Throughout the pandemic, cyber adversaries have been honing their skills, developing an array of new techniques to penetrate networks and steal sensitive data. Organizations are struggling to keep up with the increasing number and sophistication of attacks, with the average cost of a data breach increasing by $1.07 million in 2021.
As a result, security teams are overwhelmed by alerts, false positives and negatives, and are forced to respond to security incidents as they occur, rather than securing the environment beforehand. Without proactive cybersecurity efforts, organizations will struggle to carry out an effective incident response. Read ahead to learn what proactive security practices look like for organizations of all sizes.
Developing a baseline of normal behavior
Many people mistakenly believe that a breach starts when it is first detected, but it often begins much earlier than that. According to the 2021 Ponemon/IBM Cost of a Data Breach Report, it took an average of 287 days for a breach to be identified, which means adversaries have a significant amount of time to analyze systems and plan their attack while remaining undetected.
Adversaries have become adept at hiding in plain sight as legitimate users, making them nearly impossible to detect without a baseline for normal behavior. A baseline helps organizations establish parameters for what normal, day-to-day traffic on the network looks like. This is crucial because in the event of a breach, the everyday employee is likely to be targeted. Having a baseline makes it possible to detect anomalies much faster and before the intruder can do serious damage to a company’s infrastructure and data.
Applying automation to the problem
A cybersecurity framework is as good as its response time, and with attacks growing in scale and sophistication, automating processes has become essential. Baseline behavior can only do so much when an organization has cumbersome investigation and report processes in place. Automated risk visibility enables organizations to contain a breach by:
- Analyzing web, domain name system (DNS), file and endpoint activity for anomalies in behavior
- Identifying and investigating breaches from past and new kinds of malware and using automated response strategies
- Analyzing file composition and blocking those seen as malicious from being copied or from executing
- Automatically extracting key evidence and links to utilize as evidence in a case
Automating security practices can save businesses time, effort, and most importantly, money. According to the U.S. Financial Crimes Enforcement Network, ransomware payments totaled $590 million in the first half of 2021 alone, more than the $416 million paid throughout the whole of 2020. If that wasn’t enough, the Sophos State of Ransomware 2021 report found that 92% of organizations that pay ransoms fail to obtain all of their stolen data, showing the consequence of turning to a last resort as opposed to a proactive, automated response. With these figures on the rise, it’s a question of when, not if, an organization will be next. Automation ensures that when the time comes, an organization can respond with threat detection and countermeasures.
Security threats are a moving target
There is no single ideal solution or cybersecurity technology. To achieve their goal, a motivated attacker will employ any and all tactics, techniques and procedures (TTPs) available to them; they don't always cross an endpoint or send an email. Hackers can overcome even the most sophisticated of identification systems and elude legacy antivirus software.
According to the 2021 Microsoft Digital Defense Report, the company stopped 31 billion identity attacks and 32 billion email threats, compared to 9 billion endpoint threats (daily). In addition, the amount of malware varieties is changing from year to year. SonicWall reported that in 2020, the number of malware variants detected grew by 62%. Identity, email, endpoint security and antivirus are all important, but they are not enough.
A complete solution
Being proactive involves more than just having stopgap solutions and hoping they are never needed. As security leaders have heard countless times before, hope is not a strategy.
The modern adversary is motivated by the reality that it only takes a single successful attempt, capable of launching several automated attacks on a target to achieve so. By merely clicking a malicious link or attachment, workers and trusted third parties can become unassuming accomplices. These compromised insiders provide attackers with everything they need to deploy their attack.
Organizations must have a cybersecurity framework in place that works around the clock to detect, analyze and flag any abnormalities that could signal a coming attack. This means having a baseline for normal user behavior, automating security practices, and staying up to date with emerging trends and developments from adversaries. Only then can businesses be prepared for the inevitable cyberattacks that may threaten data and networks.