This article was originally a podcast published by Avant Technology Insights.
The link between solving business challenges and security has become tighter and more complex than ever before. As the cybersecurity landscape continues to evolve with more attacks, security strategies need to make critical pivots in response. How and why are threats getting worse, and more importantly, what are IT leaders doing to keep up? Buckle up as we explore the causes behind today’s more frequent attacks and take a deep dive into the assumptions your security strategy needs to make in order to be effective now.
The attacks themselves are getting worse in three different ways:
The sheer volume of them has gone up so much even in the last year or so, as well as the severity. Today, if you look at cyber defenses, in many ways, it is absolutely an attackers playfield. The advantage is currently placed on the attackers, because they only have to be right one time. Meanwhile, to defend themselves, corporate network IT teams or service provider network teams have to be right all the time. And that’s certainly changing the equation.
We’re also facing threats from a lot of different directions. It’s no longer the stereotypical hacker in a hoodie, so to speak, that’s trying to penetrate a network. It’s also script kiddies, unsophisticated attackers, cyber gangs, insider threats, competitors, ransomware-as-a-service, hacking-as-a-service, all the way up to nation state attacks. Enterprises that are trying to defend their corporate networks are trying to do all of these things at once. And in many cases, they’re trying to do all of these things with a wide variety of tools and vendors to manage, which only adds to the difficulty.
Even five years ago, if someone wanted to launch a relatively sophisticated attack on a corporate network, they had to be relatively sophisticated themselves. But with the growth of things like tool kits and ransomware-as-a-service, an extremely unsophisticated attacker can now purchase targeted exploits designed to penetrate networks or serve as ransomware. Someone who doesn’t know very much about computers at all can actually do some significant damage. When you pair that with the reality that the risk-reward ratio for cybercrime is unfairly balanced (rewards are high while the risk of being caught is low) you can clearly understand the causes for the increases in attacks.
It’s changing the game, because most corporations’ number-one threat now is ransomware. And the number-one way that ransomware is delivered is via phishing. In fact, 91% of cyber attacks last year started with someone clicking something in an email. It’s been a threat vector that’s been around for almost 30 years now, and it’s still extremely effective as a way to get inside networks and past firewalls.
What’s the key to protecting yourself given today’s situation? Consensus in the cybersecurity community has evolved quite a bit. Three years and five years ago, we would be talking a lot about defense and depth, or a perimeter-based security, or rule sets for looking for certain types of malware. But these days, most cybersecurity professionals are now talking about dwell time, network segmentation, managed detection and response, and Zero Trust.
Today, instead of defending all attacks, it’s more about reducing dwell time–which is how long the bad guys are inside the network environment. It’s also more about segmentation. So, if someone does penetrate your network, they can’t access the entire corporate environment. Most people are talking about managed detection and response, which leverages both advanced security analytics and human security analysts to capture and identify when an attacker penetrates and then immediately act to minimize that damage. These have been large pivots over the past few years.
A Zero Trust scenario works under the assumption that the network has already been compromised, and there’s really nothing you can do except user authentication. Thus, knowing how to do authentication around users, groups, and roles is an important initial step. Another key capability is using AI and machine learning to watch for anomalous behaviors. This is very similar to the approaches credit card companies use to catch fraudulent charges on your credit card. It knows when something looks unusual. Additionally, Zero Trust doesn’t trust user devices or machines. Here’s just one example why user machines can’t be trusted: It’s very common for employees to let their kids play with their iPad today. Video games, accidental clicks on phishing emails–it’s world of possibilities. Thus, Zero Trust assumes that user devices will bring malware back into the office. These are all today’s modern approaches for cyber defense.
Pioneering threat detection and response for 19+ years, Masergy is uniquely positioned to help enterprises design and execute on modern threat detection and response strategies that addresses dwell time, network segmentation, behavior analysis, cloud security, and SD-WAN security. Learn more about our scalable approach to security that includes technology, analytics, and a global team of certified security analysts—all working together.