Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Gartner. Show all posts

Continuous Threat Exposure Management: A Proactive Cybersecurity Approach

 

Continuous Threat Exposure Management (CTEM) represents a significant shift in cybersecurity strategy, moving beyond the limitations of traditional vulnerability management. In an era where data breaches and ransomware attacks remain prevalent despite substantial cybersecurity investments, CTEM offers a comprehensive approach to proactively identify, prioritize, and mitigate risks while ensuring alignment with business goals and compliance requirements. 

Introduced by Gartner in July 2022, CTEM is a continuous program that evaluates the accessibility, exposure, and exploitability of an organization’s digital and physical assets. Unlike reactive vulnerability management, which focuses on patching known vulnerabilities, CTEM addresses potential threats before they escalate into major security incidents. It employs various tools, such as Penetration Testing as a Service (PTaaS), attack surface management (ASM), automated pen-testing, and red-teaming, to maintain a proactive defense posture. 

At the core of CTEM is its iterative approach, emphasizing integration, continuous improvement, and communication between security personnel and executives. This alignment ensures that threat mitigation strategies support organizational goals, thereby enhancing the effectiveness of security programs and fostering a culture of cybersecurity awareness across the organization. The CTEM process, as defined by Gartner, involves several stages: scoping, discovery, prioritization, validation, and mobilization. Scoping identifies the organization’s total attack surface, including internal and external vulnerabilities. 

Discovery uses ASM tools to detect potential threats and vulnerabilities, while prioritization focuses on assessing risks based on their likelihood of exploitation and potential impact. Validation confirms the existence and severity of identified threats through techniques like red-teaming and automated breach-and-attack simulations. Mobilization then implements remediation measures for validated high-priority threats, ensuring that they are aligned with business objectives and effectively communicated across departments. 

Exposure management, a critical aspect of CTEM, involves determining the attack surface, assessing exploitability, and validating threats in a continuous cycle, thereby minimizing vulnerabilities and enhancing security resilience. CTEM and exposure management are crucial for fostering a proactive security culture and addressing cybersecurity challenges before they escalate. By leveraging existing security tools and processes, organizations can integrate CTEM into their operations more efficiently, optimizing resource usage and complying with regulatory requirements. CTEM focuses on outcome-driven, business-aligned metrics that facilitate informed decision-making at the executive level. 

It recognizes that while complete risk elimination is impossible, strategic risk reduction aligned with organizational objectives is essential. By prioritizing vulnerabilities based on their impact and feasibility, CTEM enables organizations to navigate the complex cybersecurity landscape effectively. CTEM offers a pragmatic and systematic framework to continuously refine priorities and mitigate threats. By adopting CTEM, organizations can proactively protect their assets, improve resilience against evolving cyber threats, and ensure that their security initiatives align with broader business imperatives.

Can Face Biometrics Prevent AI-Generated Deepfakes?


AI-Generated deep fakes on the rise

A serious threat to the reliability of identity verification and authentication systems is the emergence of AI-generated deepfakes that attack face biometric systems. The prediction by Gartner, Inc. that by 2026, 30% of businesses will doubt these technologies' dependability emphasizes how urgently this new threat needs to be addressed.

Deepfakes, or synthetic images that accurately imitate genuine human faces, are becoming more and more powerful tools in the toolbox of cybercriminals as artificial intelligence develops. These entities circumvent security mechanisms by taking advantage of the static nature of physical attributes like fingerprints, facial shapes, and eye sizes that are employed for authentication. 

Moreover, the capacity of deepfakes to accurately mimic human speech introduces an additional level of intricacy to the security problem, potentially evading voice recognition software. This changing environment draws attention to a serious flaw in biometric security technology and emphasizes the necessity for enterprises to reassess the effectiveness of their present security measures.

According to Gartner researcher Akif Khan, significant progress in AI technology over the past ten years has made it possible to create artificial faces that closely mimic genuine ones. Because these deep fakes mimic the facial features of real individuals, they open up new possibilities for cyberattacks and can go beyond biometric verification systems.

As Khan demonstrates, these developments have significant ramifications. When organizations are unable to determine whether the person trying access is authentic or just a highly skilled deepfake representation, they may rapidly begin to doubt the integrity of their identity verification procedures. The security protocols that many rely on are seriously in danger from this ambiguity.

Deepfakes introduce complex challenges to biometric security measures by exploiting static data—unchanging physical characteristics such as eye size, face shape, or fingerprints—that authentication devices use to recognize individuals. The static nature of these attributes makes them vulnerable to replication by deepfakes, allowing unauthorized access to sensitive systems and data.

Deepfakes and challenges

Additionally, the technology underpinning deepfakes has evolved to replicate human voices with remarkable accuracy. By dissecting audio recordings of speech into smaller fragments, AI systems can recreate a person’s vocal characteristics, enabling deepfakes to convincingly mimic someone’s voice for use in scripted or impromptu dialogue.

