Written by Subarna Poudel, with Swetha Krishnamoorthi, Senior Industry Analyst with Frost & Sullivan’s Security Practice
Three “Cs” encapsulate the main challenges that have gripped the world this decade—coronavirus, climate change, and cybercrime. Although solutions exist to address the first two challenges (whether governments opt to is a separate question), the third threat—cyberattacks—is a critical concern for enterprises and governments worldwide because of the insidious nature of the attacks and attackers.
The rise in digitalization globally is a prominent reason behind an escalating number of cyberattacks. Organizations’ soaring use of digital devices and multiple applications to stay ahead of the competition increases cyber adversaries’ activities. Such applications require an open network and easy accessibility to databases and applications, which expands enterprises’ attack surface by increasing exposure to cybercriminals. This is compelling companies to secure their data and systems. As a result, enterprises are turning to cybersecurity solutions providers more than ever.
Additionally, adopting new business practices such as work from home (WFH) and hybrid models due to the COVID-19 pandemic has further unfolded organizations’ need for resilient cyber defense systems. These work models demand external connections to companies’ data and systems, which results in an increasing number of vulnerabilities.
How do cybercriminals attempt to gain access to organizations’ network infrastructure?
Hackers deploy multiple tools and techniques to hack enterprises’ network infrastructure. However, according to Verizon’s 2021 Data Breach Investigations Report, social engineering and web-based application are two of the top attack vectors. Social engineering is the art of deceiving or tricking people into giving up login credentials, employee or customer data that can be used to facilitate a data breach. For instance, under social engineering practice, a perpetrator aims to gather information about a particular person by monitoring their various activities on digital media platforms. With the availability of information, the attacker then connects dots to get the bigger picture of the person. Finally, by using the acquired information, a cybercriminal dupes the user into handing over confidential information. Similarly, a web-based application attack occurs when threat actors attempt to gain direct access to a company’s database by finding vulnerabilities in its website.
What are some key potential solutions to prevent cyberattacks?
To minimize the persisting threat of cyberattacks and protect organizations from substantial financial loss and reputation damage, cyber defense experts suggest three promising solutions—vulnerability management (VM) tools, digital risk protection (DRP) solutions, and breach and attack simulation (BAS) tools. The implementation of such tools depends on the enterprise type and priorities.
1. Vulnerability Management Tools
VM tools are a necessity for most organizations. Modern VMtools leverage automation and analytics to scan the enterprise’s IT network to identify devices, applications, and software that are vulnerable to attack.
In today’s context, the focus of VM is shifting from vulnerability scanning to vulnerability prioritization and remediation (VPR) and workflow management. VPR is a new segment that comprises various tools. Such tools prioritize vulnerabilities; they use several metrics like the criticality of the asset, likelihood of exploitation of the vulnerability, impact of exploitation vulnerability, risk score, severity score, and many other metrics. The metrics are used to come up with a shortlist of vulnerabilities. Additionally, instead of having hundreds and thousands of vulnerabilities that need to be fixed, VPR tools help organizations detect critical vulnerabilities that will have the highest impact on the organization. Due to this, VPR tools use cases are growing at an impressive rate.
2. Digital Risk Protection Solutions
Organizations with a lot of external-facing digital assets should opt for DRP solutions. DRP tools comprise threat intelligence feeds, which scan different internet sections such as deep web, dark web, and social media channels. Upon detecting any anomaly, the DRP tool brings it to the IT department’s attention, which will take the necessary measures to combat the threat.
DRP tools specifically focus on mitigating out-of-the-perimeter attacks. Hence, businesses must gain complete visibility of their external-facing digital assets across the web from the eyes of an outsider. However, this might be a tedious task for large organizations. In such circumstances, they can use capabilities such as automated discovery. The automated discovery capability monitors the entire internet environment to map an enterprise’s digital footprint and identify shadow IT in real-time.
