XM Cyber