By taking advantage of static data—unchanging physical traits like eye size, face shape, or fingerprints—that authentication devices use to identify people, deepfakes pose sophisticated threats to biometric security systems. Because these qualities are static, deepfakes can replicate them and gain unauthorized access to confidential information and systems.

Furthermore, the technology underlying deepfakes has advanced to remarkably accurately mimic human voices. Artificial intelligence (AI) systems can accurately replicate a person's voice by breaking down speech recordings into smaller segments. This allows deepfakes to realistically imitate a person's voice for usage in pre-recorded or spontaneous dialogue.

MFA and PAD

By taking advantage of static data—unchanging physical traits like eye size, face shape, or fingerprints—that authentication devices use to identify people, deepfakes pose sophisticated threats to biometric security systems. Because these qualities are static, deepfakes can replicate them and gain unauthorized access to confidential information and systems.

Furthermore, the technology underlying deepfakes has advanced to remarkably accurately mimic human voices. Artificial intelligence (AI) systems can accurately replicate a person's voice by breaking down speech recordings into smaller segments. This allows deepfakes to realistically imitate a person's voice for usage in pre-recorded or spontaneous dialogue.

Deepfakes are sophisticated threats to biometric security systems because they use static data, which is unchangeable physical attributes like eye size, face shape, or fingerprints that authentication devices use to identify persons. 

Stress May Drive Half of the Cyber Staffer to Leave Their Jobs


We are all aware of the significance of cybersecurity sector and how it is short of vacancies and skills. It is yet unfortunate that their may not be an immediate relief, research firm Gartner's estimates come true that a full quarter of security leaders completely leave the cybersecurity industry by 2025. 

The new report suggests that almost half of the cybersecurity experts will end up switching their professions, and that by year 2025, lack of skills and human failure would ultimately be the reason for over half of significant cyber incidents in the coming future. 

Do Not Ask Cyber Staffers “Why So Serious”? 

According to Deepti Gopal, director analyst at Gartner, professionals who are currently leading in the field of cybersecurity are in fact burning the candle at both ends to balance technology, business and environmental requirements in an attempt to maintain and improve their firm’s security. 

“While they are in the rush to achieve this they are really spread thin[…]If you look closely at today’s world, the hybrid work environment is everything; that also impacts the cybersecurity leaders, adding complexity to their work and the way they strategize,” she says. 

The "work life harmonization" employed by IT, she continued, dissolves the line separating work and non-work, especially given that both are located in the same place. 

“If you listen to cybersecurity leaders, you’ll hear things like ‘I start my day with work, emails, alerts, and coffee,’ and ‘I work with a group of All Stars who are always available, they don’t complain about the workload. These are all elements that indicate the presence of high stress, high demand,” Gopal said. 

“But, there is a loss of control or inability to have a sense of control on their work-related stress — the inability to protect their time for the things that matter the most. I like to ask leaders to jot down the things that they absolutely do in the coming week and then look at their calendars, most often they tell me that they haven’t carved out any time for the tasks on their list!” she adds. 

Cybersecurity Teams Undervalued at Companies That Move Fast and Break Things 

Gartner research illustrates how the compliance-based cybersecurity programs, low executive support and subpar industry-level security are all signs that a company does not consider security risk management to be essential for commercial success. 

According to Gopal, such enterprises are likely to lose cybersecurity talent to businesses where they are valued and are better recognized. “When the organization is charged to move fast, there will be situations where security is not top of mind; that needs to change,” Gopal said. “We need to see cybersecurity as intrinsic to digital design.” 

With Rise in Insider Risk, Talent Continues to Plunge 

According to Paul Furtado, vice president analyst at Gartner, the 'talent churn' of cybersecurity professionals as well as other professionals in the IT industry is a security risk since it gives rise to the possibility of insider misconduct. 

“The cybersecurity workforce is a microcosm of society and made up of individuals who respond differently to different stress triggers[…]For some, they will leave their employment gracefully without any disruptions,” Furtado said. “Others may feel that the artifacts they’ve created or contributed to are their personal intellectual property, and therefore, they take a copy. Some may feel that they want to exfiltrate some data that may assist them in their next role with a different employer,” he continues. 

Moreover, there also exists a possibility that individuals may well attempt actions, beyond theft to commit acts of sabotage or complete disruption of system or data, regardless of the position they hold in an organization. 

“The reality is that security leaders must be prepared for each of these occurrences; there are numerous examples where these behaviors have occurred[…]The scary part: In some cases, insiders won’t wait for a layoff or resignation to start some of these behaviors,” Furtado says. 

Furtado further advises that an organization must be well prepared against insider risks, since it is critical to prevent it from becoming an ‘actual insider threat event.’