Click for more special coverage
Cloud, macroeconomics and shifts in remote workforces are creating transformative shifts in cybersecurity and spurring new challenges for companies.
CyCognito’s co-founder and CEO Rob Gurzeev spoke to SC Media about these modern challenges facing organizations as part of our October Cybersecurity Awareness Month series.
[A video interview of SC Media's conversation with Rob Gurzeev can be viewed below]
Highlighting a significant shift in the cybersecurity landscape, Gurzeev mentioned, "Decades ago, giants like Google and Apple had one or two applications exposed to the internet. Today, companies host thousands of them."
The real challenge, according to Gurzeev, is the plethora of external exposure points not being adequately monitored or tested. He noted that even some leading banks with significant cybersecurity budgets are only testing a fraction of their exposed web interfaces.
"We've become exponentially better at protecting areas we're aware of," Gurzeev commented. "However, the real risk now lurks in places we either don't know or don't monitor efficiently."
Under the backdrop of Cybersecurity Awareness Month Gurzeev underscore the importance of not only understanding the existing cybersecurity external attack surface, but also preparing for the challenges that lie ahead.
"The concept of 'security by design' is paramount given the vast amounts of personal data residing on company products." Yet, he cautioned that while the idea is highly desirable, its implementation is not widespread. "Legacy organizations and products often find it challenging to integrate new security capabilities," he said.
"Decades ago, major companies had but a few engineers. Today, their ranks swell into the thousands." This has caused an amplification of network complexity, coupled with cloud adoption can easily escalate vulnerabilities exposure for organizations, he said.
For companies looking to bolster their cyber defenses, Gurzeev advised concentrating on three vital metrics, perfectly aligning with CISA's directives: thoroughness of security tests, frequency of these tests and promptness in resolving high-priority risks.