• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Fundamentals to lateral security in 2023

Allan Tan by Allan Tan
December 23, 2022
Photo by Julia Larson : https://www.pexels.com/photo/unrecognizable-boxer-hitting-young-ethnic-sportsman-during-training-6456268/

Photo by Julia Larson : https://www.pexels.com/photo/unrecognizable-boxer-hitting-young-ethnic-sportsman-during-training-6456268/

The Forrester 2021 State of Enterprise Breaches report revealed that in the past 12 months, organisations were breached an average of three times.

According to Forrester’s senior analyst, Allie Mellen, regions that hesitated to address challenges with business alignment were breached at a higher rate than those that addressed such challenges early on.

Allie Mellen

“Security decision-makers are more concerned about external attacks than any other attack vector, at 47%. Breaches come in various ways, however, and are much more evenly spread in frequency among external attacks, lost/stolen assets, internal incidents, and third-party providers.”

Allie Mellen

And it is not that organisations are not doing anything about it. Gartner says that over 90% of cybersecurity functions have an awareness programme. However, 69% of employees admit to intentionally bypassing cybersecurity guidance and 82% of breaches involve the human element.

Network lateral movement, or simply lateral movement, is a technique used by cyber attackers to further deepen their penetration into a network. The idea is once an attacker has entered an endpoint, say your laptop or mobile device, to extend access to the company network, through other hosts or applications that the organisation uses.

FutureCISO spoke to Jonathan Jackson, director of sales engineering for APJ at BlackBerry to talk about countermeasures against this rising use of lateral methods to penetrate enterprises.

What is lateral security in the context of today's business environment?

Jonathan Jackson: At its core, lateral security refers to securing businesses’ data from attackers who spread from one entry to the rest of its network. This technique enables attackers to move laterally undetected within a network. Lateral security is important as over 60% of SMBs who have suffered a cyberattack have gone out of business within six months.

Security risks organizations are most concerned about
Source: Cybersecurity n the Remote Work Era, Ponemon Institute 2020

Threat actors will carry out lateral attacks from an initial mapping of networks to direct infiltration through illegally accessing the organisation’s credentials. Businesses need to understand how threat actors are carrying out lateral movement attacks and have the right defences such as firewalls in place to stop intruders from gaining access.

Are CISOs aware/familiar with securing internal APIs (as used in containers)?

Jonathan Jackson: CISOs should absolutely be aware of securing internal and external APIs, as this defines the software and application stack being used by businesses today. Traditionally, the industry has been focused on securing external APIs because that is how people typically gain access to information from outside one’s network.

However, when malicious users or an insider threat gains access to your network from the inside, then having to secure internal APIs will be just as important. It will be a CISOs responsibility to keep internal APIs secure and do that well.

How do I map (do I need to?) secure scale-out architectures?

Jonathan Jackson: Understanding scale on architectures is crucial as it pertains to the ability to provide the capability of your workloads, workflow and applications. Not only is it important to map secure scale-out architectures, but it is also necessary to map scale-back architectures.

Dialling up as well as dialling down. Cloud applications are built with elastic scaling in mind so as your workload decreases and you no longer require the extra capacity, you can scale back. Organisations will need to understand the design of cloud applications so they can scale accordingly.

Is a protection platform a better approach to securing the enterprise end-to-end? If not, what are my top 3 options or criteria for deciding the right approach for my organisation?

Jonathan Jackson: Although protection platforms promise a lot, over time they begin to exert a stranglehold on their customers, stifling competition and innovation.

Jonathan Jackson

“Unlike integrated platforms that support discrete functional areas of the enterprise, cybersecurity should be systemic, supporting and protecting every function, application, device, and person – which is too big a job for one platform.”

Jonathan Jackson

Optimal security requires a small, manageable set of complementary technologies to get the job done. It is important to have defences that can mirror the infinitely variable approach and tactics of today’s attacks.

We need to focus on multiple high-performing security models that overlap to fill the gaps and deliver the right balance of business risk and fail-safe capabilities for each organisation.

Related:  AI and data analytics tackle ID theft before they even happen
Tags: BlackBerrycyberattacksForresterGartnerlateral securty
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe