Cyber attacks are shutting down countries, cities and companies. Here’s how to stop them

Cyber Attacks The Sting 2018

Credit UNODC. Photo: Credit UNODC.

This article is brought to you thanks to the strategic cooperation of The European Sting with the World Economic Forum.

Author: Noam Erez, Co-Founder and CEO, XM Ltd.

What if a cyber attack took over a government’s IT network, bringing an entire nation to its feet? Does this seem like a far-flung scenario? It isn’t. In April 2018, the small independent Caribbean nation of Sint Maarten faced a total public shutdown for an entire day. The previous month, the city of Atlanta was crippled by a ransomware attack that lasted two weeks and cost nearly $3 million.

In the US alone, Baltimore, Charlotte, Dallas and San Francisco have been victims of cyber attacks during the past year, following (ironically) a transition to smart city technology. Although the smart city concept has created more connected cities, the lack of cybersecurity preparedness often creates serious security vulnerabilities. So what can organizations seeking to advance to smart infrastructures, cloud networks and IoT environments do in the face of rising cyber threats?

The growing costs of a fading security perimeter

The cyber threat landscape is an immense challenge for security practitioners. Today’s Chief Information Security Officers (CISOs) must contend with threats on multiple fronts, causing the perimeter to both expand and deepen in size. The jury’s still out on whether cyber attacks are a bigger threat to mankind than nuclear war, but networks are certainly more vulnerable than ever. The FBI reports that more than 4,000 ransomware attacks occur daily, while other research sources state that 230,000 new malware samples are produced every day.

The notorious attacks of the last few years have finally propelled cyber security to the top of the boardroom agenda, and raised the level of criticality to new heights. As a result, global security expenditure reached $86.4 billion in 2017, with no sign of abating. On the contrary, Gartner forecasts that industry spend in 2018 will reach $93 billion, as traditional security measures such as firewalls and anti-virus software prove to be inadequate.

The state of the cybersecurity frontier

The volume and severity of attacks over the past year mean that in 2018, organizations are no longer asking if they can be attacked; rather, they are asking how they will be attacked. Realizing that the perimeter is rapidly diminishing, organizations are waking up to a reality where the security battlefield is playing out inside their network.

A fading perimeter, combined with the transition to the cloud and deployment of myriads of IoT devices, mean that the attack surface is expanding. The risks for organizations are increasing greatly, as standards and policies fail to keep up. At this point, even consumers are worrying.

The early viruses and worms that targeted networks have evolved into something altogether more powerful and problematic. These new attack vectors prefer to be slow and low, moving laterally within networks and often slipping in and out unnoticed, as though the entire network was fenceless. They are forcing organizations to step up their knowledge of cyberattacks and adopt new Tools, Tactics and Processes (TTPs) for defending their network from within.

Here are some considerations towards 2020 in the attempt to contend with the advancing capabilities of threat groups:

Advanced Persistent Threats (APTs) pushing the perimeter

The most lethal vectors of attack today can often be attributed to APTs. APT refers to a network attack by a third party that gains unauthorized access and remains undetected for a lengthy period. APTs are renowned for their high level of sophistication, use of bespoke software back doors and zero-day vulnerabilities.

An ominous trait of APTs is their ‘persistency’ factor, since advanced hackers seek to remain in the network undetected for a lengthy period, until they pursue their end goals. Today, APTs are particularly dangerous because of the strategic intent behind the bodies planning, funding and running them.

These threat actors launch APTs at networks to access sensitive data and systems, creating a reputational and operational risk for their targets. They often take advantage of shadow IT loopholes, poor IT hygiene and human error. Today no network, irrespective of size or type, is immune to these attacks.

The cybersecurity skill set crisis

While hackers are gaining expertise and APTs are becoming more sophisticated, existing security controls are not keeping up. A growing shortage of security personnel is making matters worse. By the end of 2018, one to two million cybersecurity jobs could remain unfilled. About six million cyber security analysts will be needed, yet only four to five million will be available to fill these positions.

Not only are IT security teams lacking the necessary skills for dealing with increasingly sophisticated and even automated attacks, but 36% of organizations say they believe turnover is higher among security staff than for other departments in the organization.

The rise of red team attack simulations

To address the skills gap, organizations have been turning to security service providers to test their resilience. These agents conduct staged attacks to find out how susceptible an organization is to cyberattacks.

Often referred to as red teams, they exercise focused offensive attacks on the organization’s applications, network and data. Although red teams conduct a simulated attack, they usually perform the task at a single point of time. They must also be highly coordinated with the internal security defence team, otherwise known as the blue team, to fix security holes and minimize time gaps.

Although highly trained red team experts can claim success at exposing security threats, they still represent the human factor. Unfortunately, operational setbacks and organizations’ ineffective approaches can limit their ability to deliver an ongoing strategy for preventing APT attacks. Even organizations that can afford their own internal red and blue teams struggle to prevent real-life attackers. Facing costly time gaps, as well as coordination and budgetary issues, they still enable attackers, in particular stealthy players, to continue to move laterally and work under the radar.

The transition to automated attack simulation

Automated attack simulation, coupled with the ability to follow up with rapid remediation, could tighten the noose around an APT attack and ease the skills shortage. A network that can run multiple attack campaigns at all times could, in effect, operate as an automated red team army 24/7, and keep the organization in a perpetual state of reconnaissance.