Additionally, the DRP tools offer many use cases such as executive protection, domain protection, etc. These use cases are effective to counter risk while organizations embark on their digital transformation journey.
Despite promising benefits, the adoption of these use cases is costly for enterprises. Hence, the chief information security officer (CISO) should identify major risk surfaces and select the best use cases vis-à-vis aligning the organization’s security and business goals.
3. Breach and Attack Simulation Tools
The limitations of traditional security assessment tools such as penetration testing, red team exercise, and tools encourage organizations to adopt BAS tools.
Most of the traditional security solutions do not give a real-time update of the organization’s security posture. They also operate under a set of organization-specified rules of engagement (RoE) to limit potential downtime or potential damage to the test. Due to this, significant portions of the company’s information architecture zones are declared off-limits for penetration testing. It means the CISO cannot ensure the functioning of the security controls in real time and cannot figure out the exact risk levels, which results in the need for BAS solutions.
BAS tools work by profiling well-known threat vectors. They test monitoring response and detection capabilities of security controls in a company. The tools run continuous attacks and provide real-time updates about what is happening in the IT environment. Further, they provide direction and visibility from the attacker’s perspective. This enables the security team to prioritize investments as they know exactly where they should invest in their security posture.
Looking into the future
Cyberattacks are an ongoing battle and will continue to pose threats to organizations of any size. To minimize the challenges of digital assaults, enterprises should consider security an integral part of an organization rather than an isolated program because it enables the entire business process. Hence, businesses should work with cybersecurity solution providers to develop an integrated cybersecurity framework that has a comprehensive digital strategy to battle cyberattacks and streamline cybersecurity approaches. Further, the integrated cybersecurity framework also offers three advantages to firms:
- Consistency: This ensures that different security tools deployed across the infrastructure are working on the same tangent in predicting and detecting threats and following the same set of policies, protocols, and intelligence.
- Visibility: With the use of tools to constantly scan, identify, and manage risks, the security team will have a complete perspective of the attack landscape, protecting the network from a large spectrum of malware or attacks. Vendors can utilize threat feeds displayed on a real-time dashboard to show risks.
- Openness: It promotes interconnection. As a result, the more solutions interconnect and share threat intelligence, the lower the risk of data breaches. Also, the openness of the ecosystem provides a faster response rate as solutions can work together seamlessly.
Besides organizations’ efforts to counter cyberattacks, employees must follow cybersecurity practices thoroughly. A survey by Tessian—the US- and UK-based security organization—revealed that 56% of senior IT professionals believe that their subordinates or colleagues have picked up bad cybersecurity habits while working from home. Surprisingly, a majority of employees agreed with the findings. Hence, security professionals have to be more conscious in this fight against cybercrime as they play the role of AGI for any organization.
Considering the criticality of cybercrime, governments worldwide are also implementing strict laws against attacks. After witnessing one of the biggest cyberattacks of 2021—the REvil ransomware attack—the US proposed 30 countries meet to address the surging threat of digital assaults. This coordination among governments will be vital in battling the biggest threat of our time—cyberattacks.
Recommended Reading
European Digital Risk Protection (DRP) Market, Forecast to 2024
The Digital Transformation of Businesses and the Evolving Threat Landscape Drive Market Growth
Global Breach and Attack Simulation Market, Forecast to 2025
Competitive Pressure from Adjacent Markets and Low Awareness of Breach and Attack Simulation Tools are Key Challenges for Vendors
Global Vulnerability Management Market, Forecast to 2025
Complex and Evolving Attack Surface, Resource Shortage, and Regulatory Requirements Drive Adoption
Asia-Pacific Integrated Cybersecurity Framework Industry Guide, 2020
A Changing Security Approach Increases Visibility, Openness, and Consistency to Fortify the Attack Surface via Unified Policies and Configurations, Centralized Views, and Proactive Responses
For further information about this article or topic, please contact us at myfrost@frost.com
