Emerging Frameworks & Technologies that Combat the Rising Threat of Cyber AttacksAugust 23, 2021 No Comments
Featured article by Jeff Broth
The creation of the first computer virus in 1971 led to the development of the cyber security industry. Unfortunately, since then, new malware is created every day by threat actors who continue to develop the tools for their nefarious activities.
The cyber security threats grew in complexity and scale, and the attack surface also grew exponentially larger. But in this age of sophistication and the range of attack methods, you can identify some common causes of attacks:
- Deficient security assistance. Many employees still lack training and awareness. Take the use of passwords, for example. In 2020, 2.5 million people still used “123456″ as their password, which takes a second to crack.
- Vulnerabilities in the system. It was a hard lesson for SolarWinds, a software development company that was attacked by a Russian gang in early 2020. Employees shared the system flaw online and were picked up by the criminals, which led to the capture of administrative credentials of an account holder. SolarWinds has already spent around $18 million to $19 million in Q1 2021 for investigation and remediation due to the data breach.
- Inadequate assessment of security risks. Many firms, especially small and medium-sized companies, underestimate the risks. The average cost of a data breach in the U.S. is $8.64 million (2020). Aside from the financial losses, a data breach often leads to loss of consumer trust, along with hefty fines for failure to ensure data security.
Types of cyber attacks
Cybercriminals use different tactics to hack into vulnerable sites, such as malware, phishing, distributed denial-of-service, man-in-the-middle, SQL injection, DNS tunneling, zero-day exploitation, cryptojacking, and cross-site scripting (XSS). Include password attacks, eavesdropping/sniffing attacks, AI-powered attacks, drive-by, and IoT-based attacks into the mix, and you’ll know how difficult it is to maintain cybersecurity.
But what is cyber security for organizations? Cyber security for organizations ensures that your organization’s data is safe from attacks from internal and external actors. It is a means to ensure the integrity, availability, and confidentiality of your data. Cyber security means employing the most effective security program for the organization, continuously tested against common and current security threats.
1. Among the trends is ransomware. The financial reward is one of the incentives for the rise of ransomware attacks. In addition, the increasing dependence on digitization, and the remote working setup due to the pandemic, accelerated the activity.
2. Internet-of-Things or IoT attacks create new opportunities for a criminal gang. Aside from computers, servers, and mobile phones, wearable fitness trackers, smartwatches, voice assistants, and intelligent appliances share data, making it harder to install security applications, firewalls, and antivirus programs.
3. Attacks on cloud services are rising since cyber gangs are intent on discovering cloud vulnerabilities. Additionally, the widespread and rapid adoption of remote working increased the risk as more employers use cloud services.
4. The remote workforce is also vulnerable to social engineering attacks such as phishing because they are easy targets. Malicious emails, SMS, SIM jacking are just some of the social engineering attacks hackers employ to spread malware and eventually gain entry into an organization’s system.
Cyber security professionals have to deal with individual hackers and gangs and state-sanctioned cyber attacks today. In 2018, for example, the United States and the United Kingdom presented a joint statement, blaming Russia for the series of cybercrimes against consumers and organizations. The report led the FBI, U.S. Department of Homeland Security, and the National Cyber Security Center to warn businesses about Russian hackers’ cyber threats. But Russia is not the only country that backs some cybercriminal groups. Iran, North Korea, and China are also known to engage in state-sponsored attacks for espionage and disinformation.
Emerging frameworks and technologies
New technologies and methodologies for network security provide deeper insights into the threats, the actors, and methods to prevent cyber-attacks effectively.
Large enterprises used to have teams to test their security management systems’ effectiveness. The red team simulates an actual attack while the blue team monitors and maintains the network defenses.
But today, purple teams are more common, which is a combination of red and blue teams to do the testing and securing. It can be composed of a group from an IT consulting firm hired to audit and assess. Their findings help the organization understand the threats and improve, fine-tune, and configure the organization’s detection and response capability against real-world threats.
Pen testing (penetration testing) is another effective security exercise. “Ethical hackers“, otherwise known as cyber-security experts with pen testing certification are hired to attempt to break into a computer system to identify weak spots in the defenses. They use tools that produce SQL injections or brute-force attacks and social engineering methods to access the network. After completing the pen test, the IT department or the vendor can use the findings to upgrade network security, including DDoS mitigation, new WAF rules, and rate-limiting.
MITRE ATT&CK framework
If you need a more comprehensive analysis, the logical solution is to employ the MITRE ATT&CK™ framework, which has a complete list of attackers’ behaviors. The attackers’ techniques and tactics are divided into different matrices: enterprise, mobile, and pre-ATT&CK. The framework is helpful for mapping defensive controls, tools integration, threat hunting, information sharing, purple teaming, pen testing, detections and investigations, and referencing actors.
The importance of investing in cybersecurity
Investing in cybersecurity programs can be costly. According to projections, global cybersecurity spending will reach US$54 billion in 2021. For a small business in the United States, the average cost of investing in a cybersecurity program is about US$8,000 annually.
An attack on a small business can cost US$200,000 on average. Add to that the possible direct costs such as system repair, compliance and regulatory fines, public relations, and legal fees. There are also indirect costs, including business downtime, loss of customers, loss of intellectual property, and damage to the company’s reputation and credibility. Considering these potential losses and expenditures, the amount spent on a cyber security program is worth it.
Consulting a cyber security provider will help businesses determine the amount to spend on cyber security programs. In addition, the firm can tailor the security system to your needs, including support and system upgrades.
In today’s increasingly digital environment, no company is immune to a cyber attack. But there are ways to mitigate it through a cooperative and aggressive approach to get you prepared. Employ the tested preventive measures, such as employee training, automated crisis response process, knowing your enemy, and understanding new technologies. While you may have deployed an advanced cyber security solution, it is critical to assess it for vulnerabilities against new threats constantly.
DATA and ANALYTICS , Inside the Briefcase, SECURITY