The change in hacker tactics – and security technologies to thwart them

One thing is sure that change is consistent. Every industry and organization is transforming into new normal. To named few innovations cloud, Artificial Intelligence, security intelligence, automation etc. so the threat landscape too changing with exponential rate with new types of threat vectors. The recent data breaches making headlines – as a matter of fact, I believed needs to be as these big breaches has made big impact to businesses, corporations, government agencies and consumers. By learning from the investigation results and findings of the breaches, organizations can have opportunities to further strengthen their defenses and fill up the gapes, and they will be able to prevent and/or detect such adversaries early in the game before devastating damages occurs.

So, the question is why these breaches are happening? Is security professional behind the game and lacking the strategy or technology to defend their organizations?  I believe the answer would be not really? Over the few years, cybercrime has accelerated over two-digit fold. Due to some of the recent threats like ransomware, every organization is investing on unprecedented scale to implement latest and greatest technology & tools available, spending time & efforts in developing processes and procedure to prevent, detect and response adversaries. However, where is these investments are going? And still unable to stop the data breaches.

The real challenges in front of security professionals are, the evolution and innovation of threats and changes in the behavior of attacker’s tactics. According to “Cisco 2017 Midyear Cybersecurity Report” exploit kit activity has been declining dramatically since last year. Exploit kit is known to target vulnerabilities in Adobe Flash, Microsoft Silverlight, and Microsoft Internet Explorer technologies etc.

The downturn in exploit kit is accelerating spam volume and adversaries has been turning to tried-and -true methods such as email to distribute ransomware and malware to generate revenue and be market relevant as cybercrime industry is work a $billion. Email has potential to go straight to the endpoint – through crafted social engineering such as phishing and targeted spear phishing email, can easily dupe users and compromise the entire organization. These spam emails, can go undetected defeating many sandboxing technologies organization use to filer the email threats since it requires some type of user interaction such as clicking on the link embodied in the email body or opening attachment to infect the system, eventually deliver the payload. Therefore, the bad guys are now, relying on spam campaigns which is less resource intensive efforts.

The innovation in spam is Business email compromise, a growing challenge and currently the most lucrative and profitable method to extract a big amount from the businesses. Business email compromise involves an email spoofed such a way that it appears as come from co-worker or business partner. The email may appear to be from the CEO or another top executive, asking the recipient to send a wire payment or pay a vendor with urgency expressed in the message. Facebook, Google have been victims of business email compromise, because these fraud messages don’t contain malware or suspect links, and can usually bypass most of the sophisticated threat defense technologies.

Business email compromise costs an average US$1.6 billion per year as compared to ransomware exploit took about US$1 billion in 2016 per “Cisco 2017 Midyear Cybersecurity Report.”

The biggest data breach of 2017 from Equifax – a consumer credit reporting agency has devastating consequences due to the personally identifiable information stolen of 143 million customers. This type of cybercrimes remains the most expensive consequences of a data breach. The evolution in the threat landscape demands organizations to re-examine their investment on security defenses & protecting the business-critical data and prioritize the efforts to keep pace with these sophisticated and highly motivated cybercrimes.

As the threat landscape constantly evolves, security professionals need to deploy innovating security technologies across the enterprise to get the desired and relevant results with effectiveness and efficiency. Technologies such as AI, user behavior analytics and security intelligence has great potential in thwarting the cybercriminal away and preventing data breaches. According to the “2017 Cost of Cyber Crime Study” jointly published by Accenture and Ponemon Institute, innovations are generating the highest returns on investment.

Extensive use of cyber analytics, user behavior analytics and automation, orchestration and machine learning, however, were the lowest ranked technologies deployed enterprise-wide of the nine security technologies evaluated. And yet they provide the third and fourth highest cost savings for security technologies.

By balancing investments from less rewarding or ineffective technologies into these breakthrough innovation areas, organizations can improve the effectiveness of their security program and preventing big data breach.