Preparing for a year of unknown, unknowns in cyber security

Today’s threat landscape is constantly evolving. In 2016 in particular, we’ve seen a huge shift with adversaries penetrating organisations from the DNC to WADA and gaining access to sensitive documents that were later leaked to embarrass individuals. Yet, while many believe that this trend starts and ends with a contentious election, it’s not something that’s going away in 2017. In fact, we’re starting to see continued and varied threats, most recently with DDoS attacks taking down the likes of the EU commission.  

Overall, the pace and variation of exploits driven by technically astute adversaries, will only gain momentum in the coming year if not managed effectively. Mike East, VP Sales EMEA at CrowdStrike forecasts his predictions for 2017 and beyond

No impenetrable defence

Whether a Fortune 500 company, a family run business or a utility company, all businesses are vulnerable and proactively sought after as attack targets. Whether by a nation-state group, a criminal network or an independent hacker, they’re all in the firing line. Yet, we’re moving beyond fines, damage to corporate reputation and a number of scary headlines. In 2017, the manipulation of data to remove its integrity will be significant enough to send companies under. 

Organisations need to be continually and proactively assessing their networks to understand how they are compromised. Too many are focusing on the “known” bads, rather than trying to understand the threat of the “unknown.”

In intelligence, we trust

Organisations today are also exhausted by “alert fatigue”, where security professionals are cast in the role of passively reviewing tones of alert data, much of which ends up being confirmed by those humans as false positives. This often means security teams are stuck in a reactive mode and not preventing breaches from happening. Businesses need actionable intelligence to overcome this hurdle and get ahead of the threats that could compromise their business.

Ultimately, we can’t properly interpret today’s threat landscape without understanding the impact of global economic developments and geopolitical events. Just because something happens miles away, it doesn’t mean it won’t wash up on your doorstep in the form of an attack. Intelligence needs to be added to the equation so that we can anticipate and detect potential threats and defend against new tactics, techniques and procedures.

Security takes on new meaning for the c-suite 

Regulatory fines and disclosure of embarrassing leaks still haven’t eliminated the problem. Yet, awareness across the business around spotting and responding to threats is critical. If even the most senior leader in a business can be duped by a phishing attempt, what does that mean for an organisations’ wider security posture? While the CIO or CISO may ultimately be the “accountable executive,” everyone in the organisation, especially the C-suite, owns the data and has a responsibility to protect it.

We’re already seeing Fortune 500 companies starting to take a totally different approach to how they manage security as they think about an attack, as when not if. An important lesson in this journey is understanding that more spending doesn’t equal more security – it’s a cybersecurity paradox. Businesses need to think in terms of risk prevention and mitigation and understanding what the risks to their business are and taking proactive steps to detect and prevent them.

‘New Age’ attacks on the rise

The exponential rise in connectivity and data loads is having significant impacts on expanding business networks and opening more doors for hackers. In fact, it’s increasing the surface layer of attack, particularly with regard to ransomware that has grown in prevalence throughout the year. 

In fact, businesses should get used to criminals’ sharp business acumen and psychological button-pushing. It’s likely what’s fuelled the attacks we’ve already seen on hospitals and healthcare organisations and will only continue as adversaries acknowledge the opportunity to make much more per ransom transaction than targeting the average user.

In fact, an added layer of pressure will be created in 2017 as advanced exploit tools become open source. We are seeing tradecraft that has traditionally been adopted by the most sophisticated, well-resourced adversaries move down the food chain. This will pose a major threat to businesses as eCrime actors will be able to capitalise on advanced intrusion methods. We are already seeing this trend unfold with new age attacks like ransomware and Mirai-based botnets that will likely continue to be easily accessible, and therefore, spread widely.  

So long, legacy

The inherent limitations in conventional security defences has been illustrated in the well-documented proliferation of cyber-attacks across all industries. As such, we’re beginning to see indicators of a tectonic shift away from legacy solutions as people start thinking differently about security. This has been a slow ball that's been rolling down the hill, and it's really picking up momentum heading into 2017, where it will likely reach a critical mass.

Businesses are starting to work out how they can get more visibility across their entire network, augment and then entirely replace their legacy systems with next-gen solutions. The industry has been talking about replacing these for 15 years and now we are finally starting to see the trend accelerating.

Whether part of criminal groups or nation-state operations, adversaries can move faster than ever before, mutate malware and actively change exploit tactics or IP addresses. Reactive cybersecurity methods are now obsolete.

At the organisational level, businesses need to be extremely vigilant and continually reviewing their networks for signs of intrusion activity.

  • Check your system for irregular activity and indicators that you may have already been hacked.
  • Continue to proactively hunt for adversaries and check your security policies and procedures. Leverage Threat Intelligence to understand actors and their behaviour/intent.
  • Ensure you have defenses that appropriately detect modern threats such as next-gen antivirus

Mike East, VP Sales EMEA at CrowdStrike
Image Credit: Den Rise / Shutterstock