CDW Executive SummIT: Leaders Can Leverage Adversary Intelligence to Thwart Attacks

Shifting Your Security Mindset From Prevention to Preparation

“Bad things happen to good people, and cyberattacks are a perfect example,” said Rex Washburn, data solutions architect and head of modern data platforms at CDW. He noted that security teams today can follow every step in a playbook and attacks still will occur. With threat actors evolving faster than most security teams can patch vulnerabilities, Washburn said, “organizations must prioritize cyber resiliency and risk mitigation over the illusion of total prevention.”

A cyber resilient mindset focuses less on blocking every attack than it does on bouncing back from breaches and reducing downtime.

The amount of acceptable downtime varies per organization. “How long can your company survive being down?” Washburn asked. “For some, it’s one to three days. That downtime must be spent in an environment that offers both compute resources and guaranteed isolation from reinfection.”

Why Data Resiliency Is the New Cyber Resiliency

For Rashid Rodriguez, cyber resiliency practice lead at CDW, “data resiliency is a kind of cyber resiliency,” he said. In other words, how fast can your team recover lost data and respond to an incident? “You don’t know how long a threat actor has been hiding in your environment,” he said. That’s why a “multistep approach is key,” added Gary McIntyre, managing director of cyber defense at CDW. To achieve data resiliency, experts suggested immutable storage, continuous data validation and an isolated recovery environment.

FIND OUT: How to build a modern cyber recovery environment.

An isolated, secure environment helps teams evaluate compromised data and validate clean backups. “Customers often say it’s not worth it,” Rodriguez says, “but when production is hit, this becomes essential.”

These clean rooms, also referred to as cyber recovery environments, are organization’s last line of defense. They help teams restore operations after an attack, McIntyre writes in a CDW blog.

Typically, a CRE includes immutable storage, strict access controls, regular data validation and test simulations so teams can keep operations running during an incident.

Click the banner below to become an Insider and gain exclusive insights after the CDW Executive SummIT.

Know Your Enemy: An Adversary-Centric Approach

The better security teams know their adversaries, the better their defenses. “There are three types of threat actors: nation-state, e-crime and hacktivists,” Felker said. “Most nation-states want data. They have an agenda that’s related to the government and its policies. E-crime is financially motivated adversaries, as opposed to activists who have some sort of cause. Maybe they don’t like an agenda, and that could be terrorists as well.”

“If a threat showed up in a new remote environment, maybe even one that’s used by some of the vendors, would you know? If the answer is no, then you need to implement a solution,” he said. “There are a lot of adversaries that we track, and they’re collaborating.”

DIG DEEPER: Arm your organization with threat and vulnerability management solutions.

Felker shared five critical defense strategies to combat these attacks:

1. Secure identities: Identity and access management is the new perimeter, since humans are the weakest link in cyberattacks.
2. Defend the cloud: Cloud environments must be secure, and IT leaders can set up a shared responsibility model, in which certain users are responsible for securing different aspects of the cloud computing environment.
3. Eliminate cross-domain visibility gaps: Unify all endpoints, network and cloud telemetry.
4. Adversary-driven patching: Prioritize active exploitation points, not just severity scores.
5. Know your adversary: Don’t just collect threat intelligence, operationalize it.

Felker also shared a few examples of global adversaries such as Curly Spider and Scattered Spider that are bypassing traditional defenses. The North Korean group Famous Chollima used AI-generated résumés to get hired at U.S. companies. And according to the CrowdStrike report, “LLM-generated phishing messages had a significantly higher click-through rate (54%) than likely human-written phishing messages (12%).”

Using AI To Fight Social Engineering Attacks

“Use AI to fight AI,” said Insurity CIO and CISO Jay Wilson. “Ask a large language model, ‘What are the vulnerabilities in my system?’ or, ‘Write me a phishing email.’”

The goal isn’t to launch real attacks, of course, but to simulate the mindset and tactics of cybercriminals. “Use this to also see what the cyberattacker bots are seeing,” Wilson said.

RELATED: How to detect and remove threatening web shells.

This kind of red-teaming can help security teams identify what areas are most exposed and understand the language of their adversaries in social engineering attacks.

Mike Rapplean, vice president for the central region at CDW, said these strategies should be used in tandem with foundational security practices. “You can’t trade security for speed,” he cautioned. “AI’s promise is transformative, but it must be deployed with careful governance and risk awareness.”

Follow our live news coverage of the CDW Executive SummIT here, on the social platform X at @BizTechMagazine and by using the hashtag #CDWExecutiveSummIT.