Nevertheless, an offensive attack campaign cannot be truly effective unless the vulnerabilities discovered are remedied immediately. This is crucial, as there must be no opportunities for attacks to slip in between the cracks. Actionable and prioritized remediation by the blue team must follow suit immediately, after every blind spot and loophole is discovered. It must form a continuous and rapid attack and remediation loop that never ceases to function.

The new purple order

The task of continuously collaborating between the red teams and blue teams in a perpetual loop falls on the automated purple team. An automated purple team combines the attack vectors and vulnerabilities found by the red team with the defensive tactics from the blue team, to build the strongest security programme possible.

The act of collaboration not only forms a fluid 24/7 attack and remediation cycle, but also enables both the offence and defence teams to learn from each other and improve as they go. With a purple team running continuously, companies will be able to follow prioritized remediation guidelines and ensure that they are made aware of new threats as soon as they appear.

Finally, organizations, cities and countries will be able to regain network superiority, defend against relentless attempts to infiltrate their critical infrastructures, respond to the skills shortage and move to remediate attack vectors immediately.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Featured Stings

Syria: Civilians caught in crossfire, UN refugee chief urges Jordan to open its border

A Sting Exclusive: “There can be no global deal on emissions without China and the USA”, Conservative MEP Ian Duncan stresses from Brussels

Vendor Pulse – 2000

Eurozone: Subdued inflation can lead to more recession

A rapid deterioration of the humanitarian situation in the war-torn Yemen

Girls still being treated as aliens in medicine in the 21st century

Statement by the Brexit Steering Group on UK paper on EU citizens in the UK

Europe on the Move: Commission completes its agenda for safe, clean and connected mobility

Bayer’s cross at night (Copyright: Bayer AG)

The EU clears Bayer-Monsanto merger amid wide competition and environmental concerns

A European student just sets the question of the day: What kind of education policies are missing in Europe?

ECOFIN: Choosing between the re-unification of Eurozone and a stalemate

Millions of young lives ‘at risk’ says UN labour chief, calling for an end to child labour

JADE Testimonial #3: Sebastian @ Fundraising

First-ever EU defence industry fund to finance joint development of capabilities

Trump stumbles badly on his Russian openings; Europeans wary of Putin

A Sting Exclusive: “One year on from the VW scandal and EU consumers are still in the dark”, BEUC’s Head highlights from Brussels

Will the European Court of Justice change data privacy laws to tackle terrorism?

“C’est la vie”? French recession and unemployment to linger in Eurozone

ECB: Growth measures even before the German elections

UN official sees ‘unprecedented opportunities’ to make progress on peace in Afghanistan

Happens now in Brussels: Green Week sets the EU and global climate policy agenda

The “Legend of the Sun” wishes you Happy Chinese New Year 2015 from Brussels

MWC 2016 LIVE: The top 5 themes of this year’s Mobile World Congress

Merkel, Mercedes and Volkswagen to abolish European democracy

Ahead of State of the Union the European Youth Forum highlights lack of action on youth employment

On Google antitrust case: “Let’s face it, some companies want to hurt Google and it goes as simple as that”

The South China Sea Arbitration: Illegal, Illegitimate and Invalid

Employers’ organizations work towards improving the enabling environment for sustainable enterprises

A Sting Exclusive: “Climate change and youth inaction: oblivion or nonchalance?”, AIESEC wonders from Brussels

“A global threat lies ahead worsened after the EU’s green light to the Bayer-Monsanto merger”, a Sting Exclusive by the President of Slow Food

Professional practices of primary health care for Brazilian health and gender inequality

MWC 2016 LIVE: Getty chief says one in four new images from phones

The widely advertised hazards of the EU not that ominous; the sting is financial woes

In Finland, speeding tickets are linked to your income

Two shipwrecks add to ‘alarming increase’ in migrant deaths off Libya coast: IOM

Entrepreneurship’s key to success showcased by a serial young entrepreneur

MEPs call on EU countries to end precarious employment practices

Refugee crisis update: EU seeks now close cooperation with Africa while Schulz is shocked to witness live one single wreck full of immigrants

The EU Parliament unanimously rejects Commission’s ideas about ‘seeds’

The role of public affairs in student NGOs

No end to Deutsche Bank’s problems: new litigations in the US and frailty in EU stress test

The missiles fired against Damascus, Syria divided Europe deeply

UN member states express their will to tackle global migration but specific actions are still missing

Some Prevailing Arguments and Perceptions over the South China Sea Issue Are Simply Wrong

Fear casts again a cold, ugly shadow over Europe; Turkey sides with Russia

Italy’s rescue operation Mare Nostrum shuts down with no real replacement. EU’s Triton instead might put lives at risk

This tool shows you which cities will flood as ice sheets melt

JADE Testimonial #2: Jacques @ Process mapping

Eurozone very close to a sustainable growth path

ILO warns of widespread insecurity in the global labour market

Why Renewable Energy is an attractive investment

Leading Palestinian legislator calls for ‘new international engagement’ in two-state solution

Why the ECB had to clarify it caters for the entire Eurozone not just Germany?

“Leaked” TTIP document breaks post 8th negotiations round silence and opens door to critics

Is poverty and exclusion the necessary price for EU’s recovery?

The Italian ‘no’ and France’s Fillon to reshape Europe; Paris moves closer to Berlin

“Working together to make a change at the COP 21 in Paris”, an article by Ambassador Yang of the Chinese Mission to EU

Germany may have a stable and more cooperative government

Autonomous vehicles could clog city centres: a lesson from Boston

EU and US close to an agreement on data sharing amid European citizens’ concerns

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s