CISOs Getting Smart; But Cyber Criminals Are Smarter
Organizations around the globe are becoming better at identifying breaches, according to a study by cybersecurity solution provider, FireEye, which observed that privately organized cyber criminals are closing the capability gap with nation-state actors, launching more sophisticated attacks that are more difficult to trace, according to a new analysis released by cybersecurity firm FireEye.
“When it comes to attack trends, we are seeing a much higher degree of sophistication than ever before. While nation-states continue to set a high bar for sophisticated cyber attacks, some financial threat actors have caught up to the point where we no longer see the line separating the two,” the research says, referring to hackers that target financial information to make money. [Read the full report here]
“Financial attackers have improved their tactics, techniques and procedures (TTPs) to the point where they have become difficult to detect and challenging to investigate and remediate,” the firm’s M-Trends 2017 report released this week.
The research was produced by Mandiant, a subsidiary of FireEye that came to the limelight in 2013 for releasing a report implicating China in espionage against the United States. FireEye purchased the computer forensics company in 2014 for about $1 billon.
The survey found an unexpected trend in 2016, where attackers called targets on the phone. They did this to convince victims to enable macros in a phishing document, or to get targets to provide a personal email address in order to circumvent controls protecting corporate accounts.
The study highlights that the defensive capabilities have been slow to evolve. A majority of both victim organizations and those working diligently on defensive improvements are still lacking fundamental security controls and capabilities to either prevent breaches or to minimize the damages and consequences of an inevitable compromise.
“The types of attacks we are seeing are familiar, but with increasing sophistication. Determined attackers are extremely persistent and demonstrate increasing ingenuity in achieving their objectives. Organizations still need to focus on the fundamentals of IT Security,” said Chris Nutt, Managing Director, Mandiant, FireEye.
On a positive note however, the study shows that the global median time from compromise to discovery has dropped significantly from 146 days in 2015 to 79.5 days in 2016. There is a much higher degree of sophistication from attackers than ever before. Financial attackers have improved their tactics, techniques and procedures to the point where they have become difficult to detect and challenging to investigate and remediate, highlights the study.
Nonetheless, the researchers recommend that organizations adopt a posture of continuous cyber security, risk evaluation and adaptive defense or they risk having significant gaps in both fundamental security controls and – more critically – visibility and detection of targeted attacks.
- This Malware Can Hit Hundreds Of Banks, Warn Researchers
- India Govt Puts Chinese Handsets Under Scanner: Report
- Sebi To Appoint Advisor To Thwart Cyber-Attacks
- Weekly Rewind: Top 10 Stories On CXO Today (July 31-Aug 4)
- Key Cyber Security Initiatives for Indian Enterprises: Gartner
- Shifting Security Strategy From Breach 'Prevention' To 'Acceptance'
- HBO Attack Sends A Dark Message To The Enterprise
- Jobs In Indian IT Industry To Bounce Back Soon
- How Vendors Can Help CXOs With Right Security Practices
- Six Focus Areas For Business Success