After a spate of high-profile attacks including the current disruptor Log4j and years of metrics trending in the wrong direction, the cybersecurity industry must come to terms with the fact that something is fundamentally broken. The statistics don't paint a pretty picture. By the end of the third quarter, the number of data breaches was 17% higher in 2021 than the previous year. The manufacturing and utilities sector was affected the most, followed by healthcare, which saw more than 40 million patient records breached. Ransomware attacks are also seeing a precipitous rise, having earned an estimated $590 million in the first half of 2021, which already surpasses 2020's total estimated earnings of $416 million.
As the threat landscape has evolved, it has only exposed greater weaknesses in the current system. Here, we'll examine the changes and mindsets that have led to our current, broken approach to cybersecurity.
Cybercriminals Are Far More Organized
One major development in the threat landscape is the corporatization of hacking. As with any burgeoning industry, hacking groups have implemented more organization to their structure in order to scale up. This corporatization has resulted in a system in which hacking groups contract out attacks to independent bad actors, who are paid a bounty after successfully breaching the target. At this point, control over the attack is handed back to the group, which negotiates with victims or brokers stolen data. This means cybercriminal groups have access to more resources and are better organized, making them more effective at targeting and executing attacks.
Malware Has Gotten Smarter
Malware has plagued the Internet since its birth. For instance, ransomware attacks have been getting a lot of attention lately, but this type of malware dates back to at least 1989, when a Trojan was distributed via floppy disks and the ransom was paid by snail mail. The malware of today, however, is exponentially more sophisticated. Modern malware sits in a network for an average of 90 days before being discovered. This is because the software initially operates in reconnaissance mode, during which it gathers data about the network and tries to infect as many devices as it can before doing any damage. Some of this software is even smart enough to seek out backup media and security devices, crippling the target's ability to recover once an attack has been initiated.
A Greater Focus on Supply Chain Attacks
One of the latest targets for cybercriminals is disruption to supply chains. Production networks are an attractive target for bad actors. If a company isn't able to provide its product to customers, it isn't able to make any money. Often, a disruption to a company's supply chain is more costly than a disruption to its corporate network. This puts more pressure on the target and gives the bad actors behind the attack greater leverage.
This isn't a problem creeping up on the horizon, either; It's already here. A recent study of UK businesses found that 97% suffered a supply chain breach in 2021. It's a high number compared to the worldwide average but should be an wake-up call to organizations everywhere. Companies should take a holistic, risk-based approach to cybersecurity to identify the biggest threats to their entire business, including their supply chain.
Exploiting a Scattered Workforce
The pandemic has had a significant impact on the norms of how work gets done. Workforces are no longer tied to offices, and remote work has become the norm. However, this situation gives bad actors more points of vulnerability to exploit. Employees may be connecting to unsecured networks or using compromised personal devices to access work functions. The prevalence of remote employees has also driven more work applications to the cloud, which carries its own risks of exploitation.
Conceptualizing Cybersecurity as Wall
Up until now, we have looked at the external factors that have pushed the cybersecurity industry to the breaking point. But if we are going to respond to the current crisis, the security industry needs to shift its paradigm. Often, security is conceptualized as a wall surrounding your network and protecting it from the ills of the outside world. But given all of the ways attackers can gain through means outside of your control, especially as more workers operate remotely and more potentially exploitable devices are added to your network. That's why network administrators need to devote resources to analyzing internal traffic for anomalies as well.
Taking a Reactive Approach to Attacks
Too much of our security is based on a reactive approach that depends on closing holes after a new exploit is discovered and a wave of attacks are carried out. This is the security equivalent of a game of Russian roulette – all of these organizations are hoping that they won't be the first victim. But simply reacting to attacks is not a viable long term security strategy. Closely monitoring your network traffic, both inbound and outbound, can alert you to threats that have infiltrated your network before they do damage.
A contemporary security stack needs to be efficiently layered to disrupt as many methods of attack as possible. This starts with protection at the most fundamental level. Once that foundation is laid, a risk-based assessment of your cybersecurity network will help you identify your company's particular security needs.