Challenges of Achieving Cybersecurity Maturity

 Evolving Threat Landscapes: Navigating the Challenges of Achieving Cybersecurity Maturity.

Cybersecurity maturity is critical for businesses today. With constantly evolving threat landscapes, companies must regularly assess and improve their cybersecurity posture.

Key challenges companies face in achieving cybersecurity maturity include:

Increasingly sophisticated cyber threats that exploit new vulnerabilities. 

Integration of new technologies like cloud computing that introduce new risks.

resource constraints like limited budgets and lack of skilled cybersecurity personnel. 

Complex legacy IT systems that are difficult to secure, Lack of security awareness among employees.

To determine their level of cybersecurity maturity, companies should:

*Understand how the business generates revenue and what assets are critical.

*Conduct business impact analyses to identify key risks.

*Use frameworks to benchmark current maturity levels.

*Complete risk assessments quantifying tolerance thresholds.

*Maturity planning should match the company's risk appetite and operating landscape.

On-prem vs cloud resources carry different types and levels of risk.

Effective cybersecurity governance enhances existing controls by ensuring alignment between security programs and business objectives.

               The importance of Governance:

For example:

Let's take a look at this analogy: You drive your car, and there's a yellow thick line which guide my path, that line becomes your control. Should you drive through the wrong lane and there's an officer, you probably get flagged, penalized (ticketed). What happens is that there's control but lacks governance. In this case, we enforce controls, ensuring you stay in line to get to your destination. The officer is there, to ensure governance and the control in place is effective and its operating as intended.

Security controls without governance often fail at delivering appropriate maturity.

Achieving advanced cybersecurity maturity levels requires factoring in constraints like tight budgets and skills gaps.

Leaders must strategically prioritize security controls based on targeted maturity levels and frameworks like ISO 27001. A one-size-fits-all notion of maturity should be avoided in favor of adaptive models tailored to individual companies.

Referencing: https://www.linkedin.com/in/ocynthia/#/

From Hacking to Logging In: The Rise of Legitimate Account Use in Cyberattacks.

From Hacking to Logging In: The Rise of Legitimate Account Use in Cyberattacks.

It's likely that you've heard the saying, "These days, hackers don't hack anyone." They sign in. 

An attacker can establish access to a system, stay hidden, and then escalate their privileges to "log in" to to more areas of the network by gaining (or stealing) genuine user account details. 

Regrettably, using legitimate accounts is commonplace in the threat landscape. Talos saw it as the second-most prevalent MITRE ATTACK method in 2023, is an example. Using legitimate accounts was a factor in 26% of all Cisco Talos Incident Response engagements from the previous year. 

Most businesses believe that "the outside in" will be the source of cyberattacks. 

Attacks that log on with legitimate accounts adopt a more "inside-out" approach. After gaining initial access, the attacker is inside the network covertly and has a greater chance of avoiding discovery while attempting to advance laterally. particularly in the case of an unsegmented network. In summary, while taking advantage of a vulnerability can lead to early access, authorized credentials enable the adversary to move laterally while remaining undetected.

REMEDIATION:

As an IT administrator, make sure you are configured to perform network-wide lateral inspection. Instead of just examining bound traffic. This will lessen the likelihood of attackers attempting to move laterally. 

Adopt a defense-in-depth strategy so that other defenses can identify anomalies and intrusions even if one part of your security is compromised. 

Make sure dormant accounts are removed from the network by conducting regular audits. 

By doing this, attackers will be less likely to attempt gaining access covertly through dormant accounts.

As the second line of defence: In order to particularly address the risk of unlawful use of valid accounts, review and update security policies and procedures. Set-up a guidelines that covers for creating and deleting accounts, managing passwords, and setting access restrictions.

Conduct regular audits of user accounts to identify and disable dormant, unused, or unauthorized accounts. You develop security awareness program that educates employee about dangers of phishing attacks and safeguarding credentials.

We deploy a Zero Trust security Model. 

Furthermore, make sure you deactivate the accounts of those who have departed your company and take away their remote access (i.e., via the VPN).