The cybersecurity threat landscape dynamics are intensifying every year. We are on the verge of a new generation of cybercrime. There are more malware mutations, vulnerabilities discovered and abused, and new attack vectors exploited. Yet the major change in recent years has been on a somewhat pragmatic, possibly even mundane, side of the attackers’ activities: the management and operations of their “propositions.”
Researchers have detected the emergence of organised cybercrime networks with segregated labour models. These allow them to cover a broader spectrum of malicious activities and to offer as-a-service models. Effectively, cloud adoption by attackers makes outsourcing more common in cybercrime, where centralized capabilities can be delivered or even “rented” on demand to increase overall efficiency. But what does that mean from the defender’s perspective? As highlighted by Craig Jarvis, security chief technology officer at DXC Technology during the 2018 IDC European Chief Information Security Officer (CISO) Summit: “The challenge CISOs face from cybercriminals will be much more diverse as their business model gets optimised, while ever more criminals operating under more ‘traditional’ approaches will seek to transition online.”
One of the workshops at IDC CISO summit focused on this issue of countering the next generation of cybercrime. During this session, it was suggested that attacks will aim to squeeze maximum value from every endpoint, extracting credentials and sensitive information, exfiltrating files, exploiting hardware such as cameras and microphones, and deploying ransomware on the exit. Within this context, the core question is: What should enterprises do differently to be resilient in the new cybercrime era? Three key takeaways were identified at the session: culture, technology and breach response strategies.
Making security an integral part of business
The security community needs to focus on shifting the broader organisation’s “corporate DNA”, to make security part of business-as-usual. Traditional approaches towards training are considered inadequate for creating long-term systemic behavioural change and embedding security into the culture. Instead, security awareness ought to be driven through talent development and gamification.
Security’s relevance can be highlighted and demonstrated by rewarding good behaviour rather than punishing bad behaviour. Meanwhile, the involvement of broader departments — beyond security — is a critical success factor in ensuring the success of these initiatives. After all, by involving lines of business and users more generally in the development of new strategies, they will become stakeholders in the success of these initiatives, while helping to establish approaches that are meaningful and relevant to their specific circumstances.
Security teams must seek to align themselves with existing workflows so as to fit seamlessly within users’ daily routines. By making sure that security does not add extra layers of process, user buy-in can be more successfully achieved.
Creating context-aware technology
On the technology side, the security specialists and CISOs at the IDC Summit recommended that the new generation of cybercrime is better countered with context-aware technology. Here, security teams demand security tools that provide a baseline of “normal” behaviour, safeguard sensitive information, whitelist corporately accepted applications and focus on closing gaps in usage policies.
Bolstering breach response strategies
Breach response strategies should not only rely on training the security staff for remediation. Instead, they must also involve maturity analysis and benchmarking to discover gaps, use managed service providers to understand and prepare for a breach, assign C-level responsibilities, and rehearse in a controlled environment so the organisation is ready to engage when a breach happens.
Reaching a mature security strategy
The threat landscape continues to evolve, and according to the IDC European security research team, it is one of the three “mega drivers” that are causing such disruption to the security environment, alongside digital transformation and regulatory reform.
Security threat actors are maturing. Apart from new vulnerabilities, malware variants and threat vectors, they are also evolving their own operations and management structures to maximise effectiveness. As threat actors become more organised and professional, so we too must become more resilient to counter the threat.
To stay more resilient, organisations need to make security an integral part of the organisation. They should “operationalise” security to become part of business as usual, have tools and technologies to focus on threats that are contextually relevant, and build breach response strategies that address enterprise-wide concerns.
Interested in learning more about cybercrime, risk and securing the digital enterprise? Read more on THRIVE.