If we use the latest cyber security report from Accenture as a benchmark, I think it is safe to say that currently the cyber criminals are winning. In fact if Cybercrime was a business it would be six times larger than Apple. With an estimated cost to the global economy of $6 trillion in 2021, equivalent to $11.5 million a minute, there is clearly no letting up.
Yet this dire situation is not through lack of trying, or more accurately not through lack of spending. It is estimated that $181 billion will be spent on cybersecurity in 2021, up from $105 billion back in 2015, that’s an increase of around $12 billion year-on-year.
So, with an increase in spending, yet no sign of curbing the cyberattacks, is it that the global approach is all wrong?
I have felt for a long time that the industry is focusing too heavily on breach detection, whilst downplaying breach prevention. Perhaps there is a better approach.
To focus on a set of specific attacks might imply that the issue is unique to a particular hack, when in fact I believe the issue is a much wider problem.
Some points to consider might be:
- After a huge breach, do the security team always manage to kick out the hackers?
- Have you ever come across a hack which was impossible to stop?
- If you can kick a hacker out after an attack, why can’t you prevent them in in the first place?
The point I am making is that hackers are just following a process, they are not all elite hackers who cannot be stopped. Hackers will exploit known weaknesses, so the more weaknesses your business has, the more likely the hackers will find and exploit them.
Learning from others’ mistakes
Let’s look at some of the recent big attacks and hopefully you’ll begin to see the pattern. Starting with TravelEx, the hackers broke through a vulnerability in their Checkpoint firewall, a vulnerability which was patched by Checkpoint 18 months earlier. How is it possible that TravelEx didn’t apply the patch? It would be fair to assume that they have the resources, and operating within the financial market, they are clearly a potential target. Did they have an asset risk register?
Hackers were able to obtain the credentials of two admins and go on to steal 4.5 million customer records, including some credit card and personal information. Three questions immediately spring to mind:
- Why did the admins have access to so much data, surely there should be more data controls around accessing the data?
- How were the credentials obtained, are they using creds in multiple systems?
- Why wasn’t two factor authentication and other security barriers in place before having access to the data?
Given this is the second hack in 18 months, there must be a relaxed culture towards security, especially for both accounts to be compromised.
Is there a trend between getting hacked and pure breach detection?
What does proactive security look like?
It’s not just about rolling out a specific set of security tools to protect your business, it’s about making security a fundamental part of every key decision and service, ensuring that all of your defences are working. Most importantly you are doing the basics brilliantly. Whilst you are probably aware of the following considerations, evidence suggests that lots of businesses are in fact, skipping the basics.
- Have you got the right security tools for the job?
I would recommend the following for any organisation.
- Antimalware on all devices (yes all, that includes Macs and Linux boxes).
- Web proxy on all workstations.
- Cloud based patching solution on all devices (again don’t forget the Macs or Linux machines).
- Monthly automated vulnerability scanning.
- Automated Darkweb ID searches.
The critical part of managing those tools is ensuring that they are installed on everything and that they are doing their job. For example, it is no good having antimalware that is out-of-date or a patching solution that is stuck on repeat trying to install a particular patch. The term set it and forget it, does not really apply, regular checks must be carried out to ensure processes are still working correctly.
- Have you configured the tools correctly?
Cloud apps are brilliant and give you access to some of the best security in the world. Big Cloud providers such as 365, G-Suite, Salesforce, Hubspot, and Egnyte to name just a few, are world leaders in cybersecurity, and provide fantastic security tools, but if you don’t switch them on, they’re of no benefit.
Multi factor authentication (MFA) is a prime example of this. MFA blocks 99.9% of Office 365 email business compromise attacks. However, only 10% of logins are using MFA, 10%!
- Are you checking your systems as frequently as the hackers?
It is no longer enough to perform annual, bi-annual, or even quarterly checks, the hackers are working a lot more efficiently than that. You need to be checking on a weekly basis, ideally more. If you have more than 100 employees, things will need adjusting, there will be starters/leavers, new apps coming online and constant adjustments to your systems.
Why would you not?
The resistance towards this approach is often due lack of time to perform the check and implement the fixes, rather than a lack of belief in the benefits. This is where ThreatAware’s latest feature of built-in remediation comes into play, it’s that extra resource that you’ve been lacking. Tasks such as applying updates, running virus scans, and even deploying missing tools, can all be done straight through the console.
See how easy protecting your business can be.
Reference: Ponemon institute 2020 report