Uncovering the hidden challenges in cybersecurity operations

In the ever-evolving cybersecurity environment, if enterprise security operations teams want to stay ahead of threats, they must not only keep up with the latest technology trends, but also pay attention to some key challenges that already exist but are easily overlooked. These challenges are often hidden in some obvious real threats.

1. Hardware security risks: long-term and complex

Although vulnerabilities in software systems are often the main risks often faced in security operations, threats in hardware and firmware can also pose serious risks to enterprises. Not long ago, researchers from the security company IOActive disclosed a serious vulnerability in AMD processors called "Sinkclose", which affects almost all AMD processors released since 2006. The severity of this vulnerability lies in that it allows attackers to bypass the protection mechanism of the system management mode, thereby implanting malware that is difficult to detect and remove at the firmware level.

The "Sinkclose" vulnerability reveals the complexity and long-term potential risks of hardware-level security issues. Although such vulnerabilities require a high technical threshold to exploit, their impact can be catastrophic. For the security operations team of an enterprise, hardware security is a long-term area that requires high attention, and any negligence may lead to catastrophic consequences.

2. AI technology: a double-edged sword for cybersecurity

The advancement and application of AI technology is having a profound impact on the science and technology field, heralding the arrival of a new productivity revolution. This trend is even more significant for chief information security officers (CISOs) who want to use AI technology. Many innovative security products have begun to use generative AI to improve their ability to deal with risks. But at the same time, the evolution of attack strategies, the weaponization of AI, and the application of social engineering methods have caused enterprises to face more dangerous attacks.

 Jim Hyman, CEO of Ordr, said: "We advocate AI-driven threat analysis, but these tools should be managed effectively. There is an important issue that needs to be emphasized, that is, AI technology may make the security operations team of an enterprise too complacent. If an enterprise organization relies too much on AI technology, it may lead to a lack of supervision of the organization's daily security operations, which can easily lead to gaps in attack surface management."

3. Data resources: new “oil” or new risks

In the information age where data is paramount, ensuring the security and visibility of data has become crucial. Jackie McGuire, senior security strategist at Cribl, recently put forward a thought-provoking point of view: "Future network security is fundamentally a data security issue, but the security operations team of the enterprise is still accustomed to choosing to purchase a single security tool to solve some specific network problems, while ignoring whether the organization's entire data infrastructure is complete." This operational thinking error may lead to decentralized and isolated security measures and cause a large number of potential vulnerabilities.

4. Software supply chain risk: not equal to application security

The interconnectedness of the modern software ecosystem brings an often misunderstood security risk - software supply chain risk. Idan Plotnik, co-founder and CEO of Apiiro, said: Many companies tend to confuse application system security and software supply chain risks, which are two different attack vectors that pose different threats to organizations. If they are misunderstood as a single problem, it will create blind spots in security operations strategies.

5. Identity security: a new risk protection boundary

As traditional network boundaries blur, identity-based security management and access control should occupy the center of modern enterprise security operations. The latest research data shows that in 2023, 80% of cyberattacks used leaked identities. The abuse of identities, especially when combined with a new generation of detection evasion methods, will provide greater convenience for attackers' illegal activities. But in reality, although identity security has been widely recognized as a growing security threat, many corporate organizations do not fully understand the important value of identity security protection.

Phil Calvin, Chief Product Officer at Delinea, believes that the security of data and applications will depend on who has access to it and who has access to it. Enterprises should promote intelligent authorization and management as a strategic cybersecurity operational requirement to ensure the secure interaction between data and legitimate identities.

6. The human factor: the most critical security challenge

Although there are many technical security risks and vulnerabilities, the human factor is always the most critical security challenge in cybersecurity operations. Enterprises can restrict user access to certain systems and data, but it is difficult to prevent human errors that employees may make. Therefore, continuous employee cybersecurity awareness training is one of the most important security controls to reduce the digital attack surface. Every employee in a modern enterprise should receive regular cybersecurity awareness training to identify attack attempts such as phishing. Although human errors are difficult to avoid, the possibility of causing data breaches can be greatly reduced through proper education and training.

Reference link: https://dzone.com/articles/beyond-the-obvious-uncovering-the-hidden-challenge