Research from Verizon revealed that 68% of cyberbreaches take more than six months to discover and 76% of breaches are financially motivated. It means businesses need to take a more proactive approach to cybersecurity. Ali Neil – Director of International Security Solutions at Verizon, offers five tips for implementing an effective strategy.
We know that cybercrime is a real business risk today – seemingly every week another report of a major data breach emerges. With so much at stake if a breach is incurred – loss of customer data, intellectual property, brand reputation and more – companies need to adopt a risk-based approach to invest wisely and prioritise how they allocate their budgets.
They need to think about the holistic end-to-end purpose of their security operating model to counter-this-risk and spend their money wisely and to greatest effect.
Hackers do not alert businesses to their presence. In fact, the Verizon 2018 Data Breach Investigations Report (2018 DBIR) found that 68% of breaches took months or longer to discover and alarmingly 87% of the breaches examined had data compromised within minutes or less of the attack taking place.
The ultimate aim of cybercrime is not random; security controls shouldn’t be random either.
Our findings saw 76% of breaches are financially motivated with 13% of breaches motivated by the gain of strategic advantage (espionage).
The security industry as a whole has a responsibility to help businesses take a more proactive approach to their security. Increasing confidence through education and helping them to understand the threats they face, are the initial steps to implementing solutions that will be effective in the prevention of cybercrime.
Five key guidelines for businesses in monitoring and combatting this daily threat of cybercrime are as follows:
1) Know your risk posture and change your security strategy accordingly
Research shows that 90% of board members do not understand the cyber-risk profile of their business and considering today’s changing threat landscape this leaves many business vulnerable to the cyberdangers out there.
One thing that’s certain is that a dynamic and proactive security strategy is the best option for mitigating against risk. Security programmes must contain continuous improvement and budgets and effectiveness regularly validated to keep them on target with the challenges of the day. However, traditional risk evaluation is often done through point in time engagements which are soon out of date and supply chain audits are increasingly burdensome, diverse in method and costly.
CIOs making a businesses or purchasing decision can now access a dynamic snapshot of their risk profile that is relevant to their industry.
This is fused with company specific dark and deep web intelligence and utilises a company risk scoring tool-set enabling businesses to make data-driven security decisions based on their risk and efficiently adapt their security posture in real-time to address any gaps that are identified in their profile. A security that’s based on what’s happening right now is an obvious choice if you’re serious about protecting yourself against cybercrime.
2) Hunt and confront threats with intelligence
The next step is engaging and using cyberintelligence to effectively hunt and confront cyberthreats head on. The timely automation and analysis of cyberintelligence is a game changer in beating cybercriminals at their own game. Used correctly, cyberintelligence can make the difference between preventing a serious cyberattack – or an attack bringing a business to a standstill.
Verizon operates one of the largest global IP networks, which gives us insight into what threats are being made against a large portion of the world’s data traffic. Cross referencing this with intelligence gleaned from over a decade of analysis from our DBIR series, enables us to offer our customers a treasure trove of cyberintelligence that is hard to beat. This information enables a security professional to identify threats early in the cyber-kill chain and put combative action into place. Basically, this enables us to help our customers to hunt out cyberthreats early in the game.
3) Optimise the usage of data you already have to track cyberthreat tracking
Not every business has the budget or opportunity to engage professional security personnel to help review cyberintelligence to determine what security solution is required. However, there are automated, end-to-end, threat hunting tools available that optimise data organisations’ already have. They perform much of the identification, investigation, analyses and decision-making of security professionals, but with computer-driven precision, speed and scale.
They work by automating the hunt for compromised or infected assets by applying data science concepts and Machine Learning technologies, transforming gigabytes of log data, multiple threat intelligence feeds and varied raw threat indicators into a prioritised list of high-quality alerts with reduced false positives.
4) Educate employees so they know of the ongoing dangers
Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98% of social incidents and 93% of all breaches investigated in the 2018 DBIR – with email continuing to be the main entry point (96% of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities.
More importantly we have seen pretexting incidents increasing over five-fold since the 2017 DBIR, with 170 incidents analysed this year (compared to just 61 incidents in the 2017 DBIR). Eighty eight of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns.
This clearly demonstrates the need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’ first line of defence, rather than the weakest link in the security chain. Ongoing training and education programmes are essential, such as role-specific training to users that are targeted based on their privileges or access to data.
5) Share information to break the silence associated with cybercrime
Verizon has always prided itself on sharing information on cybercrime and threat patterns – that is one of the key factors behind the publication of our annual DBIR. We believe that only by sharing cybercrime information can companies and governments effectively combat cyberthreats. This year, DBIR data gathered from around the world was made accessible to information security practitioners in order to get them to understand the evolving threats they face. The Verizon DBIR Interactive tool, an online portal, enables organisations around the globe to explore the most common DBIR incident patterns from the report.
It is our intention that this sharing of information continues – now and in the future. We hope that companies will continue to proactively share information on breaches as time progresses. Barriers are already lowering, as businesses discover that there is more to be learned from sharing than from sitting in silence.
These are just initial steps towards developing a security strategy that is based on actionable data insights and intelligent security solutions. Continuing to evolve security according to today’s threat landscape is critical. The security landscape will continue to evolve – and we all need to work together if we’re going to be able to keep one step ahead of the cybercriminal.