CISO Strategies for 2023: The Martial Art of Cybersecurity

By Joe Robertson | November 04, 2022

As we toil through the final quarter of 2022, it’s not too early to label this another challenging year for everyone. A seemingly endless series of major events challenged the world in 2022—from the pandemic to war, to inflation and financial crises compounded by energy shortages, all on top of continuous climate-change disasters. It is an understatement to say that we all need to be extremely resilient, nimble, and flexible. This is especially true for CISOs when planning their security strategies for 2023.

To devise cybersecurity strategies for next year, CISOs should start by looking at everything from a 10,000-foot view. In addition to this high-level perspective, CISOs and the IT teams need to develop the ability to move and react quickly, as there is no guarantee that the assumptions made for this January (or any other month in 2023) are going to occur as expected.

Your Organization’s Security Posture Should Imitate a Martial Artist

A good way to focus your 2023 preparation is to see your organization as if it were a martial artist. Your organization needs to be in good shape, solidly planted on its feet—in other words, stable—but also boast a security posture that is flexible enough to be able to react to and not be incapacitated by attacks that can come from any direction.

CISOs need to take stock and determine if their security posture is right and ready to identify and handle threats. You don’t want a posture that is the equivalent of a fighter standing up straight, hands down, and stiff—and so brittle that it can be easily knocked around, over, or out. Instead, you need a security posture where your knees are bent, you're low to the ground, and you cannot be easily tripped up and pushed off your feet.

Make the Metaphor a Reality

Having a cybersecurity posture that is the equivalent of a martial artist’s “knees bent, low to the ground, ready to react,” translates into it having a solid foundation, as well as having visibility into what’s going on outside of your organization—the state of external threats.

CISOs must also have an equal understanding of what’s going on inside their company. And finally, IT leadership must go beyond the “average” way of protecting the organization from external and internal threats. Therefore, as a CISO preparing for 2023, you should be looking ahead from three distinct vantage points: outside, inside, and beyond.

Look Outside to Identify External Cyber Threats

CISOs need to have visibility into what's happening on the outside. You should use threat intelligence services that identify external threats and make the data available regularly to staff, devices, and, especially, your firewall or antivirus solutions. Keep all your security devices updated and patched, because the bad guys are coming up with new tricks and threats every day. Try to give your IT security staff as much of a head start against attackers as possible to come up with new protections.

Digital risk protection (DRP) services are another method for looking at your security posture from the outside. Use these services to check your external attack surface. Basically, DRP is threat intelligence outside your network perimeter. The great thing about a DRP service is that it looks at your entire environment from the outside—just like an attacker would.

This type of service can examine not just your websites to see if they're exposed, but also how they're exposed. It will also look for risks like typos and domain squatting, a.k.a cybersquatting, that can result in the creation of malicious websites. These sorts of discovery services can also find rogue mobile apps and other threats by looking from the outside. They are a very important part of any organization’s defenses. The best DRP services are not just surveilling your environment but also everything around it that might have an impact on your brand.

Gaining Visibility Inside Your Environment

Now, let’s talk about how to handle things inside your environment. You and your organization’s mental state is based on being able to perceive what attackers are doing and then react. This is the same principle whether you’re doing a martial art or fighting a war or fortifying your cybersecurity. There are several tools on the market to help you gain this necessary visibility.

Every endpoint or edge device is now your perimeter. So, you need to have maximum protection on those devices. One really good tool at the level of the endpoint is called an EDR, which is short for endpoint detection and response. EDR is a great way of examining what's happening at every endpoint and looking for suspicious activity. For example, a good EDR will notice if suddenly there are numerous writes to the PC's disk, which could be an indication that ransomware is encrypting the disk. A strong EDR solution will stop that activity and quarantine it—preventing the ransomware from getting started and spreading.

EDR monitors end-user devices—a personal computer, a server, or a mobile device (whether Android or an iPhone). It's important to be protecting against attacks on these devices because those edges are the entry to your organization's crown jewels—the network, and ultimately, your applications and your data.

Use Your Head to Stop the Spread

Today, your internal posture isn't just what's happening at the edges. Returning to our martial arts metaphor, it's not just what your feet are doing and what your hands are doing. It's also what your head is doing. This is where Security Orchestration, Automation, and Response (SOAR) systems come into play.

It's great to be able to flag that one of your endpoints that has a threat in it. However, you really want more than just to have it send a message to a human analyst and wait for it to be read and have something done. You want your “head” to detect the threat and send a command message to a switch blocking the port where the infected device is located, or to have the wireless access point block the channel that the device is on, so the infection cannot spread. That's what a SOAR system can do by having two-way communication: receiving information and passing information to the devices to quickly limit the threats.

A SOAR solution takes log files and other input from lots of different devices and many different vendors. It's going to not only perceive what's going on in the entire environment, but it's going to react. A SOAR system has built-in playbooks, which are simply a series of instructions. Basically, the instructions say, “If such-and-such happens, then do this.” SOARs can be very sophisticated. You can build them yourself, but the SOAR system can also have machine learning and automation features that enable it to immediately respond automatically to new conditions and activities.

Going Beyond with Active Defense

Now, let’s talk about how you can protect your organization further. It is shocking that most breaches go undetected for as many as 6 months. You want to uncover a “low and slow” attacker who is wandering through your network before he launches the attack. And one intriguing way of doing this is with deception technology. Just like in traditional spy craft, it is a way of luring adversaries in to expose themselves.

Deception technology is typically a solution that imitates a valuable piece of software or an important device. It may pretend to be a database or a web server. Sometimes in an operational technology environment, it’s made to look like an operator console or a PLC (programmable logic controller). No legitimate user would ever land on this system, so anyone who does is clearly up to no good. You know that someone is in your network and is looking for sensitive data.

Industry-leading deception technology gives you the ability to trace back where the threat is coming from, including the IP address and a lot of other forensic information that’s necessary to identify and block the attacker.

Looking Ahead to Prepare for 2023

Prepare for 2023 by having a good, solid security posture that's going to let you withstand the blows that are bound to come to all of us next year. It's important to be thinking about the outside view of your posture, your inside view, and where you can go beyond the standard security.

Learn more about how Fortinet delivers innovative endpoint security with real-time visibility, analysis, protection, and remediation with FortiEDR.