Trending Articles

04 Dec 2022
Tech

Groundhog Day: Stop Making the Same Cybersec Mistakes

The last year was extraordinarily difficult for many. One field in particular struggled with the joint aftershocks of WFH, shifting remote work processes, and increased international tension. This was the cybersecurity community, as they scrambled to mitigate the impacts of severely critical vulnerabilities and malicious actors.

2022’s recently-published Verizon report sheds a comprehensive light on the vulnerabilities that ricocheted throughout enterprise systems last year. It’s now crystal clear that your data needs an extra layer of management, reporting and protection, such as that offered by a Security Fabric solution.

The Verizon Report

The Verizon Data Breach Investigations Report (DBIR) is a publication that logs and publishes in-depth yearly analyses of information security incidents. Though they retain an overarching focus on data breaches, their analysis also discerns between data breaches and security incidents, allowing us to see the ratio of attempted to successful attacks.

Produced by the Verizon RISK team, the first publication was released in 2008. The team gathers data from a large variety of organizations, across the private and public sectors, distributed across the globe. This includes national incident-reporting entities, law enforcement agencies, private security firms, research institutions, and Verizon. The length of time that the reporting covers allows for a fantastic oversight to how threat actors have shifted techniques and attack vectors throughout the years.

But the DBIR isn’t only focused on looking backwards: the team continues to push for an even greater contribution to the cybersecurity community. Every year, their data set increases as Verizon expands its list of contributors. The 2021 report analyzed and logged a total of 23,896 security incidents, of which 5,212 were confirmed breaches.

What Have They Found?

The hardest part of cybersecurity is keeping up with ever-shifting attack trends. This is a core component to protection. Cybercriminals are uniquely skilled at high economic returns on their attacks, thanks to the fact that they often hit as many organizations with each attack as possible. Bespoke attack patterns would be costly and labor intensive; attackers know that, in the vast majority of cases, quantity rules over quality. Knowing the attack vectors that are circulating in your industry, or amongst your suppliers, is a key way of staying ahead.

This blind trust of partner and third-party organizations was one contributing factor to the continued dominance of ransomware. With its strings of malicious code that lock up your files and database, ransomware places the attacker at total control over your systems. They only relinquish this upon the payment of a sizable sum of money. Rates of ransomware increased by almost 13% year-over-year in 2021. In fact, 2021’s increase was as big as the last five years’ combined.

Whereas ransomware attacks are primarily financially motivated, others take a uniquely political stance. Enter, the second major security threat: the supply chain attack. Supply chain attacks describe the process of an attacker compromising a single company in a supply chain – such as a software developer – in order to escalate their control over large numbers of their customers. The initial victim amplifies the attack itself, and it’s powerful. Supply chain attacks made up 62% of intrusive incidents this year.

2021’s horrific SolarWinds breach is a frightening example of a supply chain attack. In early 2020, hackers secretly broke into SolarWinds’ systems and injected malicious code into the company’s software updater. The system in question was called ‘Orion’, and played a major role in the management of IT resources across tens of thousands of large clients.

Modern software is regularly patched and updated, as developers fix bugs, add new features, and generally maintain their applications. Beginning as early as March of 2020, the SolarWinds developers started issuing updates as per usual. Unfortunately, the attackers had already injected the malicious code into the updater – meaning that the software devs were unwittingly spreading it. The code created a backdoor in customers’ servers, allowing hackers to enter and upload even more malware.

SolarWinds supplies critical software to a large number of Fortune 500 companies and governmental organizations. Up to 18,000 companies were compromised in the attack, including parts of the Pentagon, the Department of Homeland Security, and the Treasury. Companies such as Microsoft, Cisco, Intel, and Deloitte were also involved, as were a number of educational institutions.

The fallout continued throughout 2021, and marked the worst supply chain attack on record.

As the same attack vectors return year after year, increasing in strength and impact, many security researchers and employees are becoming increasingly frustrated with the frequency with which the same issues arise. Organizations failing to learn from previous mistakes produces a Groundhog-day effect that exhausts employees and destroys the trust of customers.

Now to Not Become a Statistic

Reliance on the web is only going to grow. Strong security frameworks are now a necessity, and identifying and minimizing your attack surface is an increasingly competitive affair. While cybercriminals work to gain ever-higher profits, it’s up to you to fend for your customers’ data.

There are two parts to hardening your attack surface; they are both equally necessary. The first part is implementing a comprehensive and automated security framework. This needs to classify and observe all data in your possession, offering complete scalability as you grow.

High-quality solutions not only classify and flag ungoverned data, they also remove the risk of exposed data that is shared throughout distributed environments. It will continuously monitor who’s accessing your sensitive data, and what they’re using it for. This identifies intruders before they become a security nightmare.

The second vital step is to educate employees. Social engineering attacks enter and exploit a company via the employees. Take steps to create a judgment-free culture, where employees are not afraid to come forward with mistakes they’ve made. Education, with the end goal of cybersecurity literacy, is the other side of the coin.

Education and security fabric solutions could have blocked the vast majority of threats laid out in the DBIR. Knocking your organization out of this downward spiral of bigger attacks is possible, but requires a truly comprehensive security solution.

Review Groundhog Day: Stop Making the Same Cybersec Mistakes.

Your email address will not be published.

Related posts