FIREFIGHTING CYBER ATTACKS
19.12.2020

If you’ve been feeling depressed about the Covid-19 crisis lately, we’ve got news for you – cybercrime represents a similar threat to the modern civilization in a digital world as Covid-19 does to our health. We don't have any long-term answers to either of these challenges. A part of the so-called “new normal” is also an epidemic of cybercrime, and we have neither an effective vaccine, nor the medication or any promises of getting one in the near future.

The story is not about the “arms race” as many would like you to believe. Constantly buying new tools and software applications should supposedly protect you from the new types of cyberattacks, however, they make your system even more complex and difficult to control – which is in parallel to the “stay at home” epidemic countermeasure with regard to Covid-19. It doesn’t cure the problem, it just postpones it. The story is about the attackers who have managed to develop new “business models” (Next-generation Ransomware) and tend to turn the odds in their own favor. The “barrier to entry” is constantly getting lower. The new business models enable cybercriminals to target us all, while the distributed work models, e.g. remote work also make us more vulnerable. Many organizations don’t use a secure Virtual Private Network (VPN) and employees just access their cloud data directly from their unsecure home networks; some employees also “cheat” and perform their job on unsecured private computers. The attack surface is therefore extended from a “secure office space”, which is protected by corporate enforced countermeasures, to simplified and uncontrolled home environments (small office or home environment - SOHO). Therefore, it can be expected that the situation will only deteriorate with time.

One of the major issues is that the attention is paid only to “mega-breaches”, whereas the focus is not put on situations in an average enterprise or organization. The “we are not important enough” argument is not true anymore. The average financial loss is quite high (around 3 mil$) and the average time to discover a breach is about 200 days! More and more cybercrime is targeted directly to the physical world, e.g. pharmacies, factories, electricity systems, etc... (The statistical data about the financial losses due to breaches can be found in our upcoming blog).

The problem is that technology is not effective anymore due to the increasing complexity and intertwining of network systems (complex webs of trust, hybrid clouds, chains), and immature technologies (Internet of Things - IoT and Internet of Everything - IoE); therefore, we are incapable of finding an automatized and scalable means of defense.

We need a human defender to confront a human attacker, but it seems that the attackers have a lot of luck. Artificial intelligence (AI) is not helpful enough, and it is also used by the attackers, therefore we think that the battle of AI against AI is an illusion, and the outcome is already known. Yet another quite common approach used by the attackers is the usage of “legitimate” processes in order to mimic a normal behavior of end users, which hardly gets noticed by the “prevention radar”.

Nowadays, the essential factor is the “firefighting ability” that most organizations don't possess. It is NOT about the new technology, it is about the NEW APPROACHES!

There is basically not enough knowledge on the market and it is not expected to increase in the future. There is a lack of about 3 million cyber experts in the world. The smart decision-makers use outsourcing, the wasteful ones use insourcing of knowledge, but even those are not scalable solutions.

The way out of troubles

The short-term option is the promotion of firefighting capabilities, centers of knowledge – such as SOC (Security Operations Center), OPENNESS, and EXCHANGE. The long-term solutions are education of experts, and more serious regulation and liability, since currently we are walking on the edge of negligence due to despair.

 

Author: Matevž Mesojednik, Security Operations Center (SOC) Manager

What is a Threat Detection Framework?

In today’s world of increasing complexity and lucrative cybercrime industry, you can only be certain of one thing: you will be hacked – and your exposure is growing. Discover the framework and approaches to protect your business against cyber threats – even in today’s world.

READ THE BLOG