Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/2/2018
11:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Tackling Cybersecurity from the Inside Out

New online threats require new solutions.

It's no secret that ransomware and distributed denial-of-service attacks are on the rise. In fact, compared with the previous year, the average number of targeted cyberattacks per organization in 2017 more than doubled (232 through January 2018 versus 106 through January 2017). The good news, according to Accenture's 2018 State of Cyber Resilience report, is that organizations are experiencing far more success in detecting and blocking them.

Despite this progress, only two out of five organizations invest in state-of-the-art technologies like machine learning, artificial intelligence (AI), and automation. In other words, there's lots of room for investment in cyber-resilient innovations and solutions.

Cyberattacks More Than Doubled in 2017
The study found that organizations that take cyber threats seriously are managing to prevent 87% of all focused attacks, compared with 70% in Accenture's 2017 report. However, 13% of such attacks are making their way through the corporate defenses: organizations deal with an average of 30 successful security breaches per year that result in damage or the loss of high-value assets.

"Only one in eight focused cyberattacks are getting through versus one in three [the previous year], indicating that organizations are doing a better job of preventing data from being hacked, stolen, or leaked," says Kelly Bissell, managing director of Accenture Security. "While the findings of this study demonstrate that organizations are performing better at mitigating the impact of cyberattacks, they still have more work to do. Building investment capacity for wise security investments must be a priority for those organizations who want to close the gap on successful attacks even further. For business leaders who continue to invest in and embrace new technologies, reaching a sustainable level of cyber resilience could become a reality for many organizations in the next two to three years. That's an encouraging projection."

Security Teams Find Breaches Faster
There's another bright spot: Security breaches are taking less time to detect, from months and years to now days and weeks. In the study, an average of 89% of respondents reported that their internal security spotted attacks within one month, as opposed to only 32% of IT teams the previous year. According to this year's survey, just over half (55%) of organizations detected breaches in a week or less, compared with 10% in last year's report.

Although today's companies are quicker to detect breaches, security teams are still finding only 64% of them — a number similar to last year's — and using external help to find the remaining ones. This underscores the importance of collaborative private/public sector cooperation to stop cyberattacks. When asked how they unearthed attacks that their security team failed to find, respondents indicated that more than one-third (38%) were found by white-hat hackers or a peer or competitor (up from 15% in 2017's report). Interestingly, law enforcement uncovered a mere 15% of breaches, down from 32% the previous year.

The View from Inside
On average, respondents said their cybersecurity program safeguards only two-thirds (67%) of their organization. Of course, external incidents remain a problem, but the survey indicates that companies also face other threats lurking within: internal attacks and accidentally published information are among the top three cyberattacks with the highest frequency and impact.

Respondents said that cyber-threat analytics and security monitoring (46% each) are the two capabilities they need the most to plug the holes in their cybersecurity solutions, but most (83%) acknowledge that other technologies — such as AI, machine or deep learning, user behavior analytics, and blockchain — are key to optimally securing the organization.

While the average number of cyberattacks per organization has increased, companies are getting better at detecting and blocking them. However, the biggest hurdle for companies is stopping breaches from happening in the first place, not improving their ability to the detect them. As their data silos expand and digital platforms become major revenue sources, the stakes for companies have never been greater. Taking days or weeks to detect a breach is no longer good enough because the costs of such delays can be devastating for most, and fatal to some. Imagine if there was a heist at your local bank: What would people say if it took days or weeks for the police to respond to the robbery?

As they adapt to the digital universe, organizations also expose themselves to ever-increasing cyber-risks and become more dependent on their IT department. Meanwhile, cybercriminals are getting better at what they do and launching increasingly sophisticated attacks via multiple threat vectors. Consequently, for companies, fighting back with a data-centric approach based on AI and machine learning is essential. It's no longer enough to pit your smartest people against the equally brainy bad guys. In the digital era, cybercriminals are leveraging the same tools as their targets, so cyber defense needs to catch up.

In addition to protecting their organizations from external threats, IT leaders mustn't neglect the internal breaches — intentional or accidental — that still pose a major threat. Continuous trainings and clear instructions help build awareness among staff, and policy enforcement and monitoring can ensure that employees will pay attention to them. Instead of treating security as a bothersome cost, the smartest enterprises will make online security a regular part of doing business and use it to differentiate themselves from their competitors who are still behind the curve.

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-2729
PUBLISHED: 2019-06-19
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
CVE-2019-3737
PUBLISHED: 2019-06-19
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
CVE-2019-3787
PUBLISHED: 2019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending ?unknown.org? to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to ...
CVE-2019-12900
PUBLISHED: 2019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2019-12893
PUBLISHED: 2019-06-19
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.