One other issue that retains CISOs from incorporating extra offensive security into their methods is concern about exposing vulnerabilities they don’t have the power to handle, Mellen provides. “They will’t unknow that they’ve these vulnerabilities in the event that they’re not capable of do one thing about them, though the hackers are going to search out them whether or not or not you establish them,” he says.
Nonetheless, Mellen and others contend that it’s crucial for CISOs to implement and increase OffSec measures now as hackers more and more leverage AI to launch extra focused and extra refined assaults at a quicker clip. To counteract hackers’ rising capabilities, consultants say CISOs should grow to be quicker in figuring out and shutting security gaps — which is precisely what OffSec permits CISOs to do.
“Offensive security is extra essential than it was earlier than, as a result of menace actors are utilizing AI-enabled instruments to develop assaults we haven’t skilled earlier than. Again when hackers have been utilizing script kiddies, assaults have been pretty predictable,” says Aimee Cardwell, CISO in residence at tech firm Transcend and former CISO of UnitedHealth Group. “Now hacks are so esoteric, they’re nearly exhausting to know. And when you’re solely counting on scanning, you’re not catching potential vulnerabilities early sufficient or in any respect. It’s worthwhile to constantly be in search of them via offensive security.”
