Responding to the changing threat landscape facing enterprises [Q&A]
Not so many years ago corporate IT security involved installing a firewall and antivirus solution. But the threat landscape has now become much more complicated and is changing faster than ever.
Companies need to be aware of these changes and make sure their security arrangements can keep up. We spoke to Shai Gabay, the chief innovation officer of security operations and advanced threat detection specialist CYBERBIT, to find out more about the risks and solutions.
BN: What is changing in the way bad actors are targeting IT organizations?
SG: Five years ago, an attacker could write a virus from a computer in his garage and spread it across hundreds of computers and organizations. Attackers' goals were mainly to have fun, gain publicity and cause harm. Today, hacking is a profession, and hackers are after money, sensitive information or political damage. They started to act more like business units in order to be more efficient and profitable, meaning they are no longer interested in just broadly distributing malware. Instead, they spend months choosing their target, studying its vulnerabilities, planning and coding the attack in order to stay under the radar, as well as reuse those codes within other attacks. Unlike old-school attacks, which ended in a damaged computer or a downed website, today’s attacks can last weeks or months and sustain huge monetary losses, with valuable, private data continuously being delivered to the attackers' servers. The bottom line is that today's attack motivations changed from high-value to high-profit, and they are more targeted and more persistent; attackers know their target organizations’ vulnerabilities and can cause more damage than ever. These factors obviously change the security game because when attacks are so unique and consistently changing, as is the case today, organizations cannot learn from the past and therefore cannot prepare and protect themselves in the future.
BN: With cyberattackers changing their approach, how are you seeing companies shift their IT security and endpoint security strategies to cope?
SG: Organizations have traditionally used firewalls, IPS and antivirus solutions to protect their networks and valuable data. These traditional measures can’t keep up with the new threat landscape because they rely on known traits and patterns, like bad IPs or malware signatures, to identify bad actors. However, relying on such global definitions is ineffective when it comes to sophisticated attacks that were crafted specifically for a target organization. Therefore, security executives are complementing their security infrastructure with new approaches that exceed attackers’ sophistication. They’re also implementing products like endpoint detection and response (EDR) that are equipped with machine learning and big data analysis capabilities in order to learn the organization’s normal activity and surface highly sophisticated malicious activity within seconds.
Organizations are also looking for ways to deal with the growing shortage of security experts, while the number of attacks and their sophistication level continues to grow. In order to address this shortage of talent, many organizations have deployed solutions that automate security operations to reduce the time needed for human analysis and response, add context and prioritize alerts and improve overall visibility of the network. And for organizations that don’t have the capital or resources to build out in-house operations teams, outsourcing to managed security services providers (MSSPs) can help them stay ahead of new exploits.
BN: Which industries are at the greatest risk for these attacks?
SG: Traditionally, the highest-value targets were those managing assets and compensation, such as banking, insurance and healthcare companies. By targeting industries with highly sensitive data, attackers have a better chance of big payoffs. However, with the emergence of ransomware cybercrime, non-financial organizations have also become lucrative targets for financially motivated attackers. CryptoWall, one of the most active forms of ransomware, is estimated to have accrued more than $18 million.
Another industry at risk is critical infrastructure. Many plants and utilities that oversee oil, gas, water, energy and other major municipal needs use distributed, old and non-standard networks, and managers may not have complete visibility into all the devices that make up those systems. More advanced, standardized and internet-connected IT networks are often connected to the older, operational technology (OT) networks. These touch points are not always known and documented, and these blind spots offer hackers a better chance of infiltrating neglected connections and shutting down critical processes.
BN: What will businesses need to do to effectively fight cyberattacks in the future?
SG: We've seen several major challenges that the industry will need to overcome. In light of the growing complexity of threats businesses need to understand that complete threat prevention is impossible. They will eventually suffer a data breach, so the question has now become not if, but when. As a result, companies need to shift budgets from prevention to better detection and response. This will allow them to more quickly detect and address advanced threats before major damage is done. Additionally, organizations need to look for tools that augment or replace human processes using automation and machine learning. This will provide them with the visibility and context that they need to help their teams operate more effectively, while also freeing security staff to adopt a proactive approach to handling the unknown, rather than mopping up from past incidents.
Lastly, one obstacle is the cybersecurity talent shortage. Today, junior analysts need to learn on the job, given the brand-new threats teams witness on a daily basis. Furthermore, even when you find high quality talent, in most cases, they will be very technologically adept, but won't necessarily have the experience of seeing and dealing with actual threats. Just as you wouldn't want a fighter pilot or a surgeon learning on the job, so more organizations are learning that cybersecurity simulators can help with better training for their security experts from an environment that’s closer to real life with advanced scenarios.
Image Credit: Lightspring / Shutterstock