Shifting Cyber Threat Landscape Requires Continuous Security Validation

Featured article by Jeff Broth

The spate of high-profile cyber attacks does show that in today’s digital environment, the question is no longer “if ” but “when” (a firm will be a target). However, the culprit is sometimes not system vulnerability but human error, complacency, outdated security programs, and lack of cybersecurity awareness.

For example, this month of August 2021, hackers stole $600 million in cryptocurrencies from Poly Network, a decentralized finance platform (DeFi) that works across several blockchains. Poly Network said that the hackers exploited a vulnerability between contract calls. But the hackers returned most of the cryptocurrencies they stole after a few days, except for the $33 million tokens frozen by Tether.

In the case of the Murata data breach in June 2021, an engineer from a Chinese subcontracting company (IBM Dalian Global Delivery) downloaded project management data without permission and uploaded it to his account on a cloud service. The download included 72,460 documents, including 30,000 documents containing financial and sensitive business partner and employee information.

Flagstar Bank in the U.S. suffered data breaches from January to March 2021, losing social security numbers and mailing addresses of customers and employees by exploiting a flaw in third-party file transfer software. In addition, the Microsoft Exchange data breach occurred in March 2021, affecting several servers of about 30,000 to 60,000 organizations worldwide, such as banks, schools, government agencies, and the European Banking Authority, among others.

One of the biggest attacks was on Taiwan computer company Acer in March 2021. The ransom demand was US$50 million. Since the company refused to pay, the attackers exposed the stolen data on the dark web.

CNA Financial, a financial and insurance company in the U.S., was attacked by ransomware in May 2021, which paralyzed the company for a few days. The ransom demand was US$60 million. CNA finally paid the ransom demand of US$40 million. French insurance company AXA was also a victim of ransomware in the same month. Attackers stole three terabytes of data, causing the company to lose about US$5.5 billion.

Current cybersecurity market trends

In 2020, the value of the cybersecurity market was US$156.24 billion. With the increase in cybercrimes, companies are developing new programs, and organizations are responding by installing more robust network security platforms. As a result, the size of the cybersecurity market will grow by US$352.25 billion by 2026.

Today’s growth of the cybersecurity market comes from the requirement to report cybersecurity incidents and the rise in cyberattacks. Also driving the demand is the adoption of IoT/M2m connections, reduced cost of devices, and the number of connected devices, from consumer electronics, wearables, cars, machines, and others.

But despite the recommendation of security professionals to implement strategies defined by the MITRE ATT&CK framework, identity management solutions, more robust security platforms, such as biometric identification and facial recognition, and deploying continuous security validation to stress-test their security stance, more than 80 percent of companies still use traditional login methods and weak security standards.

Primary market trends

According to projections, the defense and aerospace segment will have significant growth because of the high susceptibility of airplane guidance and navigation systems. The Asia and the Pacific region will be one of the fastest-growing markets as the region since India and South Korea are experiencing an increase in cyber attacks.

Regarding solutions, the market has programs for unified threat management, data prevention loss, intrusion detection system/intrusion prevention system, risk and compliance, DDoS, SIEM, advanced persistent threats, and identity and access management.

Cybersecurity gaps enterprises need to address

Despite the numerous public reporting of cyber attacks, many enterprises are still slow to implement better network security. When talking about security gaps, enterprises still have to address:

– Unpreparedness. They need to test their security programs before a breach happens and be ready to respond.

– Unknown threats. Enterprises must know the threats by keeping up to date with developments.

– Lack of monitoring. Enterprises must identify the threats early by having the proper monitoring solutions in place to minimize vulnerability.

– Security for remote workers. Enterprises with remote workers should extend their cybersecurity to the workers’ homes, including securing their devices.

– The risk from vendors and third parties. It’s vital to ensure that the third parties and vendors are trustworthy and known to provide robust security programs.

– Employee training. Many companies still do not provide cybersecurity awareness training to their employees, although this is one of the essential defenses for network security.

– Insider threat. Companies should be aware that human error is a significant threat to their network security.

Strategies in addressing security gaps

Employee training for security awareness is critical. Building their internal skills on cybersecurity ensures that their employees understand end-to-end security issues, compliance and standards, and keeping a robust security posture.

Prioritize the hiring of talented IT staff. However, Gartner suggests that it is not the size of the IT staff that can successfully face the threats but a lean team of core professionals, and delegating some of the security prevention actions to every member of the enterprise.

Using more effective monitoring and testing methods. For example, penetration testing simulates cyber attacks against the company’s computer system to check for vulnerabilities that criminals can explore. In addition, you can use it to intensify a web application firewall. One of the most extensive and proactive methods today is continuous security validation. Using the MITRE ATT&CK framework can help establish one’s strategy for emulating a cyberattack using an attack vector from the framework’s matrix to test the enterprise’s cyber defenses to validate its strength and effectiveness. The results of the test will identify security gaps.

Implementing continuous security validation

Continuous security validation tests if your security programs have weaknesses. The vendor can send a testing team to the client to conduct the test. From the MITRE ATT&CK framework matrix, the testing team can choose an attack vector and launch an attack on the client’s system by mimicking the exact procedures, techniques, and tactics hackers use. The test determines security gaps and applies remediation. The framework is constantly updated to ensure that the validations use the current attack trends. “Continuous” means scheduling the validation regularly to ensure that the network security protocol remains impenetrable. In addition, results from the validation tests can help identify priority issues that need addressing.

In closing, the only way to mitigate the onslaught of cyberattacks today is to use the most effective security programs and platforms, from monitoring to continuous security validation, to ensure the safety of enterprises systems against known cyber threats.

Image: Unsplash