In the last of our conversations from CISO London, L&Q Group CISO Goher Mohammad explains how best to prepare your organization in a rapidly changing threat landscape and what he expects from attackers in the coming year
Cybercrimes have become so common that many CISOs have adopted a ‘not if but when’ attitude to the possibility of an attack.
But is it only a matter of time before your organization suffers a data breach, or falls victim to a ransomware attack?
In this week’s episode of the Business of InfoSec podcast, L&Q Group CISO Goher Mohammad argues that while you cannot control whether you are targeted, you can make sure you are prepared.
“I think that as professionals in the industry we need to think about [we can create] layers of defense to prevent bad things from happening,” Mohammad says.
He continues: “It’s almost like an onion. To get to the center of it you need to peel back the layers. If you can stop [an attack] at each layer or earlier in that chain, then you’re going to be in a better place.”
Are Ransomware Attackers Shifting their Strategy?
In the world of DevSecOps terminology, ‘shifting left’ means to incorporate cybersecurity at an early stage of the development process.
But are attackers themselves starting to ‘shift left’, by targeting underlying systems and backups?
As Mohammad points out, while it’s impossible to know what strategies cyber-attackers will adopt next, organizations can be proactive in their defenses and promote organizational readiness for an attack.
“I think it’s going to continue to evolve and adapt,” Mohammad says. “At the moment, if you think about it, [criminals] are targeting environments, and companies are getting better [at protecting them]. [Companies are] trying to make sure they have backups which they can failover to.”
He continues: “What may evolve is that [the attackers] might go for the backup sites and the DR sites and start attacking those.”
Understanding Your State of Readiness
For Mohammad, understanding your cyber readiness is crucial. After all, you can’t know how to reach your destination if you don’t know where you are.
“Visibility can come through tooling, and it can come through people,” he says. “It gives you the contextual understanding of what your environment looks like.”
For Mohammad, it’s important to operate the cybersecurity function as a blend of first- and second-line defenses.
“It becomes very hard to prescribe what needs to be done when you don’t know what it looks like on the ground for the people who are doing it and how the challenges they’re coming across,” he concludes. “So, it’s important to work in that blend.”