網路安全快照： Cyber Teams Adopt GenAI, Integrated Suites To Boost Defenses 

Cyber leaders are embracing generative AI and product suites, while ditching siloed tools. Plus, check out a guide packed with anti-phishing tips, and another one full of IAM security best practices. Also, discover the skills that cybersecurity recruiters value the most. 更多内容不一一列举！

Dive into six things that are top of mind for the week ending October 20.

1 - Study: CISOs bet on GenAI, integrated cybersecurity suites

In: Defensive generative AI technology and integrated cybersecurity suites. Out: Tool sprawl from individual security products that don’t play well together. 

That's one of many findings from the “2024 Global Digital Trust Insights” report from PwC, which surveyed 3,800 C-level business, technology and security executives from 71 countries and across a variety of industries.

In a clear trend towards consolidation of cyber toolsets, 44% of respondents reported using an integrated suite of security products, while 39% plan to adopt one in the next two years.

Meanwhile, the report found that while organizations worry about hackers using generative AI to boost their attacks, they’re also excited about leveraging this technology to strengthen their cybersecurity capabilities.

Specifically, almost 70% said they’ll use generative AI for cyber defense in the next 12 months, while 47% are already using it for cyber risk detection and mitigation. One fifth of respondents report already reaping benefits from their use of generative AI for cybersecurity.

To get more details:

• Check out the report highlights page titled “The C-suite playbook: Putting security at the epicenter of innovation” 
• Read the article “GenAI for cyber defence is on the rise”
• Download the full report “2024 Global Digital Trust Insights”
• View this video “PwC’s 2024 Global Digital Trust Insights Survey”

For more information about the impact of generative AI on cybersecurity:

• “Generative AI and Cybersecurity: Strengthening Both Defenses and Threats” (Bain & Co.)
• “The role for AI in cybersecurity” (Cybersecurity Dive)
• “AI Is About To Take Cybersecurity By Storm” (Tenable)
• “The Fusion of AI and Cybersecurity Is Here: Are You Ready? (CompTIA)
• “New Generative AI Tools Aim to Improve Security” (Dark Reading)

To dive deeper into the value of integrated cybersecurity platforms:

• “Centralized cloud security is now a must-have” (InfoWorld)
• “Exposure Management: 7 Benefits of a Platform Approach” (Tenable)
• “Thanks to the economy, cybersecurity consolidation is coming” (Protocol)
• “Bye-bye best-of-breed?” (CSO)
• “Note to Security Vendors: Companies Are Picking Favorites” (DarkReading)

2 - Guide: Anti-phishing best practices

Looking for a primer on how to protect your organization from phishing attacks? Check out the guide “Phishing Guidance: Stopping the Attack Cycle at Phase One”, published this week by CISA, the NSA and the FBI. The 14-page document groups its recommendations under two main attack categories: theft of login credentials and malware deployment. 

Here’s a sampling of the best practices discussed:

• To prevent phishers from obtaining login credentials:
  • Regularly conduct user training, so that employees learn to identify suspicious emails, links and attachments
  • Adopt the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol
  • Monitor internal mail and messaging traffic
  • Implement phishing-resistant multi-factor authentication (MFA) for administrators and other accounts with elevated access privileges
  • Roll out a single sign-on (SSO) program

• To prevent phishers from executing malware:
  • Set up denylists in the email gateway, and use them to block malicious domains, URLs and IP addresses
  • Adopt the principle of least privilege for user accounts
  • Implement application allowlists
  • Block macros by default

To get more details, check out:

• The guide’s joint announcement “CISA, NSA, FBI, MS-ISAC Publish Guide on Preventing Phishing Intrusions”
• CISA’s blog “Phishing: What’s in a Name?”
• The full guide “Phishing Guidance: Stopping the Attack Cycle at Phase One”

3 - ISACA: IAM ranks first among most sought-after cyber tech skills 

Identity and access management (IAM) is the cybersecurity skill that hiring managers look for the most, closely followed by cloud computing.

That’s according to ISACA’s “State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations,” report, which surveyed 2,100 security leaders globally.

Data protection, incident response and DevSecOps rounded out the list of the top five tech skills that recruiters seek when filling cybersecurity jobs.

Regarding soft skills, communication ranks first, followed by critical thinking, problem solving, teamwork and attention to detail.

And speaking of soft skills, it’s the area with the biggest gap among cybersecurity pros, followed by cloud computing, security controls, coding skills and software development.

Other interesting findings include:

• 59% of respondents said their cyber teams are understaffed
• 56% said retaining cybersecurity staffers remains a challenge
• 62% said their organizations underreport cyberattacks

To get more details, download the report and check out these ISACA resources:

• The articles “State of Cybersecurity 2023: Navigating Current and Emerging Threats” and “The Shifting Importance of Soft Skills”
• The report’s announcement “New ISACA Research: 59 Percent of Cybersecurity Teams are Understaffed”
• A report infographic titled “State of Cybersecurity in 2023 and Beyond”

4 - Survey: Password without MFA remains top login method

Entering a password manually without any other form of authentication remains the most common method for logging into online accounts, although it’s considered the least secure.

That’s a key finding from the “Online Authentication Barometer” report, released this week by the FIDO Alliance, a tech industry consortium that promotes alternative login technologies and authentication standards.

Now in its fourth year, the report is based on a survey of 10,000 consumers in Australia, China, France, Germany, India, Japan, Singapore, South Korea, the U.K. and the U.S.

Other important findings include:

• Biometrics, such as a fingerprint or face scan, ranks as both the preferred sign-in method and the most secure
• Awareness of other login methods such as passkeys is growing
• Artificial intelligence is driving an increase in the number and sophistication of suspicious messages and online scams
• The inability to remember a password is driving up the average number of times per day that a person gives up on an online purchase or on accessing an online service – from 3.18 in 2022 to 3.68 in 2023

It’s promising that respondents are increasingly interested in using stronger authentication methods such as biometrics, Andrew Shikiar, Executive Director and CMO at FIDO Alliance, said in a statement.

“That said, high password usage without 2FA worryingly reflects how little consumers are still being offered alternatives like biometrics, resulting in lingering usage,” he added.

To get more details, read the report’s announcement “FIDO Alliance study reveals growing demand for password alternatives as AI-fuelled phishing attacks rise” and check out the “2023 Online Authentication Barometer” report.

For more information about new methods of authentication:

• “What is passwordless authentication?” (TechTarget)
• “What is Phishing Resistant MFA?” (SANS Institute)
• “Implementing Phishing-Resistant MFA” (CISA)
• “What is biometric authentication?” (TechTarget)
• “Should You Use Passkeys Instead of Passwords?” (Consumer Reports)

5 - CISA: MFA, SSO ranks as top IAM security challenges

And speaking of authentication methods, a new document from CISA and the NSA states that, when it comes to securing IAM systems, MFA and single sign-on (SSO) remain thorny challenges for enterprise developers and technology vendors.

The joint document, titled “Identity and Access Management: Developer and Vendor Challenges”, outlines these roadblocks and offers recommendations. 

Here’s a sampling of challenges and their recommended solutions for tech vendors:

• Ambiguous MFA terminology
  • Standardize MFA terms so that definitions and policies are clear to organizations
  • Map IAM products to NIST requirements, such as those in NIST SP 800-63
• Unclear security properties of certain MFA implementations
  • Expand phishing-resistant authentication methods to more use cases, and simplify and standardize their adoption
  • Make MFA systems “maximally user friendly” to promote higher user adoption
• Difficult SSO integration into enterprise IT infrastructure
  • Ease integration of SSO with legacy applications by creating an open-source repository of standards-based modules

To get more details, read the “Identity and Access Management: Developer and Vendor Challenges” publication.

6 - U.S. government expands guide for “secure by design” software

Software should be designed with customer security as a core goal, and should be secure “out of the box”, requiring no complex configurations and no extra fees for any security features.

That’s the “secure by design” and “secure by default” vision outlined in the revamped guide “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure By Design Software” jointly released this week by CISA, the FBI, the NSA and cyber agencies from 13 countries. 

“Together, these two philosophies move much of the burden of staying secure to manufacturers and reduce the chances that customers will fall victim to security incidents resulting from misconfigurations, insufficiently fast customer patching, or many other common issues,” reads the guide.

The document, which was published originally in April, grew from 15 pages to 36 pages, with the bulk of the additions detailing further CISA’s three main “secure by design” principles for software makers:

• Take ownership of customer security outcomes
• Embrace radical transparency and accountability
• Lead from the top

While mostly focused on best practices for software vendors, the document also includes recommendations for software customers, including:

• Ensure the software you buy complies with “secure by design” and “secure by default” principles, as outlined by CISA and by your own IT department
• Require that your IT suppliers commit to solving security issues promptly, and that they offer transparency into their existing and future internal security controls and posture
• When subscribing to cloud services, make sure you understand the shared responsibility model

To get more details, check out:

• CISA’s alert “CISA, NSA, FBI, and International Partners Release Updated Secure by Design Guidance”
• CISA’s announcement “CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide”
• CISA’s blog “The Next Chapter of Secure by Design”
• The full document “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure By Design Software”