Resilience in the evolving cybersecurity landscape with Recolabs – News

As the cybersecurity landscape continues evolving, organizations grapple with increasingly complex challenges. From managing risks across sprawling software-as-a-service ecosystems to navigating the rise of cyberattacks fueled by artificial intelligence, the stakes have never been higher.

This “democratized insecurity” reflects how readily available artificial intelligence tools are lowering the barrier for attackers. Amid this complexity, resilience has emerged as a critical priority for businesses looking to secure their operations while enabling growth, according to Merritt Baer (pictured), chief information security officer at Recolabs Inc.

“It’s not particularly helpful to say, ‘Oh, it’s just a matter of when, not if,’ because I think that can be paralyzing,” Baer said. “But I think it is probably fair to expect that you will have a bad day, a day where something breaks or where you don’t notice something that you should have noticed earlier.”

Baer spoke with theCUBE Research’s Christophe Bertrand at the Cyber Resiliency Summit, during an exclusive broadcast on theCUBE, News Media’s livestreaming studio. They discussed the role of preparation, frameworks and ownership in building cyber resilience across modern enterprises.

Balancing innovation and security in the evolving cybersecurity landscape

Cybersecurity is often seen as a reactive discipline, but preparation is just as critical as response, according to Baer. Businesses must create environments prioritizing resilience through proactive measures designed to navigate the cybersecurity landscape, including guardrails for DevOps and robust security architectures.

“My personal view is that it is understandable that DevOps engineers want to run hard and fast and not care about other goods, like security,” Baer said. “It’s also security’s job to make security democratized and make it seamless and painless as an experience for both your engineers and end users. I think that can be achieved through … templatization of environments, guardrails … and other taking advantage of ephemeral environments — [there are] lots of approaches that I think are increasingly available now.”

Modern cyberattackers are reshaping the cybersecurity landscape by increasingly relying on hijacking legitimate credentials instead of deploying advanced exploits. This shift has made it easier for attackers to bypass traditional defenses, posing significant challenges for enterprises with complex ecosystems, Baer pointed out.

“[Attackers] are not burning zero days or novel exploits,” she explained. “They’re just able to hijack a legitimate set of credentials and then lateral around to get increasingly significant amounts of access and then be able to exact damage. We see with the rise of regulations like the [General Data Protection Regulation], they actually create incentives for bad actors to monetize their compromise of an enterprise, where if it became public that they had gotten compromised, then the victim entity might be subject to really large fines.”

Outcome-driven key performance indicators, such as reducing downtime and preventing breaches, are crucial for aligning security practices with business goals in the cybersecurity landscape. These metrics provide actionable insights that resonate with leadership and support operational priorities, according to Baer.

“What they care about are outcomes, [the] amount of downtime that you’ve been able to get rid of or bringing down the risk of a data breach or an intrusion, she said. “There are ways in which I think security runs into that problem that’s like the tree falling in the forest. A good day is one where no one actually knows that you have been working, where everything goes according to the business plan.”

Frameworks such as the National Institute for Standards and Technology offer valuable guidance but lack enforceability, serving as a starting point rather than a complete solution. A mix of continuous compliance and foundational principles helps bridge this gap, Baer added.

“There’s glimmers of this idea of continuous compliance, where we could actually map configurations and the requirements of specific compliance requirements into the actual infrastructure and architectural choices they make in their enterprise,” she said. “But you don’t see it happening in any kind of reusable, repeatable way.”

The shared responsibility model highlights the need for enterprises to own their architectural and security decisions in cloud and SaaS environments. App discovery and contextual threat detection are critical to identifying overlooked vulnerabilities and mitigating risks, according to Baer.

“Most companies think they have 15 to 50 apps, but they have hundreds, and sometimes thousands within their ecosystem,” she explained. “We will map to best practices for configurations. We have a threat research team that is also mapping current behaviors of all the sophisticated adapters, and then just where we see insider threat and other behaviors popping up and how that surfaces as an alert.”

Contextual security will be pivotal in shaping how businesses balance flexibility and protection within the cybersecurity landscape. This approach involves enabling permissiveness while refining access controls and flagging suspicious patterns, according to Baer.

“I think the future of security is contextual,” she said. “In a lot of ways, we are going to see folks trying to find ways to look at enabling the business, allowing for permissiveness as an overall policy while still being able to trim down, prune and refine at least privilege, but also be able to alarm on patterns of behavior that look suspicious.”

Here’s the complete video interview with Baer, part of News’s and theCUBE Research’s coverage of the Cyber Resiliency Summit:

Photo: News