In this article George Patsis, CEO of Obrela Security Industries discusses how cybercriminals are relying on poor security protocol and vulnerabilities to target organisations of all sizes, and why a more comprehensive approach to detection and response is necessary to help fight against the growing number of attacks.
At the end of last year Capcom, a major Japanese video game developer, was victim to a ransomware attack by the Ragnar Locker cybercrime gang. The attackers accessed the company’s network, compromised devices and stole 1TB of sensitive personal data from thousands of individuals associated with Capcom.
The security incident resulted in whole portions of the company’s network being shut down, as Ragnar Locker demanded a ransom of $11 million in exchange for a decryption tool, and the agreement to refrain from publishing the stolen data online. The attackers were able to access Capcom’s vast network infrastructure through an old VPN backup device stored by the company’s North American subsidiary.
This incident is just one example among hundreds which highlights the dangers of having poor visibility across an IT network. Unmonitored devices can provide gateways for hackers and, as demonstrated with the Capcom attack, the repercussions can be vast.
Such incidents demonstrate the pressing need for organisations to elevate their security defences to survive in today’s evolving threat environment. However, security teams cannot face this battle alone, so they have to enlist the help of others, outsourcing some of their security operations to Managed Detection and Response (MDR) providers. These services provide security teams with a unique advantage in predictability, preparations and response, equipping them with all the knowledge needed to protect their organisations against any potential cyber threats.
Attacks from all sides
The threat landscape is ever-evolving, with new attack avenues being exploited every day by malicious actors. Now, more than ever, precautions must be put in place to defend against the ever-growing number of critical attack vectors, as the pandemic has expanded the attack surface, and this has not gone unnoticed by cybercriminals. The results of such changes can be easily seen when comparing the number of attacks witnessed between 2019 and 2020.
As many businesses migrated to the cloud to deal with remote working needs, traditional perimeters became almost redundant over the past year. Data from Obrela Security Industries demonstrates how such changes have resulted in system perimeter breaches dropping by 30% in 2020, as threat actors sought alternative vulnerabilities within the new business structure.
Email attacks were one of the techniques that cybercriminals preferred to utilise as they modified their methods, with email attacks increasing drastically by 210% in 2020 compared to 2019. The number of insider threats also increased by 20% indicating that organisations need to prioritize identity and access management (IAM) as operating systems with legacy support are slowly phased out. APT and Malware attacks similarly rose by 23% during 2020, as cybercriminals sought to extract data and capital from supply chain and high-profile organisations, while nation-state hackers reaped havoc with critical national infrastructure.
Overall, there was an increase across a range of threat vectors as the pandemic caused the threat landscape to expand and boundaries between the office and home to blur. The data alone gathered from the past two years demonstrates the importance of an all-encompassing and comprehensive detection and response method. The threat landscape has drastically changed as attackers have moved away from the perimeter. Therefore, companies are safer replying on MDR providers who have an in-depth understanding of the threat landscape as they work with on it everyday.
Reducing overhead and streamline operations
Not only has the pandemic had a negative effect on the threat landscape, but it has also put a strain on those trying to protect organisations from the growing number of threats. The pandemic has put an unbearable amount of pressure on security teams, with 75% of security professionals feeling more stressed now than they did two years ago. Fortunately, an efficient and automated solution can support struggling security teams, with automation being a top concern for security specialists.
Automated detection and response systems help to put all the data in one place, which makes the process more secure by providing security teams with the full picture, while also including the much-needed business risks. In turn, this can reduce the workload of security teams while increasing their efficiency and reducing overall costs. An automated model can also help with the customisability of risk tolerance, reporting needs, notification requirements, console and visualisation, classification and access management preferences, contributing to what is ultimately a tailored security response system specific to a businesses needs.
In light of the multitude of attack vectors and the dissolution of the perimeter, it makes no sense for organisations to compartmentalise their intelligence data and adopt multiple solutions to tend to the multiple components of the infrastructure. To protect against the ever-present threat of cybercrime, a comprehensive detection and response solution is essential for correlating data across the expanses of the digital universe.