Question 1

BN: Can you provide an overview of the top threats organizations are facing today?

Accepted Answer

TV: Organizations are facing a new level of sophisticated attacks with the rise of generative artificial intelligence (AI) based threats. The threat landscape has become dynamic over the last few years, with new vulnerabilities and attack vectors emerging daily. As our threat research team constantly evaluates these changes, we are noticing the same consistent threats: business email compromise, social engineering attacks and third-party vulnerabilities. While these threats are not always sophisticated, they are being developed more quickly and becoming harder to detect with the help of AI. We recently identified the top trending threats that organizations are battling and the tactics that adversaries are relying on, including: Organizations must have a comprehensive understanding of these threats and continually receive updated insights to inform their security operations, enabling them to properly assess and protect their networks.

Question 2

BN: Why isn’t a one-time security assessment enough anymore?

Accepted Answer

TV: One-time security assessments were once a reliable measure of an organization’s security posture, but now are insufficient in today’s evolving threat landscape, where new and sophisticated attacks occur daily. The rise of AI and other technologies further complicates the situation, allowing adversaries to develop more effective and faster-moving attack methods. By limiting the assessment to one time a year, organizations are leaving gaps in their defenses. Additionally, companies are dealing with a cybersecurity skills shortage. The World Economic Forum recently reported that 67 percent of organizations have a moderate to critical skills gap in cybersecurity, leaving many security teams strapped for time and overwhelmed with alerts. Defenders can’t afford to be surprised, especially when they don’t have to be. Companies need a real-time and holistic view of their threat landscape. By taking a continuous approach to analyzing vulnerabilities and threats, security leaders can proactively mitigate exposures in their defenses and prioritize resources where they will have the most impact.

Question 3

BN: What are the top three things CISOs can do right now instead?

Accepted Answer

TV: In order to be effective, I recommend that Chief Information Security Officers (CISOs) do the following: Many CISOs are prioritizing posture management as new solutions and AI-powered tools continue to enter the market. While this is an important focus, it's critical for security leaders to take a step back and first address estate management. You must have a holistic view of the network and estate to effectively measure your security posture. This is where Continuous Threat Exposure Management (CTEM) can have a significant impact.

Question 4

BN: Can you tell us more about Continuous Threat Exposure Management (CTEM)?

Accepted Answer

TV: Continuous Threat Exposure Management (CTEM) is the future of security. CTEM enables organizations to stay ahead of adversaries by continuously monitoring vulnerabilities and minimizing potential attack surfaces. It helps identify and mitigate vulnerabilities before they can be exploited. By leveraging automated scanning, AI-driven analysis and threat intelligence, security teams are informed of potential attacks in real-time. Unlike any other security solution, CTEM provides automatic and constant insights into a company’s security posture, allowing for threats to be detected and addressed immediately. It enhances security operations by streamlining detection and responding to cyber risks more efficiently. This solution pairs and strengthens many key security strategies, including:

Question 5

BN: How can organizations effectively implement a successful CTEM strategy?

Accepted Answer

TV: First, organizations must lay the foundation. We call this managing their estate or Estate Management. All assets, whether on-premise, cloud or OT, must be managed in accordance with their security policy, be associated with their proper risk category (e.g., an application, a user, a system), and assigned to an owner. This step is often missed but critical. Second, the information from the security telemetry must be collected, analyzed and the findings must be made actionable. This methodology leverages MITRE to create a relationship to the prioritized threats and campaigns. Third, this must be a continuous process, including a mechanism for trending using a risk-based mechanism. Image credit: alphaspirit/depositphotos.com

Security Assessments

Why one-time security assessments are no longer sufficient [Q&A]

Recent Headlines

Your earbuds can now translate over 70 languages in real time with Gemini AI

Financial sector hit hard by breaches but ransomware seeks targets elsewhere

Over a third of US adults now use AI every day

Most companies aren't measuring AI's environmental impact, new report shows

Huawei's new Mate X7 foldable phone has a slimmer build, upgraded cameras and an improved hinge

One in 25 digital identity checks flagged as fraudulent

How self-governing identity infrastructure can streamline policy enforcement [Q&A]

Most Commented Stories

You can now grab a wide selection of Windows 11 themes from the Microsoft Store

Microsoft will let you remove AI Action from the Windows 11 context menu

Google Maps now makes it easier for iPhone users to find their cars

Ashampoo announces Burning Studio 27 with smarter ripping and better audiobook tools

Your earbuds can now translate over 70 languages in real time with Gemini AI

WhatsApp group chats are about to become much more useful

How agentic AI is set to redefine enterprise APIs [Q&A]

NordVPN expands its security suite with a new email protection feature

NEWS

UNITED KINGDOM