Companies will soon need chief defense officers

Microsoft's cyber security expert: companies will soon need chief defense officers

With the growth of hacker activity, companies will inevitably have to pay more attention to cyber security, and we will start seeing Chief Defense Officers (CDO) in their management teams. Last year alone, hackers in Europe attacked 30 percent more often and the total number of targeted-sophisticated-large scale attacks in the region had surpassed to 80 million.

“Such an uneasy environment leads to a new trend. In management teams of progressive companies, we will start seeing a new position - chief defense officer (CDO). The latter will naturally manage the current Chief Information Security Officers (CISO) that have so far been responsible for cyber security. The chief Defense Officer will have much broader responsibilities and powers, and will not only have to protect the existing infrastructure of the company, but also analyze the behavior of hackers, identify strong and weak links in the organization, and develop and implement comprehensive security strategies together with law enforcement authorities and regulators. If we were to take an example from other sectors, CISO's role was closer to the police, and the CDO would be in the position of Army’s Chief General, in the sense that the police now holds only one core out of those reporting into the Army’s general” says Yoad Dvir, Microsoft's cyber security expert, who visited the Baltic Cyber Security Forum in Lithuania.

According to the latest data from the European Commission, nine out of ten households in the European Union are connected to the Internet: "It creates unique opportunities for citizens and companies to innovate. At the same time, however, it also opens threats. Hacker attacks are intensifying, becoming more complex and cost companies on average 10.3 million EUR. After all, they go beyond the boundaries of companies and target cities, their infrastructure or critical services like healthcare or transport.”

Latest Microsoft Security Intelligence Report notes that the types of attacks themselves are changing. Previously, the number of ransomware attacks, which were particularly popular in the past, declined significantly in 2018, but was replaced by a crypto mining attacks and more advanced supply chain related attacks. As an example, Crypto Miners install a special software (a malicous payload) on infected computers that exploits much of the device's resources in the background for the benefit of mines virtual currencies for the attacker’s gain Although this may not sound like a severe issue on its own, Crypto Miners open the potential back door of the device to be more susceptible of other malwares, which in turn cause real damage, e.g. exploiting sensitive data and documents.

"Security solutions are becoming more and more effective and hackers have to improve, in order to keep the Time To Breach (TTB) as low as possible - they are resorting to ever increasingly sophisticated attack mechanisms. At the same time, this means that they also choose their targets more closely. Most of the attacks could be avoided if company executives would master four essential security principles,” notes Y. Dvir.

First, it is necessary to cover the basic security rules of the company - 75% attacks occur due to their absence. “In essence, get your basics right”; forget about fancy security tools that promise you the heavens and beyond and go back to basic security fundamentals. Directory Protection, proper Group Policy orchestration, devices hardening and removal of us necessary services, patching on time and user guidance for proper data handling processes together with up-to-date cyber training and threat simulation. From there, you can proceed to Modern Identity management and identity risk assessment in real time. Secondly, the critical parts of the company's infrastructure and highly restricted data should be the focus and priority – ”know your crown jewels and protect them with a holistic security management approach” not every piece of data is subject to the same level of threat. Thirdly, it is necessary to do the homework and analyze who could attack the organization, why and in what ways such an attack is likely to happen - this will make it easier to plan the security strategy. Know your enemy (cyber crime related criminals, cyber terrorists, nation state actors etc.). Finally, all this analysis should be seen as an opportunity to analyze the processes of the organization closer, improving security on the one hand, and creating more efficient and secure operational processes on the other.

“All these trends are very well reflected among Lithuanian security specialists. In the six years since the first cyber security forum was organized, this issue became ever relevant and important. At the same time, I am pleased that the expertise of local professionals has improved significantly over this period. However, cybersecurity is not only the work of the responsible officers, but also the responsibility of the entire organization's staff, because the weakest link in any system will always be the end user. Therefore, we all need to pay more attention to the education and training of all employees,” says Andrius Šaveiko, cyber security expert and one of the organizers of Baltic Cyber Security Forum 2019.

Baltic Cyber Security Forum 2019, an independent cyber security forum organized by Lithuanian IT specialists attracted over 500 security experts from the Baltic States last week. This conference has been organized in Vilnius for 6 consecutive years.

‍