Offensive Security Tips and Trends for 2024 JTI’s Jon Isaacson joined PlexTrac’s Victoria Mosby to talk proactive security strategy for the new year With more threats than ever before and the skyrocketing cost of breaches, the stakes for your organization couldn’t be higher in 2024. The key to making progress in your security posture is leaning into a proactive security strategy. Offensive security experts Jon Isaacson from JTI Cybersecurity and Victoria Mosby from PlexTrac got together in a webinar to share advice on setting proactive security priorities and maximizing offensive security efforts and investments in the coming year. Watch the webinar to hear the full conversation or read on for the highlights. Offensive Security Tips & Trends with JTI and PlexTrac Offensive security is key in 2024 Many of the cybersecurity industry headlines from 2023 were unsurprising and are now becoming trends over several years: Ransomware attacks are continuing to grow. The federal government is increasing emphasis on cybersecurity accountability. Breaches are costing companies more than ever before. While unsurprising, they beg the question, “What should we be doing to respond to these trends?” Jon and Victoria agreed that the most important reaction is for organizations to increase their focus on proactive activities and investments in 2024 and beyond. Jon noted, “Some of the most important takeaways should be regarding offensive security. The first takeaway is that it is something everyone should do regardless of your size because it’s super effective and helps you prioritize — and now it’s becoming required, which is a good thing.” The primary steps in initiating an offensive security strategy or boosting the value from your efforts include: Know your attack surface — Understanding everything you need to protect is the most critical step in actually being able to protect it. Explore offensive strategies regardless of your program maturity — Even very small teams can think more proactively and try out offensive activities like tabletop exercises and vulnerability scanning. Prioritize, prioritize, prioritize — You may not be able to test and resolve everything, but by understanding your attack surface you can focus efforts on the most critical areas for your organization. Focus on security, not just compliance — Compliance is important, but offensive security aims to improve security posture first so compliance is easy to achieve and verify. Collaborate and automate to improve efficiency and effectiveness — Reduce manual efforts wherever possible to stretch your resources, and take a collaborative approach to increase the value of your investment into offensive security. Jon continued, “Offensive security is one of the most effective ways to protect yourself because it legitimately helps you illuminate and identify gaps that actually mean something. Offensive security like penetration testing and vulnerability scanning, all of those things, are included and required in a lot of these [new government policies], which is great.” Define what success looks like for your offensive security program Once you’ve identified increased offensive security as a priority, you’ll need to define what that means for your organization. As with any goal, defining achievable outcomes and making a plan is essential to acting proactively instead of reactively. Doing more with your offensive security in 2024 may look vastly different depending on the size and maturity of your organization and team. Large teams or organizations with more resources may aim to add complex proactive activities like red teaming or to close the loop on processes to achieve a continuous assessment and validation strategy. Small teams will likely have to be more focused. Jon summed up the main takeaway: “If you are small, you still have to do all the things a big team would do, but that doesn’t mean you have to do them to the same degree.” Consider trends and threats in cybersecurity, in your industry vertical, and the specific context of your organization to inform a strategy for your organization. Once you’ve got a strategy in place, “define processes that work for you, then find tools — like PlexTrac — that can help you be more efficient in following them,” Jon advised. Collaboration is critical to reaching offensive security goals The final key point in the webinar was the importance of collaboration to the success of offensive security strategy. From the perspective of a service provider, Jon noted that offensive security practices can create a lot of chaos for an organization. Collaboration between the offense and the defensive team or between an outsourced team and an internal team is critical to extracting the most value from offensive security activities. There are many ways to improve collaboration but it helps to establish it as a priority and to make a plan before the chaos ensues. “Tooling is critical [to controlling the chaos during an engagement]. PlexTrac is great for this,” Jon shared. “PlexTrac offers amazing capabilities to collaborate with internal and external stakeholders during an engagement, which is crucial for success.” If you are interested in more trends and tips to inform your offensive security strategy, check out our infographic. Or request a demo to see how automating your offensive security workflows with PlexTrac can help you reach your goals.
Vulnerability Assessment vs Penetration Testing: Understanding the Key Differences Vulnerability Assessment vs Penetration Testing READ ARTICLE
Unlocking Continuous Threat Exposure Management: New Features for Prioritizing Remediation Based on Business Impact The evolution of product security READ ARTICLE