The world continues to struggle with a pandemic and geo-political mistrust. All this has led to a disorder and it is in this chaos that cybercriminals prosper. While organizations around the world are adapting and enhancing their cybersecurity, the tactics and techniques used by cybercriminals has been changing.
There are several types of attacks such as Ransomware, Server access, Business email compromise (BEC), Data theft, Credential harvesting and many others. For more than three years, Ransomware was the top attack type and it remains at the top for 2021 as well (Based on IBM Security X-force 2022 report). Server access attacks, where the attacker takes unauthorized access to a server without any specific goal, was the second-most common attack type.
Phishing and vulnerability exploitation tend to be the most common methods for the threat actors to gain initial access to victims’ networks followed by use of stolen credentials, brute force, remote desktop protocol (RDP).
The volatile landscape and the evolution of both threat types and threat vectors is pushing the need for resilient cybersecurity practices and intelligence for organizations to stay ahead of attackers and save critical assets more than ever. With the growing power of digitization using Machine learning, Artificial Intelligence, IoT and internet protocols new things evolve and so do new vulnerabilities and risks.
While every industry gets exposed to cybersecurity threats, it has been more evident in industries such as finance and insurance, manufacturing, professional and business services.
To effectively bolster cybersecurity, an organization primarily needs to have solid security principles, some of which include Zero trust approach, security automation, develop a response plan for attacks, adopting a layered approach to combat attacks, refine and mature your vulnerability management system.
Zero trust approach
Zero trust approach is a novel way of approaching security problems, as it assumes a breach has already happened and aims to increase the difficulty for an attacker to move throughout a network. Furthermore, the implementation of Multi factor Authentication (MFA) and the principle of least privilege—have the potential to decrease organizations’ susceptibility.
Speed is of essence in identifying and eradicating threat actors before they can deploy ransomware on a network. In this fast-paced environment, security automation is the key. Artifical Intelligence and Machine Learning (AI/ML) can play a vital role in such automation and can help do tasks that might take a human analyst or team hours or days.
Response plan for attacks
An organization also needs to have a plan in place for immediate containment actions, such as what stakeholders and law enforcement officials should be informed, how your organization will safely store and restore from backups and an alternate location from where critical business functions can be run during remediation.
Unfortunately, there is no one tool or solution that will prevent all attacks and threat actors continue to refine social engineering and anti-malware detection techniques to circumvent established controls.
Thus implementing several layers of solutions have a higher chance of preventing or capturing attacks early on.
(The author is Ms. Karunya Sampath, Co-Founder & CEO, Payoda and the views expressed in this article are her own)