Cyber attacks are shutting down countries, cities and companies. Here’s how to stop them

Cyber Attacks The Sting 2018

Credit UNODC. Photo: Credit UNODC.

This article is brought to you thanks to the strategic cooperation of The European Sting with the World Economic Forum.

Author: Noam Erez, Co-Founder and CEO, XM Ltd.

What if a cyber attack took over a government’s IT network, bringing an entire nation to its feet? Does this seem like a far-flung scenario? It isn’t. In April 2018, the small independent Caribbean nation of Sint Maarten faced a total public shutdown for an entire day. The previous month, the city of Atlanta was crippled by a ransomware attack that lasted two weeks and cost nearly $3 million.

In the US alone, Baltimore, Charlotte, Dallas and San Francisco have been victims of cyber attacks during the past year, following (ironically) a transition to smart city technology. Although the smart city concept has created more connected cities, the lack of cybersecurity preparedness often creates serious security vulnerabilities. So what can organizations seeking to advance to smart infrastructures, cloud networks and IoT environments do in the face of rising cyber threats?

The growing costs of a fading security perimeter

The cyber threat landscape is an immense challenge for security practitioners. Today’s Chief Information Security Officers (CISOs) must contend with threats on multiple fronts, causing the perimeter to both expand and deepen in size. The jury’s still out on whether cyber attacks are a bigger threat to mankind than nuclear war, but networks are certainly more vulnerable than ever. The FBI reports that more than 4,000 ransomware attacks occur daily, while other research sources state that 230,000 new malware samples are produced every day.

The notorious attacks of the last few years have finally propelled cyber security to the top of the boardroom agenda, and raised the level of criticality to new heights. As a result, global security expenditure reached $86.4 billion in 2017, with no sign of abating. On the contrary, Gartner forecasts that industry spend in 2018 will reach $93 billion, as traditional security measures such as firewalls and anti-virus software prove to be inadequate.

The state of the cybersecurity frontier

The volume and severity of attacks over the past year mean that in 2018, organizations are no longer asking if they can be attacked; rather, they are asking how they will be attacked. Realizing that the perimeter is rapidly diminishing, organizations are waking up to a reality where the security battlefield is playing out inside their network.

A fading perimeter, combined with the transition to the cloud and deployment of myriads of IoT devices, mean that the attack surface is expanding. The risks for organizations are increasing greatly, as standards and policies fail to keep up. At this point, even consumers are worrying.

The early viruses and worms that targeted networks have evolved into something altogether more powerful and problematic. These new attack vectors prefer to be slow and low, moving laterally within networks and often slipping in and out unnoticed, as though the entire network was fenceless. They are forcing organizations to step up their knowledge of cyberattacks and adopt new Tools, Tactics and Processes (TTPs) for defending their network from within.

Here are some considerations towards 2020 in the attempt to contend with the advancing capabilities of threat groups:

Advanced Persistent Threats (APTs) pushing the perimeter

The most lethal vectors of attack today can often be attributed to APTs. APT refers to a network attack by a third party that gains unauthorized access and remains undetected for a lengthy period. APTs are renowned for their high level of sophistication, use of bespoke software back doors and zero-day vulnerabilities.

An ominous trait of APTs is their ‘persistency’ factor, since advanced hackers seek to remain in the network undetected for a lengthy period, until they pursue their end goals. Today, APTs are particularly dangerous because of the strategic intent behind the bodies planning, funding and running them.

These threat actors launch APTs at networks to access sensitive data and systems, creating a reputational and operational risk for their targets. They often take advantage of shadow IT loopholes, poor IT hygiene and human error. Today no network, irrespective of size or type, is immune to these attacks.

The cybersecurity skill set crisis

While hackers are gaining expertise and APTs are becoming more sophisticated, existing security controls are not keeping up. A growing shortage of security personnel is making matters worse. By the end of 2018, one to two million cybersecurity jobs could remain unfilled. About six million cyber security analysts will be needed, yet only four to five million will be available to fill these positions.

Not only are IT security teams lacking the necessary skills for dealing with increasingly sophisticated and even automated attacks, but 36% of organizations say they believe turnover is higher among security staff than for other departments in the organization.

The rise of red team attack simulations

To address the skills gap, organizations have been turning to security service providers to test their resilience. These agents conduct staged attacks to find out how susceptible an organization is to cyberattacks.

Often referred to as red teams, they exercise focused offensive attacks on the organization’s applications, network and data. Although red teams conduct a simulated attack, they usually perform the task at a single point of time. They must also be highly coordinated with the internal security defence team, otherwise known as the blue team, to fix security holes and minimize time gaps.

Although highly trained red team experts can claim success at exposing security threats, they still represent the human factor. Unfortunately, operational setbacks and organizations’ ineffective approaches can limit their ability to deliver an ongoing strategy for preventing APT attacks. Even organizations that can afford their own internal red and blue teams struggle to prevent real-life attackers. Facing costly time gaps, as well as coordination and budgetary issues, they still enable attackers, in particular stealthy players, to continue to move laterally and work under the radar.

The transition to automated attack simulation

Automated attack simulation, coupled with the ability to follow up with rapid remediation, could tighten the noose around an APT attack and ease the skills shortage. A network that can run multiple attack campaigns at all times could, in effect, operate as an automated red team army 24/7, and keep the organization in a perpetual state of reconnaissance.

