The worst thing that organizations can do is take a hard stance with their cybersecurity efforts. The digital threat landscape is constantly evolving. If organizations settle into a viewpoint, they could elevate one source of risk into something unrealistic—all while missing other digital threats.
This reflects just how much assumptions drive cybersecurity-related decisions. put it this way: “Risk assessment, budgetary needs and priorities are the outcome of hypothetical debates and are subject to internal pressures and politics. Both security professionals and business executives continuously seek solutions or methodologies that will put a $ sign next to their investment, as well as risk.”
Subsequently, it’s not a surprise that there are some open questions in cybersecurity around where organizations can take their strategies in the next few years. Here’s a recap of five open questions that are currently shaping the cybersecurity space and how we are seeing these addressed in the industry.
1. Do Passwords Do More Harm than Good?
Technology firms like Microsoft are abandoning the password for three reasons. First, they’re looking to (SSO) and other technologies that don’t hamper their workers’ experience and productivity as much as traditional password-based identity protection. Second, passwordless authentication makes it easier for organizations to defend their authorized accounts against brute-forcing, and other attack attempts that rely on guessing weak passwords. Third, organizations are choosing to embrace (MFA) and other controls as a way of limiting what a malicious actor could do with a compromised password.
Technology firms like Microsoft are abandoning the password for three reasons. First, they’re looking to (SSO) and other technologies that don’t hamper their workers’ experience and productivity as much as traditional password-based identity protection. Second, passwordless authentication makes it easier for organizations to defend their authorized accounts against brute-forcing, and other attack attempts that rely on guessing weak passwords. Third, organizations are choosing to embrace (MFA) and other controls as a way of limiting what a malicious actor could do with a compromised password.
But there are risks involved with implementing . For instance, fingerprint readers, biometric scanners and other security measures provide new targets that attackers can potentially misuse to access user data. Passwordless authentication also does not exempt organizations and users from , and .
Notwithstanding those risks, passwordless authentication is here to stay. Organizations, therefore, need to understand its associated benefits and risks so that they can best protect their users going forward.
2. Do Firewalls Serve Any Purpose for Zero Trust?
The answer is nuanced. Traditional firewalls can’t protect organizations against threats that infiltrate the network. As such, they can’t help organizations uphold zero trust.
But the same doesn’t apply to next-generation firewalls (NGFWs). These types of firewalls can by functioning as segmentation gateways, multifaceted tools which leverage network access tools, , web application firewalls and other functionalities to enforce zero trust. Segmentation gateways operate at the center of the network, not at the perimeter. In doing so, they provide insight into data access that infosec teams can use to spot a potential attack before it evolves into a security incident.
3. Can Cyber Ranges Help Organizations?
Demand for increased after organizations shifted to in 2020 and following high-profile attacks like the . It’s important to keep in mind that not every organization needs a cyber range on a long-term basis. Some just can’t justify the cost of building and maintaining one.
That said, cyber ranges do carry benefits. They provide a means through which organizations can improve the level of coordination and experience of their security teams, for instance. Through cyber ranges, infosec personnel can immerse themselves in real attack scenarios and explore what a live response would entail. Cyber ranges also help organizations to satisfy the compliance standards and mandates established by the National Institute of Standards and Technology (NIST) and other bodies.
Organizations just need to remember that not every cyber range is created equally. With that in mind, they need to figure out . From there, they can build and maintain a solution that works for them.
4. Is a Traditional Career Path Required for Security Pros?
Not even a little bit. Infosec personnel come from such as playing poker online, serving in the military and obtaining music degrees. These experiences have helped to , giving the community fresh perspectives with which they can protect organizations’ systems and data. This is to say that .
5. What Can Developers Do to Ensure Their Organization’s Security?
There’s a lack of cohesion around who’s responsible for security. Many security professionals don’t trust the ability of developers to write secure code, for instance. Meanwhile, developers don’t feel they have the proper guidance to uphold security for their employers.
The key is for security experts and developers to work together as partners for the purpose of achieving secure code. One of the ways they can do that is to expose the services they provide through a seamless API consumption-based model. Doing so will make it easier for developers to blend security naturally into the software development life cycle.
Click here to view original web page at securityintelligence.com
