Attacks/Breaches

11/2/2018
11:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Tackling Cybersecurity from the Inside Out

New online threats require new solutions.

It's no secret that ransomware and distributed denial-of-service attacks are on the rise. In fact, compared with the previous year, the average number of targeted cyberattacks per organization in 2017 more than doubled (232 through January 2018 versus 106 through January 2017). The good news, according to Accenture's 2018 State of Cyber Resilience report, is that organizations are experiencing far more success in detecting and blocking them.

Despite this progress, only two out of five organizations invest in state-of-the-art technologies like machine learning, artificial intelligence (AI), and automation. In other words, there's lots of room for investment in cyber-resilient innovations and solutions.

Cyberattacks More Than Doubled in 2017
The study found that organizations that take cyber threats seriously are managing to prevent 87% of all focused attacks, compared with 70% in Accenture's 2017 report. However, 13% of such attacks are making their way through the corporate defenses: organizations deal with an average of 30 successful security breaches per year that result in damage or the loss of high-value assets.

"Only one in eight focused cyberattacks are getting through versus one in three [the previous year], indicating that organizations are doing a better job of preventing data from being hacked, stolen, or leaked," says Kelly Bissell, managing director of Accenture Security. "While the findings of this study demonstrate that organizations are performing better at mitigating the impact of cyberattacks, they still have more work to do. Building investment capacity for wise security investments must be a priority for those organizations who want to close the gap on successful attacks even further. For business leaders who continue to invest in and embrace new technologies, reaching a sustainable level of cyber resilience could become a reality for many organizations in the next two to three years. That's an encouraging projection."

Security Teams Find Breaches Faster
There's another bright spot: Security breaches are taking less time to detect, from months and years to now days and weeks. In the study, an average of 89% of respondents reported that their internal security spotted attacks within one month, as opposed to only 32% of IT teams the previous year. According to this year's survey, just over half (55%) of organizations detected breaches in a week or less, compared with 10% in last year's report.

Although today's companies are quicker to detect breaches, security teams are still finding only 64% of them — a number similar to last year's — and using external help to find the remaining ones. This underscores the importance of collaborative private/public sector cooperation to stop cyberattacks. When asked how they unearthed attacks that their security team failed to find, respondents indicated that more than one-third (38%) were found by white-hat hackers or a peer or competitor (up from 15% in 2017's report). Interestingly, law enforcement uncovered a mere 15% of breaches, down from 32% the previous year.

The View from Inside
On average, respondents said their cybersecurity program safeguards only two-thirds (67%) of their organization. Of course, external incidents remain a problem, but the survey indicates that companies also face other threats lurking within: internal attacks and accidentally published information are among the top three cyberattacks with the highest frequency and impact.

Respondents said that cyber-threat analytics and security monitoring (46% each) are the two capabilities they need the most to plug the holes in their cybersecurity solutions, but most (83%) acknowledge that other technologies — such as AI, machine or deep learning, user behavior analytics, and blockchain — are key to optimally securing the organization.

While the average number of cyberattacks per organization has increased, companies are getting better at detecting and blocking them. However, the biggest hurdle for companies is stopping breaches from happening in the first place, not improving their ability to the detect them. As their data silos expand and digital platforms become major revenue sources, the stakes for companies have never been greater. Taking days or weeks to detect a breach is no longer good enough because the costs of such delays can be devastating for most, and fatal to some. Imagine if there was a heist at your local bank: What would people say if it took days or weeks for the police to respond to the robbery?

As they adapt to the digital universe, organizations also expose themselves to ever-increasing cyber-risks and become more dependent on their IT department. Meanwhile, cybercriminals are getting better at what they do and launching increasingly sophisticated attacks via multiple threat vectors. Consequently, for companies, fighting back with a data-centric approach based on AI and machine learning is essential. It's no longer enough to pit your smartest people against the equally brainy bad guys. In the digital era, cybercriminals are leveraging the same tools as their targets, so cyber defense needs to catch up.

In addition to protecting their organizations from external threats, IT leaders mustn't neglect the internal breaches — intentional or accidental — that still pose a major threat. Continuous trainings and clear instructions help build awareness among staff, and policy enforcement and monitoring can ensure that employees will pay attention to them. Instead of treating security as a bothersome cost, the smartest enterprises will make online security a regular part of doing business and use it to differentiate themselves from their competitors who are still behind the curve.

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6485
PUBLISHED: 2019-02-22
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5...
CVE-2019-9020
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc...
CVE-2019-9021
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file...
CVE-2019-9022
PUBLISHED: 2019-02-22
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parser...
CVE-2019-9023
PUBLISHED: 2019-02-22
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcom...