Hybrid Cloud Security: The CISO Perspective

 

Article by Chaim Mazal, CISO, Gigamon 

CISOs face a daunting question today, are my efforts to create a more secure organisation working? It is almost an impossible question to answer: last year, our global research uncovered a concerning gap between an organisation’s perceived security posture and their reality. Since then, info security spending has continued to rise, with global spending set to eclipse $215 billion this year. And yet our 2024 Hybrid Cloud Security Report reveals that organisations are now even less prepared for attacks than a year ago. While the 2023 report revealed that 31 percent of breaches went undetected, this number has risen to 37 percent in the last 12 months, a daunting challenge indeed.

So, what is missing from current security strategies? While the broader survey looked at 1,000+ Security and IT leaders from around the world, I’ve delved into the survey responses of some 234 CISOs to explain how they view today’s evolving threat landscape and to understand why they believe over 60 percent of breaches continue to evade existing policies and controls.

Of course, CISOs aren’t to blame. The cat and mouse nature of modern cybersecurity has made defending an organisation infinitely more challenging. With AI-powered attacks looming on the horizon and already impacting 41 percent of organisations, my peers across the security industry are all aware that even robust security measures may not be adequate to fend off future cybercriminal tactics. Even today, just half of CISOs feel strongly prepared to identify threats across their hybrid cloud infrastructure and only one in five CISOs report being able to detect and mitigate the damage of a breach in real time with their existing security tools.  While this is a concerning sign for security confidence, it also reflects that the vast majority of CISOs understand that there is always more to be done to stop hidden attacks from proliferating.

Adapting to a New Landscape

Modern cybersecurity is about differentiating between acceptable and unacceptable risk. Every organisation needs to establish a risk appetite to be able to operate—there is no world in which zero risk is achievable. Indeed, with 41 percent of organisations already observing a surge in AI-related attacks, eight in 10 CISOs expect the technology to increase the global ransomware threat. AI is here to stay, and cybercriminals will continue to embrace new tactics and technologies to exploit organisations’ blind spots.  The challenge for CISOs now is to equip themselves with the intelligence and visibility to stay ahead of each increasingly sophisticated attack method to protect their hybrid cloud environments and organisation from emerging threats.

But with regulators cracking down more harshly on organisations that fail to sufficiently secure data—and, increasingly, cracking down on their executives—this risk appetite is certainly shrinking as business leaders assume greater levels of accountability. In fact, 85 percent of CISOs report that cloud security is now a boardroom priority. With six in 10 CISOs ranking board-level interest in cyber risk as the number one factor in their success, this push towards board engagement is hopeful news. And yet, the ubiquity of cyber risk in all modern operations leaves IT and Security leaders with a burgeoning list of responsibilities.

Artificial Intelligence (AI)—the technology of the moment—promises next-level efficiency, but it is also the latest black box to fall under the CISO remit. Increasingly, the responsibility for AI implementation, and particularly reducing its internal risk potential, is falling firmly onto CISOs’ shoulders. For these reasons, perhaps, our report found that CISOs showed lower enthusiasm for the potential of AI to remediate visibility gaps. While over half of total respondents ranked security automation and AI as their approach to eliminating visibility gaps, it fell to fourth place among CISOs. In its place, those closest to security are focusing on fundamentals: remediating blind spots, optimising tooling, and preparing for Zero Trust upcoming mandates.

Addressing Blind Spots

Real-time visibility is certainly a concern among our respondents, particularly as it pertains to East-West lateral and encrypted traffic. Threat actors hide their movements within encrypted traffic to evade security controls, and a shocking 93 percent of malware attacks are now masked with encryption. And yet, CISOs show an implicit trust towards encrypted traffic. Four in five CISO respondents still trust that encrypted traffic is secure, while just 71 percent of their technical peers agree. On top of this, 62 percent of CISOs report that they haven’t tackled decryption, citing cost and time as barriers. Changing this mentality is critical to achieving true visibility and getting a proactive head start against unseen attacks.

Meanwhile a recent surge in living off the land attacks has highlighted how effectively bad actors can hide and dwell within lateral traffic. Despite this, just 53 percent of CISOs feel strongly prepared to detect threats in lateral traffic.

Six in 10 CISOs listed tool consolidation and optimisation as their number one priority for remediating blind spots, closely followed by investing in incremental tools, and decrypting and inspecting encrypted traffic. Some 70 percent of CISO respondents don’t believe that their existing tools are effective in detecting breaches, compared to 65 percent across all global respondents. Effectiveness is not the only problem: four in five CISOs report their team being overwhelmed by alerts from sprawling tool stacks. The need for a tool overhaul is clear, but this is not new: CISOs typically stay around two years in each role, and organisations are accustomed to new leaders overhauling tool stacks to bring on their own, trusted solutions. Despite a cycle of new tool strategies, cybercriminals continue to evade controls. It is perhaps time for CISOs to try another approach, one less focused on new tools but centered instead around gaining more comprehensive visibility into the assets and data on the network.

One approach to consider is augmenting existing log-based security tools with network-derived intelligence and insights to provide security teams with real-time deep observability across all hybrid cloud infrastructure. This unmatched level of visibility will then ensure maximum efficiency from any tool stack, optimising individual tools to ensure that all traffic is captured and analysed, including encrypted communications. As organisations shift their focus toward achieving Zero Trust, prompted by incoming legislation, deep observability is a foundational building block in establishing a Zero Trust architecture.

We are now in an era in which cybersecurity is closely aligned with business success. Organisations’ reputation, legal standing, and profitability are too intimately linked to security posture for boardrooms to pretend it isn’t a top-drawer priority. As CISOs, we must step into the growing expanses of our role, communicating security risk from a business perspective, while remaining honest with our executives about the reality of information security. There is no cybersecurity singularity, no level of security at which we can guarantee we are safe from a breach. Instead, we must inspire trust in the mission of reducing cyber risk whenever we can, and ensuring we have the power to properly understand our security posture. We will continue rolling the ball up the hill and aiming to be one percent better every day, confident that, with our tasks rising up the boardroom agenda, we’ll be able to secure the support we need to fulfil our mission.