[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]The retail industry ranks in the Top 10 of verticals for breaches, and 85% of insurance companies have experienced a cyberattack within the past year. Adversaries find these and the other targeted sectors appealing because of their reliance on customer data, interconnected systems, and third-party partners-suppliers. Regardless of their respective industries, the corporate victims have faced potential fallout in the form of business/technology disruptions, sales losses, reputational damage and data compromises.So what can companies do to protect themselves and their customers? We recommend the following multi-layered plan for chief information security officers (CISOs) and their cyber threat intelligence (CTI) teams:
— Asset management: tags, classifies and prioritizes the assets within the organization that bring the most risks, while identifying who owns – and is accountable – for what.– Exposure management: teams develop profiles of the estate/assets to distinguish the ones that are the most threat-relevant and exploitable.– Defense management: aligns security controls and tools with the exposure profile to achieve ideal managed detection and response (MDR) and endpoint detection and response (EDR). As with the other two components, teams should ensure that continuous, automated processes support all required steps.
It’s unclear where Scattered Spider will go next. And no sector should fool itself into thinking it’s immune. That’s why it’s essential to start with a comprehensive, threat-led strategy while staying on top of the most recent activity/patterns and practicing strong cyber hygiene. In doing so, Scattered Spider will find no opportunities to spin its web, and look elsewhere for new victims.Yuval Wollman, president, CyberProofSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.