According to a new report to be released on Monday by CrowdStrike, there is a leveling of the playing field between nation-states and cyber-criminal groups with wide-scope targeting. The report also brings to light key metrics defining the state of cybersecurity today across industries, including trends in tactics, techniques and procedures (TTPs) as well as new attack vectors. IT security experts commented below.
Mark James, Security Specialist at ESET:
“Detecting malware is only a small segment of protecting your networks and any data contained within- a good digital security solution should involve not only software but policies, procedures, education and network logging. Indicators are usually visible from any intrusion but the hardest part is separating them or identifying them from the normal day to day activities that happen within a network; software should help with the mundane tasks of detecting malware both old and new, but in some cases it’s the user interaction that will flag up the more obscure methods or “malware-free” trends we are seeing. It all boils down to knowledge, expertise and the ability to adapt to new scenarios or situations in real-time as they happen, something that’s not always easy. We should also consider the advantages of threat intelligence- this info both internal and external can show us trends and activity currently forming and enable the right people to act accordingly. Of course with the amount of attacks we are seeing each and every day, not everyone will be successful but we do have the tools to stack those odds for and not against us.”
Chris Day, Chief Cybersecurity Offer at Cyxtera:
“According to Crowdstrike’s recent report, it takes an intruder an average of just under two hours to begin moving laterally to other systems on the network. This poses an unacceptable level of risk. In some cases, attackers have roamed networks undetected for months or years before launching an attack. Traditional security has failed us in this regard. While we’ve reinvented and re-architected our IT technology rapidly over the last 20 years, security has not kept pace. Traditionally designed, planned and acquired almost in isolation from infrastructure and applications, we see a model that simply hasn’t kept up. Security is still largely static, dependent on endless tables of firewall rules in world of auto-scaling apps and roaming users.
“A modern security strategy must include offense and defence-oriented strategies. We must think like adversaries and aggressively simulate attacks and test for vulnerabilities. Defensively, we must accept that VPNs, NAC and firewalls are not sufficient. We need to put people at the centre of our security, with an identity-centric model that starts with a user, not an IP address. Organisations are increasingly turning to a “software-defined perimeter,” or SDP, solution, to provide better protection and greater control. With SDP, users are only granted access to applications and systems once your identity is authenticated. This technology then creates a secure, encrypted connection between that user and the approved resource – a segment of one – reducing the attack surface area by hiding network resources from unauthorised users, and eliminating lateral access to other resources on that network. Unauthorised resources aren’t just blocked at the network port – they’re completely invisible.
“Organisations must accept the reality that cybercriminals can be as effective as nation-state actors. Given sufficient time and resources, a skilled attacker – no matter their motivation – will always find a way into your network. With big payoffs at stake, a small but talented group of attackers can be as detrimental as nation state sponsored actors. To change the narrative, we must change how we view network security. Failing tools won’t produce different results. We must make it harder for cybercriminals to monetise their attacks by designing a resilient IT environment that prevents a single attack from turning into a full-scale wildfire. It’s all about layering in security throughout the network to reduce the attack surface as much as possible. At the most basic level, we must stop an attacker who compromises a single machine from getting unfettered access to the entire network. This is something software-defined perimeter technology was created to do. Along with defence-oriented strategies, we must approach the network like an attacker would. Advanced adversary simulation allows you to model an advanced persistent threat from inside your infrastructure and evaluate how your security team will react in the real world. Testing for unknown vulnerabilities is also necessary; most targeted attacks use Zero Day exploits. In terms of response, we must equip ourselves with tools that can do forensic analysis on traffic in real-time, and in an automated fashion. This dramatically reduces the timeline from discovering an intrusion to responding to it to prevent damage.”