Sophistication of cyberthreats – combination of independent hacker organizations and state actors

In the fourth topic of this blog series, Report from the Field – CISO’s Top Concerns, we examine how cyberthreats from a combination of independent hackers and state-sponsored organizations are becoming more intense and sophisticated, and how Chief Information Security Officers (CISOs) can be proactive to mitigate them. 

We know that the frequency and sophistication of cyberattacks continues to rise globally. According to our Global Threat Intelligence Center (GTIC) 2017 Q2 Threat Intelligence Report:

• Cyberattacks were up 24% globally during Q2 2017.
• 67% of malware attacks were delivered by phishing emails.
• The speed of attacks continues to increase exponentially once a proof of concept code is released.

In addition, according to the Center for Strategic and International Studies, in September 2017 alone: Russia compromised the personal smartphones of NATO soldiers deployed to Poland and the Baltic states; China allegedly inserted malware into a common PC management tool that targeted major international technology firms; the SEC reported that cybercriminals accessed the agency’s files in 2016 and used the information for illicit trading; and credit monitoring firm Equifax disclosed a data breach that revealed 143 million people’s full names, social security numbers, birthdates, addresses and driver’s license numbers, as well as 209,000 credit card numbers.

Cyberattacks from independent hacker organizations and state sponsored hackers are winning the battle in which enterprises fight to stay cyber secure. Cybercriminals, whether they are individuals or state-sponsored, are increasingly operating more like businesses, and cybercrime is now so lucrative that criminal groups are able to operate like legitimate organizations. They are devoting time and resources into finding the fastest, easiest, and most advanced methods of breaching security systems.

The tools that cyber criminals are using are advancing as well. In the same way network security tools are developed and released, cyber criminals can pick up a wide inventory of tools that can make it easy for those who don’t have a technical background to launch a cyberattack.

A Defense in Depth approach, where multiple layers of security controls are placed throughout your IT system, still has its merits as a strategy; however, you should extend your security controls to devices that you no longer can control.

A proactive approach is needed to mitigate cybercrime, whether it’s state-sponsored or done by an individual. Below is a good guide to follow when setting up your own program.

Begin with a thoroughgoing inventory of your physical, logical and digital assets. Identify and classify the most critical ones.

Next, focus on monitoring and responding by employing a robust and targeted network and system monitoring plan using advanced SIEM technology. Increasing the use of threat intelligence with actionable outcomes is also key to a proactive security approach. In addition, you can employ advanced analytics to provide early indications of coordinated attacks across multiple platforms and multiple networks. Early warning and actionable threat intelligence inputs to help to deter attacks before they penetrate your network’s defenses.

It’s crucial to have a mature incident response system in place. Your incident response capability should be comprised of multiple resources, including third-party suppliers who can provide targeted, timely resources when and where you need them. This process should be reviewed multiple times a year to ensure that enterprise business changes have not negatively impacted your incident response capabilities.

An additional proactive approach includes combing your Red teams with your Blue teams to create a Purple Team that would maximize and guarantee the effectiveness of both group’s activities.

One more aggressive vulnerability management strategy includes shortening the time of mandatory patching to increase the effectiveness of the applied patch and reduce your security exposure by ensuring that all devices are compliant with patch requirements. This also minimizes end user downtime due to poor patch deployments or application management.

Cyber threats are growing in intensity and sophistication each day. A comprehensive risk analysis and proactive strategy that employs visibility, detection, prevention and ultimately, response, is crucial to truly defend against cyberattacks.