‘End users represent another attack surface for threat actors’

31 Mar 2023

Image: Mitiga/Pasko Maksim/Stock.adobe.com

Mitiga’s chief technology officer explains the importance of cloud security and taking a proactive approach to security instead of a reactive one.

Ofer Maor is the co-founder and CTO of cloud security vendor Mitiga. The US-based company recently landed $45m in funding, valuing the company at more than $100m.

Maor has more than 25 years of experience in cybersecurity and entrepreneurship. Before his current role, he was the CTO and founder of Seeker where he created a next-generation application security testing technology. He is also active in the cybersecurity community and has served as a global board member for OWASP.

As we started building the company more than three years ago, we were able to get ahead of the industry and build our three main technology pillars, which are at the heart of our product,” he told SiliconRepublic.com.

‘Foundational elements designed to ease cybersecurity adoption for end-users are increasingly exploited by cyber attackers’

What are some of the biggest challenges you’re facing in the current IT landscape?

The new challenges involved in cloud incident response and an expanding threat attack surface are collectively converging with cybersecurity skillset shortages that make it very difficult for most organisations to successfully investigate breaches in their cloud and SaaS environments. Since cloud incident response is challenging for most legacy cybersecurity teams, increasing your organisational cloud readiness and resilience to enhance their security posture is even more elusive.

These factors contribute to higher numbers of cloud incidents adversely impacting business operations, because IT teams historically focused on on-premises and hybrid environments are not familiar with working with cloud and SaaS providers and what is required for both evidence collection and containment perspectives.

What are your thoughts on digital transformation?

Digital transformation accelerated across these last few years in response to remote workforce transitions. Nevertheless, we continue to see how delayed cloud implementations and gradual roll-outs are directly linked to incomplete security postures and expanded cyberattack surfaces.

Furthermore, one of the biggest challenges we see with our customers is the lack of cloud expertise in general and cloud security expertise specifically.

As a result, a lot of the cloud transformation takes place in a ‘lift and shift’ approach, trying to implement on-prem practices in cloud environments. This creates an abundance of challenges, as cloud environments behave differently and are also differentially susceptible to attacks, which makes it more challenging for organisations to prevent, detect and respond to them.

This year, our threat research team shared several internal company findings across the broader cybersecurity industry including multi-factor authentication bypass, business email compromise and Amazon RDS snapshots.

These attacks share commonality: some foundational elements designed to ease cybersecurity adoption for end users are increasingly exploited by cyber attackers. In essence, end users represent another attack surface for threat actors.

While the sheer volume of cyberattacks and their diversity adversely impact wider-ranging global organisations every day, the complexity of continually assuring that your security posture helps defend you from threats is difficult to sustain.

How can sustainability be addressed from an IT perspective?

While most people may not include this in their primary considerations for cloud transformation, the transition to the cloud can improve resource efficiency, and as such support sustainability.

Cloud data centres are generally optimised for efficiency, much better than how each organisation can optimise their own data centre, and even more so, with the elasticity of the cloud, organisations do not need to buy, maintain and replace so much redundant hardware.

If you think about your typical legacy on-prem [disaster recovery] site, for large organisations that includes a full physical facility with hundreds or thousands of servers that are just waiting to be used in an emergency.

At the same time, the move to SaaS allows organisations to be more efficient in their work, consuming just what they need from various vendors. This is true for traditional SaaS applications but also for security solutions, which are consumed by usage as needed, rather than placed with overhead.

What big tech trends do you believe are changing the world?

There are a few very interesting trends we are seeing around us, which are influencing the world and our industry.

Specialisation: this is an ongoing trend throughout history, but as we become more sophisticated and more advanced, so does the need for specialisation increase. One of the challenges this presents is the ever-increasing need for organisations to keep all the knowledge they need internally.

For many organisations, this has been the policy for years, but as the specialisation needs grow, it just becomes harder. We see this with some of our customers, who despite having an internal incident response group, struggle in developing the expertise needed to support so many cloud and SaaS environments with a small, dedicated team.

Data: the move to the cloud and new technologies has allowed many organisations to collect far more data than before and utilise that data for improving their services and expertise, leveraging various benefits of such access to data, including the network effect, AI, optimisation and more.

This further enhances the specialisation aspect, making it harder for an organisation to excel at various aspects that are not its core business. This continues to drive the SaaS industry and to prompt organisations to outsource more of their non-core functions.

Nationalisation and confrontation: we are currently witnessing an extremely interesting time in history, where there seems to be a global reaction to the unification of nations that we have seen post the two great wars and the ending of the Cold War.

This reaction means we are again seeing military conflicts (such as Russia and Ukraine) but also economical conflicts (such as the one forming between the US and China). These conflicts also drive cyberattacks, as the cyber arena (the internet) is shared amongst all nations.

Yet with conflicts between them, groups are allowed (and encouraged) to attack other nations with no repercussions. This puts a huge burden on organisations who need to defend themselves against sophisticated attackers and criminals without much support from local authorities.

How can we address the security challenges currently facing your industry?

In the current cloud operations model, organisations are too dependent on cloud service providers, in terms of providing data and access to it at a speed sufficient for cloud incident response investigations.

In addition to establishing a readiness programme that includes an upfront forensic data lake that supports successful cloud incident response, moving from a reactive to proactive model should also involve proactive threat hunts against that forensic data baseline.

With proactive threat hunts, we can constantly codify and automate responses to customer breaches and apply these insights to other environments. By searching for evidence of these attacks and ‘indicators of compromise’, threat hunts can be used to either confirm or exclude attacks.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.