Roland Daccache, Systems Engineering Manager for META at CrowdStrike, says there’s a global cybersecurity workforce gap of 3.4 million people
Tell us about the cybersecurity trends for 2023.
In 2023, adversaries will leverage identity-based attacks for initial access and lateral movement, driving down breakout time. Throughout 2022, we have seen an increase in identity-based attacks and the development of sophisticated file-less techniques bypassing traditional multi-factor authentication defenses. While our latest Global Threat Report shows that malware-free attacks increased to 71% in 2022, up from 62% in 2021.
And it’s not just stolen credentials, as pass-the-cookie, golden-SAML, and even social engineering with MFA fatigue add to the ever-growing ways to compromise an identity. In 2023, we predict adversaries will break out more quickly by compromising identities to move laterally between endpoints to deploy ransomware, achieve business email compromise (BEC) by accessing email infrastructure or exfiltrate critical data from Azure, GCP, or AWS public cloud infrastructure.
What is the theme of your participation at GISEC 2023?
This year, Fabio Fratucello, International Field Chief Technology Officer at CrowdStrike will be speaking on the main stage at GISEC on March 15, 2023, at 12:35 PM. Fratucello’s talk is titled “Detection and Response in 2023: What we have learned from the past and what the future looks like”.
The session will review the strengths and weaknesses of the modern security operation practice and will highlight how designing cyber fundamentals right is more than ever critical to implement a cost-effective, long-term cyber detection and response strategy. Furthermore, Philippe Farhat, Sales Engineer at CrowdStrike, will host a session live hack titled “Corporate Espionage via a Malware Free Attack” at GISEC on March 14, 2023, at 3:00 PM in the Dark Stage. GISEC visitors can visit the CrowdStrike booth in Hall 8 / Stand A5.
Which products and solutions will you be showcasing at GISEC 2023?
We will be announcing a global partnership with Dell during GISEC. This year, our theme at GISEC is all about proactive security. Our customers have been asking us how they can leverage the CrowdStrike platform to reduce the number of tools they need to protect their environment. We are very happy to introduce our latest modules, which include Falcon Surface, our external attack surface management solution, coupled with the enhanced Falcon Spotlight, our vulnerability management module, to provide organizations with a 360 degrees view of their exposure, from inside out and outside in. We are also looking forward to connecting with prospective customers, learning about new developments in the industry, building partnerships and meeting distributors, and optimizing our sales and lead generation strategy.
How are you equipped to help companies overcome digital security and privacy challenges?
CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes, and technologies that drive modern enterprise. CrowdStrike secures the most critical areas of enterprise risk – endpoints and cloud workloads, identity, and data – to keep customers ahead of today’s adversaries and stop breaches.
Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon platform leverages real-time indicators of attack, threat intelligence on evolving adversary tradecraft, and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting, and prioritised observability of vulnerabilities – all through a single, lightweight agent. With CrowdStrike, customers benefit from superior protection, better performance, reduced complexity, and immediate time-to-value.
Is there a skills gap in the cybersecurity industry? What needs to be done in order to bridge that gap?
According to the (ISC)² 2022 Cybersecurity Workforce Study, there’s a global cybersecurity workforce gap of 3.4 million people. As a result, organizations will look to MSSPs and GSIs to fill this gap. The benefit for organizations leveraging MSSPs is that they provide 24/7/365 expert monitoring without the need for additional staffing. As for GSIs, they can help organizations manage the complexity inherent in cybersecurity and solve business challenges through implementation services.
Furthermore, organizations can address the skills gap through a consolidated, platform approach that reduces operational and technical expertise. This can be further supplemented through managed services. For example, a managed security service for the cloud can deliver 24/7 expert security management, continuous human threat hunting, monitoring, and response for cloud workloads, which can be thought of as an extension of a company’s SOC team.