The Evolution of Cyber Resiliency and the Role of Adaptive Exposure Management

As cyber threats continue to evolve in complexity and frequency, organizations must adopt a cybersecurity strategy as dynamic as the threats they aim to combat.

Brad LaPorte, CMO, Morphisec

August 7, 2024

4 Min Read
As cyber threats continue to evolve, organizations must adopt a cybersecurity strategy as dynamic as the threats it aims to combat.
(Credit: Andrea Danti / Alamy Stock Photo)

The evolving threat landscape presents ever-increasing risks and costs driven by progressive factors like financial incentives for threat actors, the availability of malware, expanding attack surfaces, and the sophisticated capabilities of generative AI.

Of the latter, enterprises adopting AI solutions are doing so rapidly and often without full awareness or consideration of the risks involved, both from a data privacy and a data protection standpoint.  

The availability of generative AI systems and large language models (LLM) like ChatGPT in enterprise environments presents many risks, including indirect and direct prompt injection attacks, which can override LLM controls to generate malware and fuel sophisticated social engineering attacks. 

But while many security leaders are shifting their focus to these sophisticated threats, a rudimentary technique is behind many recent attacks. The Verizon 2024 Data Breach Investigations Report (DBIR) found that vulnerability exploitation for initial breach entry tripled in 2023, increasing by 108 percent. Once initial access is obtained, attackers can initiate stealthy, undetectable attacks like ransomware and pure extortion attacks.

In 2024, the number of common IT security vulnerabilities and exposures (CVEs) worldwide is expected to rise by 25 percent, reaching 34,888 vulnerabilities, or approximately 2,900 per month — an overwhelming volume for any remediation team.

This modern-day mix of rudimentary and complex attack techniques puts organizations in a constant state of omnipresent risk, demanding a shift from a more traditional, reactionary mindset to a preventative one.  

Why Continuous Threat Exposure Management Matters

Patching gaps, emergency patching and overall application usage variances across an organization all contribute to an attacker’s success rate when it comes to vulnerability exploitation.

From a defense perspective, patching efforts should be prioritized to vulnerabilities that have a high probability of exploitability, but while the standard vulnerability severity rankings like the Common Vulnerability Scoring System (CVSS) represent severity, they don’t always represent risk. In many cases, teams lack insights into the usage of applications, business context, and the exploitability of a vulnerability to determine actual risk.

Coined by Gartner, Continuous Threat Exposure Management (CTEM) is a systemic approach and program used to identify, assess, and mitigate attack vectors and security risks linked to digital assets. 

In application, enterprise teams can use CTEM to enhance vulnerability management, especially when it comes to increasing the speed and quantity of patching and improving the efficiency of breach detection and response. 

By definition, a full CTEM cycle defines five key stages: 

  1. Scoping — Aligning assessments to key business priorities and risk.

  2. Discovery — Identifying various elements within and beyond the business infrastructure that could pose risks in a comprehensive way.

  3. Prioritization — Identifying threats with the highest likelihood of exploitation and flagging which could have the most significant impact on an organization.

  4. Validation — Validating how potential attackers could exploit identifying vulnerabilities or exposures.

  5. Mobilization — Ensuring all stakeholders are informed and aligned toward risk remediation and measurement goals.

Yet even as more enterprises adopt a CTEM strategy, cyber risk and cyber-attack volumes continue to climb. Many of the security solutions available today technically align with the CTEM framework. However, there’s an assumption that technologies and strategies will work together seamlessly and remain constant, which just isn’t the case.

In today’s fluid cybersecurity landscape, critical use cases like the expanding attack surface, ransomware, and security control gaps make the nature of enterprise security dynamic. Rudimentary techniques like vulnerability exploitation and more future-forward AI-driven attack methods alike call for adaptive defense strategies.

Exploring Adaptive Cyber Resiliency 

Current strategies, and the technology used to action them, often rely on a reactive approach that informs common defense mechanisms including signatures, heuristics, and behavior analysis, and Indicators of Attack (IOAs) and Indicators of Compromise (IOCs).

Yet, to counter evolving threats that use a combination of rudimentary and sophisticated tactics, a proactive and continuously evolving strategy is necessary to strengthen the existing security framework, make it more resilient to cyber-attacks, and provide more robust defense.

Five key aspects form an adaptive cyber resilient strategy include:

1) Continuous Monitoring — Ensuring ongoing surveillance of both internal and external attack surfaces, which is critical for quickly identifying and mitigating threats.

2) Agility — Having flexibility baked into the strategy allows for rapid adaptation to changing threat landscapes using agile processes and tools.

3) Adaptive Security Controls —Incorporating emerging technologies to ensure current security measures are enhanced and support a comprehensive defense-in-depth framework.

4) Risk Assessments — Replacing static measures with dynamic risk assessments to reflect the real-time risk landscape and support timeline decision-making.

5) Continuous Validation — Ensuring regular validation of security controls and processes to maintain and improve cyber resilience.

An adaptive cyber resilient architecture is designed to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources. By optimizing CTEM with an adaptive approach, teams can effectively respond to evolving threats in real time, allowing teams to assume a proactive position rather than reactively fielding damage control.  

Compensatory controls like virtual patching additionally provide a critical stopgap to mitigate vulnerability exploitation by preventing attacks on unpatched operating systems and application vulnerabilities. Mitigating controls like virtual patching can help teams implement patching schedules with fewer business disruptions and fewer resources, creating a bridge to cyber resiliency.

As cyber threats continue to evolve in complexity and frequency, organizations must adopt a cybersecurity strategy as dynamic as the threats it aims to combat. Strategically mapping an adaptive cyber resiliency strategy can banish the cybersecurity complacency that comes with traditional vulnerability management. 

It’s an approach that can help leaders and their teams speed breach event response, minimize breach damages, and most importantly —get back to business as usual.

Related articles:

About the Author

Brad LaPorte, CMO, Morphisec

Brad LaPorte, CMO, Morphisec

Brad LaPorte is the Chief Marketing Officer at Morphisec and a former Gartner Analyst. He is a seasoned cybersecurity expert and former military officer specializing in cybersecurity and military intelligence for the United States military and allied forces. With a distinguished career at Gartner as a top-rated research analyst, Brad was instrumental in establishing key industry categories such as Attack Surface Management (ASM), Extended Detection & Response (XDR), Digital Risk Protection (DRP), and the foundational elements of Continuous Threat Exposure Management (CTEM). His forward-thinking approach led to the inception of Secureworks’ MDR service and the EDR product Red Cloak—industry firsts. At IBM, he spearheaded the creation of the Endpoint Security Portfolio, as well as MDR, Vulnerability Management, Threat Intelligence, and Managed SIEM offerings, further solidifying his reputation as a visionary in cybersecurity solutions years ahead of its time.

See more from Brad LaPorte, CMO, Morphisec
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NaaS 2024: A Look at the Future of Network Services
Network Infrastructure
NaaS 2024: A Look at the Future of Network ServicesNaaS 2024: A Look at the Future of Network Services
byPascal Menezes, MEF
Mar 22, 2024
5 Min Read
SASE Explained: Definition, Benefits, and Best Practice
SASE Networking
SASE Explained: Definition, Benefits, and Best PracticeSASE Explained: Definition, Benefits, and Best Practice
bySalvatore Salamone, Managing Editor, Network Computing
May 1, 2023
22 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events