Data from the latest Global Threat Intelligence Report by NTT Ltd supports the fact that cybercriminals are innovating faster than ever. Rory Duncan, Security Go To Market Leader UK, NTT Ltd, discusses some of the tactics that cybercriminals are using to initiate attacks and how organisations can leverage automation to help them become more secure and cyber-resilient.
Despite best efforts by organisations to layer up their cyberdefences, it is the hackers and saboteurs that continue to lead the race in cybersecurity. What’s more is that they are innovating faster than ever too.
As our world becomes ever more connected, so too has the attack surface, creating a huge playground for cybercriminals who now have multiple ways of stealing a company’s data – and often going largely unnoticed. They’re also taking advantage of innovative technologies such as Artificial Intelligence (AI), robotics and automation which means that we are now seeing cyberattacks taking place at machine speed.
Indeed, this is supported by the 2020 Global Threat Intelligence Report (GTIR) which reveals that some 21% of malware detected in 2019 was in the form of a vulnerability scanner, supporting the premise that automation is a key focus point of attackers.
Having experienced overwhelming success using tools such as web shells, exploit kits and targeted ransomware, adversaries are still developing effective multifunction attack tools and capabilities. Remote code execution (15%) and injection (14%) attacks were the most common techniques observed in the report globally. And in most cases, due to continued poor practice by organisations in relation to network, operating system and application configuration, testing, security controls and overall security hygiene, these attacks continue to be effective.
There’s also been a re-emergence of Internet of Things (IoT) weaponisation, with a resurgence of Botnets such as IoTroop and EchoBot who have reared their heads again but this time, with advanced automation and improving propagation capabilities. Unsurprisingly, attackers revert back to those attacks where they have the greatest success and that’s with vulnerabilities, such as HeartBleed, which may be several years old, but they haven’t been patched by organisations. It is attacks of this nature that make OpenSSL the second most targeted software with 19% of attacks globally.
The route to cyber-resilience
It’s clear that the only way that organisations can keep up is to beat attackers at their own game by leveraging automation to help them become more secure and cyber-resilient and keep pace with the changing threat landscape. Assisted by machines and data scientists, it’s now possible to predict when an attack is going to happen – and fast. For example, in NTT’s Security Operation Centres (SOCs), around 75% of the threats detected are now identified by supervised Machine Learning and threat intelligence.
Organisations need to ensure they’re fully equipped to be able to address the multitude of challenges that lay ahead. COVID-19 demonstrates just how fast things can change, so much so that it has brought about fundamental changes to the entire functionality of businesses. Being able to support employees is a pre-requisite for organisations in this potentially chaotic environment while not forgetting the need to meet the appropriate regulatory obligations as well as maintaining customer security from both a physical and data perspective.
Clearly communicating any changes to business and security requirements, policies and procedures are essential, as is providing employees with a means to flag anything that might obstruct their route to effective collaboration and workflow.
Using proactive intelligence capabilities to identify and quickly make decisions to manage risk will support business agility. Having full visibility across the information and communication technology environment should also be a priority so that you can manage risk and mitigate threats and ultimately, make fast decisions on how you can deal with those threats.
Penetration testing activities, including application testing and social engineering, should be regularly undertaken and being able to leverage intelligence services also adds a realistic approach from an attacker’s perspective. Governance, risk and compliance should be reviewed frequently, along with technical and non-technical assessments, to identify any potential areas of weakness.
Secure at every level
The current crisis has demonstrated the willingness of cybercriminals to take advantage of any situation, further emphasising the need for organisations to focus on security that enables their business and ensures that it’s cyber-resilient and built on secure-by-design initiatives.
Taking a secure-by-design approach will help to better protect organisations from innovative attacks. In short, it’s about focusing on what’s critical in the organisation and putting the right protection in place right from the beginning – across business process, technology, services and people.
Secure-by-design’ means being cybersecurity conscious at every level of the business, right up to board strategy level. This involves security being core to the overall business strategy. Adopting a secure-by-design approach means that the security strategy is aligned to what the business wants to achieve, as well as the business’ risk-tolerance, while an intelligence-driven cybersecurity posture enables businesses to be agile in the face of a changing threat landscape and technology ecosystem.
In practice, rather than bolting on security it should be built in at the beginning, whether that’s infrastructure (network, data centre, clouds), in the workplace (employees, buildings, customer experiences) or business transformation and innovation initiatives (such as the Internet of Things (IoT) or Operational Technology (OT), Blockchain, DevSecOps). As organisations continue their Digital Transformation, inherently secure solutions provide businesses with the services or capabilities required to cover the latest cyberthreat protection which is of significant value to them.
The increasing scale of connectivity and borderless Information Technology means organisations have no choice but to evolve to address a non-standard, disorganised world. The proliferation of devices, applications and interconnection of these worlds requires automation and faster analysis to ensure quick and appropriate action. As such, these procedures, controls or policies need to be built into technology solutions from the start to enable an agile digital business.
Digital Transformation, cloud computing, mobile devices, robotics, Machine Learning (ML) and Deep Learning are outpacing the security protections many companies have in place and making for a worsening threat environment. And this is why being able to quickly identify, protect and respond to potential threats will reduce the time it takes to thwart, restrict and manage attacks and their effects. In order to achieve cyber-resilience, organisations must embrace innovation to cope with the evolution of the attackers and unexpected risks to their business.