As a CISO, expanding and evolving your thinking around what – and who – constitutes an adversary is essential for effective cybersecurity management. In this second part of our series on adversary alignment, we will take a closer onion at the different types of adversaries that CISO's should consider when building their organization’s cybersecurity strategies.
External adversaries are the conventional types of attackers, such as criminals, nation-states, and other threat actors, that exist outside of an organization. These adversaries employ various techniques from the MITRE ATT&CK® matrix to execute their tactics, which include compromising credentials, hijacking browser sessions, or extracting data from local systems or shared drives.
The term “internal adversaries” covers more than just malicious insiders. It also includes any user within an organization whose actions knowingly or unknowingly compromise security, or who has been compromised without their knowledge. This category of adversaries can involve employees who are unaware of or indifferent to the security operation team’s security protocols and create vulnerabilities that external adversaries can exploit.
Endemic adversaries are decision-makers within an organization who have embedded processes, policies, and priorities that do not support the detection and response to threats. Examples of endemic issues include:
- Reluctance to invest in cybersecurity infrastructure
- Accumulation of tech debt and legacy systems
- Poor management of third-party partners, contractors, or vendors
- Ineffective consolidation after mergers and acquisitions
- A pervasive culture of conflict and politics
Five steps for addressing endemic adversaries
To tackle endemic adversaries, organizations must implement strategies and processes that proactively mitigate their negative impact. Here are five steps to consider:
Assess your organization’s culture – Evaluate the existing culture within your organization and identify any potential sources of friction or conflict that may be affecting cybersecurity decision-making.
Invest in cybersecurity – Allocate sufficient resources to support robust cybersecurity, including investing in tools, technologies, and infrastructure.
Address tech debt and legacy systems – Prioritize updating and replacing outdated systems that are difficult or impossible to protect.
Improve third-party management – Enhance coordination and integration in the management of third-party partners, contractors, or vendors to reduce potential security risks.
Foster a culture of collaboration: Encourage open communication and collaboration among senior leadership and across teams, to create an environment where cybersecurity is a shared responsibility.
Understanding the different types of adversaries is essential for building a comprehensive cybersecurity strategy. By considering external, internal, and endemic adversaries, CISO's can better align their organizations with the evolving threat landscape and effectively mitigate potential risks.
In the next blog post, we will explore three lenses through which a CISO can evaluate the success of an adversary-aligned security operations team and the value it delivers to the organization.
Exabeam is a global cybersecurity leader that created the New-Scale SIEM™ for advancing security operations. Built for security people by security people, we reduce business risk and elevate human performance. The powerful combination of our cloud-scale security log management, behavioral analytics, and automated investigation experience gives security operations an unprecedented advantage over adversaries including insider threats, nation states, and other cyber criminals. We Detect the Undetectable™ by understanding normal behavior, even as normal keeps changing – giving security operations teams a holistic view of incidents for faster, more complete response.
For more information or to order test solutions