Expect the year 2017 to be one of unknown, unknowns in cyber security, writes Mike East, VP Sales EMEA at the US cyber security product company CrowdStrike.
Today’s threat landscape is constantly evolving. In 2016 in particular, we’ve seen a huge shift with adversaries penetrating organisations from the DNC to WADA and gaining access to sensitive documents that were later leaked to embarrass individuals. Yet, while many believe that this trend starts and ends with a contentious election, it’s not something that’s going away in 2017. In fact, we’re starting to see continued and varied threats, most recently with DDoS attacks taking down the likes of the EU commission.
Overall, the pace and variation of exploits driven by technically astute adversaries, will only gain momentum in the coming year if not managed effectively.
Whether a Fortune 500 company, a family run business or a utility company, all businesses are vulnerable and proactively sought after as attack targets. Whether by a nation-state group, a criminal network or an independent hacker, they’re all in the firing line. Yet, we’re moving beyond fines, damage to corporate reputation and a number of scary headlines. In 2017, the manipulation of data to remove its integrity will be significant enough to send companies under. Organisations need to be continually and proactively assessing their networks to understand how they are compromised. Too many are focusing on the “known” bads, rather than trying to understand the threat of the “unknown.”
Organisations are also exhausted by “alert fatigue”, where security professionals are cast in the role of passively reviewing tones of alert data, much of which ends up being confirmed by those humans as false positives. This often means security teams are stuck in a reactive mode and not preventing breaches from happening. Businesses need actionable intelligence to overcome this hurdle and get ahead of the threats that could compromise their business.
Ultimately, we can’t properly interpret today’s threat landscape without understanding the impact of global economic developments and geopolitical events. Just because something happens miles away, it doesn’t mean it won’t wash up on your doorstep in the form of an attack. Intelligence needs to be added to the equation so that we can anticipate and detect potential threats and defend against new tactics, techniques and procedures.
Regulatory fines and disclosure of embarrassing leaks still haven’t eliminated the problem. Yet, awareness across the business around spotting and responding to threats is critical. If even the most senior leader in a business can be duped by a phishing attempt, what does that mean for an organisation’s wider security posture?
We’re already seeing Fortune 500 companies starting to take a totally different approach to how they manage security as they think about an attack, as when not if. An important lesson in this journey is understanding that more spending doesn’t equal more security – it’s a cybersecurity paradox. Businesses need to think in terms of risk prevention and mitigation and understanding what the risks to their business are and taking proactive steps to detect and prevent them.
The exponential rise in connectivity and data loads is having significant impacts on expanding business networks and opening more doors for hackers. In fact, it’s increasing the surface layer of attack, particularly with regard to ransomware that has grown in prevalence throughout the year.
In fact, businesses should get used to criminals’ sharp business acumen and psychological button-pushing. It’s likely what’s fuelled the attacks we’ve already seen on hospitals and healthcare organisations and will only continue as adversaries acknowledge the opportunity to make much more per ransom transaction than targeting the average user.
The inherent limitations in conventional security defences has been illustrated in the well-documented proliferation of cyber-attacks across all industries. As such, we’re beginning to see indicators of a tectonic shift away from legacy solutions as people start thinking differently about security. This has been a slow ball that’s been rolling down the hill, and it’s really picking up momentum heading into 2017, where it will likely reach a critical mass.
Businesses are starting to work out how they can get more visibility across their entire network, augment and then entirely replace their legacy systems with next-gen solutions. The industry has been talking about replacing these for 15 years and now we are finally starting to see the trend accelerating.
Whether part of criminal groups or nation-state operations, adversaries can move faster than ever before, mutate malware and actively change exploit tactics or IP addresses. Reactive cybersecurity methods are now obsolete.