Nevertheless, an offensive attack campaign cannot be truly effective unless the vulnerabilities discovered are remedied immediately. This is crucial, as there must be no opportunities for attacks to slip in between the cracks. Actionable and prioritized remediation by the blue team must follow suit immediately, after every blind spot and loophole is discovered. It must form a continuous and rapid attack and remediation loop that never ceases to function.

The new purple order

The task of continuously collaborating between the red teams and blue teams in a perpetual loop falls on the automated purple team. An automated purple team combines the attack vectors and vulnerabilities found by the red team with the defensive tactics from the blue team, to build the strongest security programme possible.

The act of collaboration not only forms a fluid 24/7 attack and remediation cycle, but also enables both the offence and defence teams to learn from each other and improve as they go. With a purple team running continuously, companies will be able to follow prioritized remediation guidelines and ensure that they are made aware of new threats as soon as they appear.

Finally, organizations, cities and countries will be able to regain network superiority, defend against relentless attempts to infiltrate their critical infrastructures, respond to the skills shortage and move to remediate attack vectors immediately.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Featured Stings

China is among the 20 most innovative economies for the first time

Eurozone needs more than some decimals of growth

This forgotten chemical element could be the key to our green energy future

Joint U.S.-EU Statement following President Juncker’s visit to the White House

Thai citizenship means ‘dream of a brighter future’ for cave rescue boys, says UN Refugee Agency

Trump rejects Europe’s offer for zero car tariffs; he had personally tabled that idea in July

Eurozone: Bank resolution proposal gains wider interest

MWC 2016 LIVE: CEOs issue rallying call to drive ‘gigabit economy’

A renewed agenda for Research and Innovation: Europe’s chance to shape the future

EU and US close to an agreement on data sharing amid European citizens’ concerns

We lack a global framework for saving our environment. Here’s how we change that

Driving structural change through global value chains integration

EU summit: No energy against tax evasion and fraud

10 things Europe does better than the rest of the world

One Day in Beijing

Juncker Investment Plan for Europe welcomed by European Youth Forum

TTIP’s 11th round major takeaways and the usual “leaked” document

EU Summit/Migration: Parliament calls for joint solutions based on solidarity

German and French bankers looted the Irish and Spanish unemployed

6 ways to ensure AI and new tech works for – not against – humanity

Why Italy will not follow the Greek road; Eurozone to change or unravel

UN chemical weapons watchdog adds new powers to assign blame, following attacks

Backed by UN agency, countries set to take on deadly livestock-killing disease

Why sustainable products are a win-win for all of us

What lessons to draw from the destruction of Syria

How close is the new financial Armageddon? IMF gives some hints

Obama turns the G20 summit into warmongering platform

The role of junior entrepreneurs as a bridge between academia and business world

UN agriculture agency digs in to help forests and farms build resilience to climate change

Education and Training: where do we stand in 2014?

Germany and France only care about keeping their borrowing cheap

Assault on key Yemeni port would endanger 300,000 children and ‘choke off’ aid for millions more: UNICEF chief

Knowledge management and entrepreneurship: short term vs. long term perspective

Scotland in United Kingdom: It’s either the end or the beginning of the end

COP21 Breaking News_05 December: Carbon Price Needed for Climate Change Success

G20 LIVE: G20 Leaders’ Communiqué Antalya Summit, 15-16 November 2015

Presentation of Juncker’s Investment Plan: Can 315 billion euros save the EU?

More answers from Facebook ahead of Parliament hearing today

Press conference by EC Vice-Presidents Valdis Dombrovskis (left) and Jyrki Katainen, on the Commission's proposals in the framework of the financial union (Source: EC Audiovisual Services / Copyright: EU, 2018 / Photo by Georges Boulougouris)

EU Finance ministers agree on new banking capital rules and move closer to Banking Union

A critical European young voice on Net Neutrality: the distance between Brussels and Washington

FROM THE FIELD: Sailing a traditional and sustainable path in Fiji’s tropical waters

A Sting Exclusive: “Climate change-the biggest global health threat of the 21st century, yet overlooked in climate negotiations?” IFMSA wonders from COP21 in Paris

Cultural diversity can drive economies. Here are lessons from India and South Asia

A few, or rather two, trade and economic alliances may rule our brave new world

World Population Day: ‘A matter of human rights’ says UN

MWC 2016 LIVE: EC adds Brazil to partner tally

At Ministerial session, UN regional office in Beirut to focus on technology for sustainable development

This robot has soft hands. It could be the future of sustainable production

2013, a Political Odyssey: What future for Italy?

Eurozone recession subsides

Use space technology to build a better world for all, urges UN chief

The European Brain Drain: a truth or a myth?

EU seeks foreign support on 5G from Mobile World Congress 2015 as the “digital gold rush” begins

ILO: Progress on gender equality at work remains inadequate

Sub10 Systems @ MWC14: Bridging the Ethernet of the Future

How Germany strives to mold ECB’s monetary policy to her interests

Three scenarios for the future of geopolitics

‘No steps taken’ so far to end Israel’s illegal settlement activity on Palestinian land – UN envoy

Trade, entrepreneurship and the future of ASEAN’s economy

Czech Babis, Austrian Kurz and others threaten Europe with nationalist populism

More Stings?

Comments

  1. I suggest you on of the best security product for Cyber security that is LTS Secure. LTS Secure Intelligence Driven SOC is integrated Context-aware Security protection platforms that provides and integrate prediction, prevention, detection and response capabilities by leveraging adaptive security framework.

    Regards,
    LTS Secure

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s