Transmit Security Chief Information Security Officer (CISO) Meron Behar is looking to the future of cybersecurity with great anticipation. After spending his early career in a wide variety of technical disciplines, including development and networking, he became fascinated with the field of information security. As he gained experience in providing solutions to cyber threats by designing defense plans and implementing regulations for risk management, Meron started looking for the next big development in cybersecurity. He now joins us to discuss the status quo for infosec and the changing nature of cyber threats in 2021.
Thanks for joining us, Meron. To start off, how would you describe the current landscape of cybersecurity?
Today, cyber crime is organized crime. Major hacks used to be perpetrated by individuals, rogue agents with little to no affiliations. They would breach systems for the bragging rights or simply randomly. Now we are seeing much more regimented groups forming with strong financial motivations. The business of cyber crime is more lucrative than ever.
It certainly doesn’t help that highly publicized examples of successful ransomware attacks — like the Colonial Pipeline breach — have made the rounds. If isolated hackers were previously only cracking systems for entertainment, they might be considering a more profitable approach now.
But more importantly, cyber threats exist in many more forms now than they did previously: malware, social engineering, identity theft, even attacks that target the SIM cards supplied by mobile carriers. To identify the relevant threats, it’s critical to perform a thorough analysis that considers business processes as well as the potential attack vectors.
The number of services that rely on the cloud is increasing exponentially, but the knowledge and solutions that can protect cloud-based assets are lagging behind traditional network environments. In the past, most cyber attacks occurred within on-premises networks, but in the years to come, we will see more attacks originating from and targeting the cloud.
Given the rapidly changing cybersecurity environment, what is the biggest challenge today’s CISOs face?
Each moment for a CISO is filled with diverse challenges. Among these challenges are:
- Handling constantly changing and dynamic business processes that require a quick response. Organizations desire a secure solution that allows them to continue operations without disruption.
- Delivering an effective response to cyber attacks and threats.
- Assessing and prioritizing threats according to the resources available before implementing responses — and resources are always in short supply.
- Recruiting top-notch experts.
An important and efficient tool for any CISO is to perform risk assessments and determine threat levels that help prioritize tasks. Consequently, a CISO can concentrate on the most significant risks rather than dealing with the easiest ones.
CISOs obviously have many crucial responsibilities in safeguarding organizations against threat actors. What does it take to be a successful CISO in 2021?
In contrast to other traditional occupations like medicine, the path to becoming a CISO is not unified or predetermined. An individual can grow as a CISO from different areas — unlike a doctor who studies for several years at a university, goes through an internship and adopts a specialization. A great CISO usually comes from a multidisciplinary background, although there is no one path to success.
CISOs should be experienced in network security, endpoint and infrastructure security, secure development processes and responding to and mitigating cyber attacks. They should also have a thorough understanding of security regulations and information security standards. CISOs must be well-versed in the business side of an organization in order to understand the needs of and the threats posed by it.
When building plans to close gaps, the CISO should work side-by-side with the various stakeholders in the organization — as opposed to standing in front of them while presenting different risks. A collaborative approach will always net more effective changes and understanding than simply identifying risks and rattling them off to the C-suite.