PORTLAND, Ore. — The landscape of cybersecurity is undergoing a seismic shift—one so profound that the traditional security framework may no longer suffice, according to Dale “Dr. Z” Zabriskie, Field Chief Information Security Officer at Cohesity.
With an extensive background as a security consultant and technology advocate, Zabriskie contends that contemporary cybersecurity strategies must transition from mere post-breach recovery to proactive, real-time damage limitation.
In a recent dialogue, he delineated the evolving threats and explained why entrenched cybersecurity methodologies must adapt.
SSN: You’ve maintained that conventional metrics like Recovery Time Objectives (RTOs) are increasingly irrelevant during active breaches. What should security teams prioritize when every instant matters?
Zabriskie: Both RTOs and Recovery Point Objectives (RPOs) center around “technical recovery,” yet cyberattacks permeate beyond mere technical confines of an organization. These attacks impact the entire enterprise, jeopardizing its reputation and eroding customer trust. Moreover, during such incidents, data integrity is frequently compromised, rendering backups ineffective and prolonging recovery efforts.
Collaboration between security and infrastructure teams is imperative for preparedness during actual cyber onslaughts. Formulating response and recovery strategies should encompass not only IT and security personnel but also legal, public relations, compliance, and forensic response teams. Cohesion is vital: what defines their “minimum viable company” in the event of a catastrophic disruption?
Identifying which systems to prioritize, what data and personnel need immediate access, and so forth, is crucial. Historically, budget allocations have favored economic efficiency in stable conditions rather than anticipating the necessary expenditures to reestablish operations post-attack.
It’s essential for security teams to unify the organization, ensuring that when an attack materializes, the response is coordinated rather than reactionary.
SSN: You’ve suggested that the term “ransomware” is outdated. How should security leaders update their threat models to accommodate attacks that circumvent malware, such as pure extortion or data exfiltration?
Zabriskie: In today’s intricate threat environment, the label “ransomware” has become misleading and antiquated. Modern cyberattacks, regardless of the presence of a ransom demand, necessitate a dynamic defensive posture.
Security teams should pivot towards data-centric threat modeling, emphasizing data lifecycle management and treating data as a form of currency, ensuring appropriate safeguards are implemented. This includes avoiding both over- and under-protection.
By focusing on threats that specifically target an organization’s “crown jewels” (its data), teams can leverage strategies such as Zero Trust, immutability, and air-gapped protection to maintain an offensive posture against adversaries.
Additionally, employing behavioral analytics can help detect various “living off the land” tactics, where cybercriminals exploit legitimate tools within an organization’s infrastructure to perpetuate and escalate an attack.
SSN: Considering that social engineering now surpasses malware as the primary attack vector, what immediate enhancements should organizations implement to fortify identities and mitigate behavioral vulnerabilities?
Zabriskie: Primarily, transforming personnel from a liability into a strategic asset remains a perennial challenge for organizations. Cultivating a security-first culture mandates that employees are both educated and actively engaged in the defense against cyber threats.
Workforce members must feel empowered to report incidents without trepidation and receive accolades and incentives for proactive security conduct.
Secondly, identity access management must incorporate phishing-resistant multi-factor authentication (MFA), moving away from less secure methods such as SMS and One-Time Passwords (OTPs). I frequently inquire,
“How many individuals possess super administrative privileges to systems?” The prevailing response is often, “Two too many.” Organizations should routinely reassess access permissions, enforcing continuous justification for each access request while adhering to Least Privilege and Just-In-Time access principles.
Here again, Zero Trust mandates that security leaders rigorously verify every access attempt and remain vigilant against lateral movements and session hijacking.
Source link: Securitysystemsnews.com.