The cybersecurity landscape is getting uglier in 5 new ways. More than a third of simulated attacks go unnoticed. And detection software can shorten the time needed to detect an attack by up to 12x.
That’s the latest in cybersecurity intelligence. Here’s your tech provider's roundup.
Accenture IDs 5 key threats
Consulting firm Accenture this week published its annual report on the cybersecurity landscape, and the portrait it's painted isn’t pretty.
“Over the past year, cybercriminals have continued to test the resilience of organizations,” says Accenture’s managing director of security, Josh Ray.
They’ve done this, Ray explains, by layering attacks, updating techniques and establishing new, intricate relationships to better disguise their identities. These techniques also make attribution more difficult to pursue.
Looking across the cyber landscape, Accenture has identified 5 key threat factors:
> Compromising geopolitics: New threats are emerging from disinformation and the evolution of technology. Threat actors are influencing global political and geopolitical events, such as international summits and big sporting events such as the Olympics. And the criminals are using evolving tech, including phishing lures, malware targeting and influence operations.
> Cybercriminals get organized: While conventional cybercrime continues, some criminals are forming close-knit syndicates to avoid detection. Members share tools and script-based malware. Some groups specialize in “big game hunting,” which involves targeted intrusions for big financial gains.
> Ransomware on the rise: These attacks, which are increasingly targeted against specific organizations, can be very, very costly. Attacks involving just one variety, Goga, reportedly cost the victims a collective $40 million in just the first three months of this year.
> Friends to frenemies: As ecosystem hygiene improves, it’s delivered an unintended consequence, namely, pushing the threat surface down to the supply chain. This has resulted, for example, in attacks on cloud hosting companies and accounting-software providers.
> Costly cloud protection: As systems and applications move to the cloud, cybercriminals follow. The discovery of multiple side-channel vulnerabilities in modern CPUs (including Spectre and Meltdown) reveals a large, potentially costly risk. Multi-tenant public-cloud providers remain attractive targets.
Blue team vs. red team
In cybersecurity exercises, more than a third of defensive blue teams fail to catch offensive red teams, according to a new survey conducted by security firm Exabeam.
Blue teams comprise an organization’s security personnel. In an exercise, their job is to stop a simulated attack.
Red teams are made up of either internal or hired external security pros, and their job is to emulate cybercrime attack.
Pitted against each other, these teams can help an organization understand how effective its cybersecurity measures are. The simulated attacks can also point out dangerous vulnerabilities.
Here are some of the key findings from the Exabeam survey, which reached 276 IT security pros attending the Black Hat event:
> Nearly three-quarters (72%) of respondents conduct red-team testing, and about a quarter (23%) do it monthly. Nearly two-thirds (60%) conduct blue-team exercises, and roughly a quarter (24%) do it monthly.
> Roughly a third (35%) say their blue team rarely or never catches the red team. Most of the remainder (62%) say the red team is caught either occasionally or often.
> Three-quarters (74%) say that as a result of their team testing, their organizations have increased cybersecurity spending.
Threat detection for speed
Deception technology can deliver a 12x improvement in the average number of days needed to detect attackers within an enterprise network, finds a new report by market-analysis firm Enterprise Management Assoc. and sponsored by security vendor Attivo Networks.
Among those who are unfamiliar with deception technology, the survey found, the average response time to an attack was a staggering 78 to 100 days. By comparison, those who do use deception technology report what’s known as “dwell times” as low as 5 1/2 days.
The survey's other findings include:
> Over two-thirds (70%) of those who use deception technology rate their organizations as highly effective.
> Over two-thirds (67%) of those evaluating or planning to look at deception technology said their primary driver was speed. They want to detect attacks early.
> Nearly three-quarters (71%) of those who use detection tech say it has delivered higher value than expected. Even more (84%) said they plan to increase their spend on detection tech in the future.