Weathering the Perfect Cyber Storm: Strategies for Businesses to Safeguard Against Cyber Threats

Corporate digitization has ushered in a new and distinctly dangerous era of cyber threats. As companies have increasingly migrated from physical to digital supply chains, they have created vast, interconnected networks of vendors, suppliers, customers, and partners who each pose unique vulnerability risks.

This intimately interwoven digital ecosystem has created a massive attack vector for cyber criminals, leading to an innovation explosion in the development of new software tools to combat these modern threats.

Cybercrime is estimated to cost the global economy $10.5 trillion annually by 2025 , with enterprise security spend set to exceed $200 billion by 2024. In this challenging and dynamic environment, Chief Information Security Officers (CISOs) and their partners in business and IT functions must think critically about how to protect valuable digital assets and select the right strategies to prevent catastrophic network, data, and intellectual property breaches, all without degrading business efficiency.

At this year’s Bridge Forum, Dave DeWalt, Founder and CEO of NightDragon and former CEO at McAfee and FireEye, Jennifer Bisceglie, Founder & CEO of Interos, and Sanjay Jeyakumar, Co-Founder & CTO of Abnormal Security, all indicated that the world is facing “the perfect cyber storm” and shared how organizations can protect themselves by adopting cyber best practices and embracing emerging technology like artificial intelligence (AI) and machine learning (ML).

Prevention: Digital literacy

Digital literacy is a key element in formulating proactive cyber defense plans for organizations, especially as they consume and process more data and navigate more digital touchpoints with customers, vendors, and partners, than ever before.

When one of the largest Fortune 500 institutions in the world lost more than $500M through a spear phishing exercise and hired DeWalt at a previous company to conduct a special penetration test for their top 300 executives to assess vulnerabilities, the results demonstrated that the company had a cyber literacy, not software defense problem.

“Despite the company spending hundreds of millions a year in cybersecurity defense, about two-thirds of the people in the room clicked on the phishing link. What really happened was a literacy problem: it was very difficult for them to discern what a spear phish was versus a real email.”

Employees act as a digital gateway and potential defense bypass, rendering high security spend ineffectual if it is not paired with comprehensive training and awareness programs such as incident response scenario planning, phishing tests, and even classroom-based or cloud-based training across the organization.

Execution: Tap into behavioral AI and ML

85 percent of data breaches are caused by human error. This can be true for a multitude of reasons, such as insufficient education, injudicious and unmonitored access to systems , and fast-paced working environments that give rise to a “quick-to-click” culture. This is why AI is appealing to organizations: its ability to automate repetitive tasks, mitigate fatigue, and help obviate their biggest cyber vulnerabilities — people.

The right AI tools, when implemented correctly within an organization, can identify and nullify threats in real time by addressing human oversight through behavior tracking and anomaly detection – all without interfering with business processes.

Sanjay Jeyakumar, Co-Founder & CTO of Abnormal Security, describes how AI can amplify human effectiveness by broadening the scope of protection throughout an organization’s email:

“How do you go about teaching every employee within your company to look for the small fingerprints? That’s what Abnormal Security does. At the highest level, we emulate the best security analysts within each of your ecosystems using AI. So, in the blink of the eye, for every email that is coming in, we are doing risk analysis.”

Jennifer Bisceglie, Founder & CEO of Interos, described how her fast-growing supply chain resilience company leverages AI and ML for proactive risk monitoring to accelerate growth and protect a company’s brand, reputation, and profitability:

“We use machine learning to ingest massive amounts of data and make sense of it quickly. We identify the material profitability lost by a company within two weeks – and we’re not just assessing single entities, as that’s incomplete, but every supplier in the ecosystem. That enables us to predict the knock-on effect of catastrophic events — that’s where we’re using artificial intelligence.”

Protection: Have a software bill of materials to build resilience across the digital supply chain

Having a comprehensive software bill of materials (SBOM) is another key building block in software security and supply chain risk management. Put simply, an SBOM is an inventory of all software components, whether natively developed or open source, and licenses within any given product, and is of critical importance to understanding potential vulnerabilities not only within an organization itself, but within its supply chain as well.

“An SBOM is a digital supply chain,” explained Bisceglie. “It comes very naturally to us to think about a physical bill of materials…but we don’t think the same way about protecting what goes into our software as a global economy.”

An SBOM helps developers know the origins of various codes to determine whether they are secure. It also helps them understand and mitigate known vulnerabilities in code, saving time and costs. Moreover, SBOMs improve organizations’ ability to respond and remediate by helping security and forensic teams identify the impact on software after the discovery of newly identified exposures.

This is crucial as businesses are increasingly digitally connected. The average, large enterprise has about “30,000 vendors” that it communicates with, from the most basic services to the most trusted vendors, according to Jeyakumar.

By implementing a cross-functional SBOM program, companies can better protect themselves and their customers by creating a system that vets all incoming code before it can be adopted by developers.