Attacks/Breaches

11/2/2018
11:00 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Tackling Cybersecurity from the Inside Out

New online threats require new solutions.

It's no secret that ransomware and distributed denial-of-service attacks are on the rise. In fact, compared with the previous year, the average number of targeted cyberattacks per organization in 2017 more than doubled (232 through January 2018 versus 106 through January 2017). The good news, according to Accenture's 2018 State of Cyber Resilience report, is that organizations are experiencing far more success in detecting and blocking them.

Despite this progress, only two out of five organizations invest in state-of-the-art technologies like machine learning, artificial intelligence (AI), and automation. In other words, there's lots of room for investment in cyber-resilient innovations and solutions.

Cyberattacks More Than Doubled in 2017
The study found that organizations that take cyber threats seriously are managing to prevent 87% of all focused attacks, compared with 70% in Accenture's 2017 report. However, 13% of such attacks are making their way through the corporate defenses: organizations deal with an average of 30 successful security breaches per year that result in damage or the loss of high-value assets.

"Only one in eight focused cyberattacks are getting through versus one in three [the previous year], indicating that organizations are doing a better job of preventing data from being hacked, stolen, or leaked," says Kelly Bissell, managing director of Accenture Security. "While the findings of this study demonstrate that organizations are performing better at mitigating the impact of cyberattacks, they still have more work to do. Building investment capacity for wise security investments must be a priority for those organizations who want to close the gap on successful attacks even further. For business leaders who continue to invest in and embrace new technologies, reaching a sustainable level of cyber resilience could become a reality for many organizations in the next two to three years. That's an encouraging projection."

Security Teams Find Breaches Faster
There's another bright spot: Security breaches are taking less time to detect, from months and years to now days and weeks. In the study, an average of 89% of respondents reported that their internal security spotted attacks within one month, as opposed to only 32% of IT teams the previous year. According to this year's survey, just over half (55%) of organizations detected breaches in a week or less, compared with 10% in last year's report.

Although today's companies are quicker to detect breaches, security teams are still finding only 64% of them — a number similar to last year's — and using external help to find the remaining ones. This underscores the importance of collaborative private/public sector cooperation to stop cyberattacks. When asked how they unearthed attacks that their security team failed to find, respondents indicated that more than one-third (38%) were found by white-hat hackers or a peer or competitor (up from 15% in 2017's report). Interestingly, law enforcement uncovered a mere 15% of breaches, down from 32% the previous year.

The View from Inside
On average, respondents said their cybersecurity program safeguards only two-thirds (67%) of their organization. Of course, external incidents remain a problem, but the survey indicates that companies also face other threats lurking within: internal attacks and accidentally published information are among the top three cyberattacks with the highest frequency and impact.

Respondents said that cyber-threat analytics and security monitoring (46% each) are the two capabilities they need the most to plug the holes in their cybersecurity solutions, but most (83%) acknowledge that other technologies — such as AI, machine or deep learning, user behavior analytics, and blockchain — are key to optimally securing the organization.

While the average number of cyberattacks per organization has increased, companies are getting better at detecting and blocking them. However, the biggest hurdle for companies is stopping breaches from happening in the first place, not improving their ability to the detect them. As their data silos expand and digital platforms become major revenue sources, the stakes for companies have never been greater. Taking days or weeks to detect a breach is no longer good enough because the costs of such delays can be devastating for most, and fatal to some. Imagine if there was a heist at your local bank: What would people say if it took days or weeks for the police to respond to the robbery?

As they adapt to the digital universe, organizations also expose themselves to ever-increasing cyber-risks and become more dependent on their IT department. Meanwhile, cybercriminals are getting better at what they do and launching increasingly sophisticated attacks via multiple threat vectors. Consequently, for companies, fighting back with a data-centric approach based on AI and machine learning is essential. It's no longer enough to pit your smartest people against the equally brainy bad guys. In the digital era, cybercriminals are leveraging the same tools as their targets, so cyber defense needs to catch up.

In addition to protecting their organizations from external threats, IT leaders mustn't neglect the internal breaches — intentional or accidental — that still pose a major threat. Continuous trainings and clear instructions help build awareness among staff, and policy enforcement and monitoring can ensure that employees will pay attention to them. Instead of treating security as a bothersome cost, the smartest enterprises will make online security a regular part of doing business and use it to differentiate themselves from their competitors who are still behind the curve.

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Symantec Intros USB Scanning Tool for ICS Operators
Jai Vijayan, Freelance writer,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10008
PUBLISHED: 2018-12-10
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended...
CVE-2018-10008
PUBLISHED: 2018-12-10
An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace br...
CVE-2018-10008
PUBLISHED: 2018-12-10
A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jen...
CVE-2018-10008
PUBLISHED: 2018-12-10
A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.
CVE-2018-10008
PUBLISHED: 2018-12-10
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM, if plugins using the Groovy san...