This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Steve Tcherchian, CISO and Chief Product Officer at XYPRO.
How have cyber attacks evolved over the past 12months?
The SolarWinds and Kaseya incidents showed us what types of multifaceted attacks are being used. It’s not a matter of if they’re going to get into your network. They’re going to get in. In the SolarWinds attack, once the attackers gained access to the network with compromised credentials, they moved laterally by capturing and using multiple, different, insecure credentials. Our efforts should focus on shoring up internal systems to limit their ability to move laterally using insecure credentials and passwords once they’re in. Proper password management and multi-factor authentication would have prevented this from happening.
The proliferation of Internet of Things (IoT) devices, an expanding remote workforce due to the pandemic
and the need for automation has put “smart devices” into the spotlight.
CISO, XYPRO Technology
What lessons can be learned from the biggest cyber attacks in recent history?
This is counterintuitive to traditional methods of security where locking the front door was once considered to be good enough. But time after time we’ve seen that it is no longer sustainable. Defense in depth is required. We need to treat locking up all the valuable systems and information inside of our network as being just as important as hardening our perimeter. ZERO TRUST SECURITY!