Cyber attackers are evolving and adapting techniques more quickly than security teams can keep up. As a result, defenders are finding it hard to fight off attackers who are “weaponizing and field-testing exploits, evasion strategies and skills to launch attacks of increasing magnitude,” according to the Cisco 2018 Cybersecurity Report.
The questions used to surround what to do if a company was attacked, but now the question is what to do when a company is attacked: Will defenders be prepared? How quickly can they recover? The answers depend on what they have done to strengthen their security posture.
Presumably, today’s security teams know an attack is coming, so they should have a strong defense in place to stop it, or at least mitigate its impact. Unfortunately, many security teams either still operate under thought that “Our company’s market/region/technology environment wasn’t a target, so, we’re probably not at risk,” or they “allow the chaos of daily skirmishes with attackers to consume their attention.” As a result, many security teams aren’t recognizing the “speed and scale at which adversaries are amassing and refining their cyber weaponry.”
According to the Cisco report there are three main themes in attacker behavior over the past 18 months that defenders must know about to effectively create a cyber strategy. The three themes include:
- Adversaries are taking malware to unprecedented levels of sophistication and impact, and its evolution was one of the most significant developments in the attack landscape in 2017. Also, attackers are using malware to create “vicious” attacks that obliterate a company’s systems and data.
- Adversaries are becoming more adept at evasion, as well as weaponizing cloud services and other technology, such as encryption, that is normally used for legitimate purposes. “In addition to developing threats that can elude increasingly sophisticated sandboxing environments, malicious actors are widening their embrace of encryption to evade detection. Encryption is meant to enhance security, but it also provides malicious actors with a powerful tool to conceal command-and-control (C2) activity, affording them more time to operate and inflict damage.”
- Adversaries are exploiting undefended gaps in security, many of which stem from the expanding Internet of Things (IoT) and use of cloud services. Unpatched and unmonitored IoT devices present attackers with opportunities to infiltrate networks, and, unfortunately, “organizations with IoT devices susceptible to attack also seem unmotivated to speed remediation,” according to the report.
Learn more about today’s attacks and how defenders can secure not only their own networks, but also their customers’ networks, content and data from attacks.