Dealing with cyberattacks, data breaches and other cybersecurity issues is something organizations don't take lightly. While many businesses have a reactive attitude towards these issues and only address them once a problem has occurred, there is a better way. With threat modeling, organizations can assess their security strengths and identify threats before they lead to a breach or even worse, a cyberattack.
To better understand the role threat modeling can have in boosting an organization's cybersecurity posture, TechRadar Pro spoke with ThreatModeler's CEO Anurag (Archie) Agarwal who also highlighted the top security challenges businesses will likely face this year.
- 5 cybersecurity threats your DNS logs already reveal
- Viva the revolution: how cybersecurity can help with digital transformation
- The cybersecurity measures needed to protect flexible workers
What is threat modeling and how can it help business identify risks and vulnerabilities?
Threat modeling is the process of enhancing network security by identifying potential threats and detecting mitigation strategies to reduce the overall attack surface of applications and systems early in the software development lifecycle. Threat Modeling helps businesses to identify, prioritize and proactively prevent threats by reducing the probability of possible breaches. This practice provides significant, quantifiable, valuable and actionable output to stakeholders across the organization.
What are the benefits to incorporating security early on in the software development life cycle?
Threat Modeling can be implemented to continuously expose new attack vectors as developers add more enhancements to the system. The process examines, diagnoses, and addresses threats in real-time, aiding project success by minimizing the attack surface and reducing the number of security issues that could slow down development. Organizations can significantly reduce costs and resources by identifying and preparing for threats during the design stage of the software development life cycle, as opposed to making fixes much later in the SDLC.
How can threat modeling benefit CISOs?
Decision makers like CISOs and IT managers commonly use threat modeling tools to justify investments in security when discussing IT budgeting and policy creation. New business insights can be leveraged for C-level meetings, helping IT professionals gain a seat and be heard at the executive table. Insights like potential risks and business impacts of new software, real-time threat intelligence for strategic decision-making, and the alignment of mitigation strategy with budget allocations are all valuable to key stakeholders.
How does improved collaboration help DevOps teams deal with the latest security threats?
Organizations involving their teams in all aspects of the threat modeling process notice an evident improvement in the security controls integration, a decrease in operation delays and prevention of aftermath implementation of security procedures. Improved collaboration enables DevOps teams to drive successful operative security policies and cyber risk management in the IT ecosystem.
How is automation being used by security teams and what tasks are they choosing to automate?
Thanks to automated platforms, security teams can utilize their time better, make better projections and identify unused resources.
Some tasks they are choosing to automate include automatically building threat models and generating lists of threats and SRs to mitigate those threats.
What are the top security challenges organizations will face this year?
Social engineering attacks - Cyber-criminals are increasingly using sophisticated tools – including Artificial Intelligence – to troll the web for information that corporations and employees are inadvertently posting on their social media sites. This information will likely become a new threat vector in the new year where this information is exploited in phishing and spear-phishing attacks.
Supply chain attacks - As corporations continue to harden their own perimeters and attack surfaces, criminals are increasingly looking at the vulnerable supply chain where risks are not completely understood. Increasingly, the vendors in that supply chain will be regarded as part of the company’s own vulnerability and risk profile. Criminals will increasingly exploit the supply chain to gain access to critical information about corporations.
IoT and infrastructure attacks - The proliferation of cheap and insecure devices that comprise the Internet of Things (IoT), coupled with the legacy systems that control our Infrastructure, are combining to create a perfect storm in the New Year. Ransomware is likely to be higher as criminals hold companies, cities and even countries hostage as they take over and compromise such systems. Attribution will be very difficult thus providing cover to criminals and nation states.
Identity and mobile authentication - As we understand the limitations of passwords and identity management moves increasingly to the cloud, mobile device authentication is likely to explode. At least initially, expect some of this transition to be exploited, particularly where insecure approaches are used. Facial recognition and biometrics are still undergoing rapid development and have not reached a true trusted-state.
Rise of zero-day threats and polymorphic attacks - The most common attacks in the past year were exploits of zero-day threats where unpatched new vulnerabilities were used to compromise critical assets. In the case of "Polymorphic Attacks", the code used for the exploit changes rapidly and automatically to prevent effective management and remediation. In 2019, expect this to continue at a high rate. The high demand for software, complicated by the time pressures to be agile, result in many more undiscovered vulnerabilities.
What do you believe the future of the cybersecurity industry will look like?
I believe cybersecurity will become a space just like the real-time world. Just like we all need to keep our physical safety, there will be a time when securing our cyber space will become just as important. In the present, we are always cautious when it comes to protecting our homes, locking doors, putting on seatbelts. In the future, we will have the same level of awareness with the digital space.
- We've also highlighted the best internet security suites