Demands and expertise of the security industry are driven by technological advancement on both sides of the attack/defence fence
Increased computer power, artificial intelligence, and tools on the Dark Web are equipping cyber attackers with the resources to launch more sophisticated and destructive attacks. Reactive defenses are no longer enough to stop attackers from infiltrating even the best security architectures. Environmental dynamics are also changing and disrupting resiliency with the rapid adoption of cloud infrastructure and the proliferation of IoT devices. The concept of a perimeter as we have known it is disappearing, and the battle against cybercrime has moved inside the network. With this shift, organisations need to rethink their security strategies as well as the tools they have traditionally come to rely on.
The threat landscape shift over the last 20 years
Attacks are getting both more and less sophisticated. More sophisticated in the targeted phishing email attacks and less in the “spray and pray” attacks that bombard similar companies with similar forms of attacks. With these, instead of being strategic, they are being opportunistic and preying on the mistakes and simple misconfigurations that lead way to an easy attack. Earlier forms of attacks focused on credit card and PHI theft, these remain active but are also now accompanied by ransomware and crypto-mining attacks (mining and the theft of cryptocurrencies) in an effort for simpler and more instant gratification.
Changes to the threat landscape are changing the strategic considerations of boards and business leaders
With the increased risks of a cyber attack, cybersecurity needs to be on the mind of both boards and business leaders. This is not only to prevent disruption of service and loss of revenue, but also to maintain a competitive advantage. Business must constantly innovate in the services the offer and in how they are delivered. Falling behind will be at the expense of customer loyalty and sales. Plus, with the change in generational interests, not appealing to the millennial need for open and on demand access could also result in company obsolescence.
The role cybersecurity companies have to play in guiding organisations through this ever-changing, always evolving, threatscape
Cybersecurity companies must adapt their approaches to security and solutions to align with the new perimeter-less network. This will drive a shift in thinking and product design to address security in multi-cloud, IoT, and other inter-connected environments. Better solutions will also need to be provided that deliver more accurate detection, remove false positive alert fatigue, and provide adversary intelligence so that an organization can completely eradicate the threat and fortify their defenses. Cybersecurity companies also need to align with newer technology innovators so that systems can automate for information sharing and response action. An example of this would be taking a deception technology detection alert and feeding the adversary intelligence to a SIEM or Threat Orchestration Tool. Achieving a full detection fabric across all attack surfaces with coverage for all attack methods requires multiple technologies. Collaboration amongst the technology vendors plus helping organisations understand how to align their security stack will result in optimal protection and detection results.
Threats will continue to evolve and be challenging to keep in front of. Instead, I would suggest readying for the attacks based on the methods, which tend to be very consistent. By using technologies that provide early and accurate detection of these activities, an organisation can stop an attack early in the attack lifecycle and before they are likely to cause harm. Noting, new technologies, deception is playing a critical role in providing early detection for these attack methods across legacy and emerging attack surfaces.
- Stealing local credentials
- Looking for file shares and connected systems
- Network recon – hosts (production assets) and open doors on the hosts (open ports)
- Query AD – to find user and system accounts
- Man-in-the-Middle attacks (MitM) – steal credentials in transit