By Adam Meyers, VP Intelligence, CrowdStrike
Security threats continue to evolve at a breakneck speed. While organisations need to be aware of the entire landscape of adversaries looking to breach their networks, often, certain trends highlight threat exposure for specific sectors, economic or political groups, and even end-users. Criminal activity continues to thrive, eCrime threat actors have developed sophisticated tools and techniques that affect a wide range of organisations and enterprises, often opportunistically. Many of these criminal actors over time have built various specialties, comprising a vast criminal ecosystem of services and tools that complement each in order to steal data for profit, or as is en vogue today, holding it hostage for ransom. Almost every day, we see news about yet another organisation being hit by ransomware.
In response, most organisations have shored up defenses to build capabilities to withstand the avalanche of attacks. However, many struggle to adapt their security strategy to the new demands of today’s threat landscape.
In intelligence, we trust
We can’t properly interpret today’s threat landscape without understanding the impact of global economic developments and geopolitical events. Just because something happens miles away, it doesn’t mean it won’t wash up on your doorstep in the form of an attack. The age-old mantra for success in cybersecurity has always been a combination of people, process and technology. Today, there is another piece of the puzzle – intelligence. Cyber risk mitigation starts with anticipating and detecting potential threats and being prepared to defend against new tactics, techniques and procedures. That can only be done successfully with access to the right insight.
Treat the problem, not the symptoms
Frustratingly, most organisations today only have tools in place to track indicators of compromise (IoCs), but information on these ‘known bads’ goes stale quickly. It’s not enough to focus on the symptoms of the adversary problem. In reality, firms need to determine the tools used for exploitation, the techniques used to propagate the network, and the procedures used once a foothold is established. Possession of this information empowers organisations to not only react to, but proactively anticipate, attacks.
This begins with combining the insight of indicators of compromise (which most tools today focus on), with technologies that look at behavioural-based indicators of attack (IoAs) and track the effects of what the adversary is trying to accomplish. Using intelligence, businesses can understand not only where the adversary is today, but where it has been and what its objectives are.
The New Mantra: Detection and Response
Wrapping up this intelligence, detection capability and remediation into a security strategy can be daunting. As adversaries pursue economic espionage or network destruction they look at endpoints as the starting point for assault. This should be a similar starting point for businesses.
Endpoints need scalable protection. Incorporating this into corporate risk mitigation strategies enhances attack readiness. The next phase of this is thinking about the scale and pace at which the business must move in order to stay one step ahead of the competition and the hacker. Cloud-based models are particularly impactful in delivering the flexibility to deploy and update systems at the pace and scale businesses need. They also give companies with endpoint protection the ability to keep tabs on and learn from attackers as they test attack strategies, crowdsource threat intelligence and provide seamless upgrades.
Whether you’re a Fortune 500 company, or a utility business, the fact remains that you are vulnerable to attack. The key to future-proofing your business is being agile enough to rapidly assess any intrusion that has managed to sneak past your defence and contain that intrusion immediately. Doing so will help to steer clear of the ‘mega’ breaches.
About the Author: Adam Meyers is a recognised expert in the security and intelligence communities. A sought-after thought-leader, Adam conducts speaking engagements and training classes around the world on the topics of threat intelligence, reverse engineering, and data breach investigations. At CrowdStrike, Adam is responsible for tracking over 70 criminal, state-sponsored, and nationalist cyber adversary groups around the world. He provides technical and strategic guidance to Fortune 100 organisations and government agencies on how stay protected and prevent damage from today’s sophisticated and destructive attackers.