Modern Security Breaches Demand Diligent Planning and Executive Support

Teams that remain reactive will always be on the back foot — take an active stance.

Chris Novak, Global Director at the Verizon Threat Research Advisory Center

September 28, 2021

4 Min Read
Broken padlock
Source: sdecoret via Adobe Stock

Over the past several months, the traditionally opaque world of cybersecurity has been brought sharply into focus. From the Colonial Pipeline attack to the breach suffered by the meat processing company JBS, 2021 appears to be the year cybercriminals broke into the mainstream, and they're not slowing down. Every day, I talk with customers who tell me they need help making security easier while making the most of their most valuable resource: their team.

A particularly concerning part of this upward trend has been the apparent rise in "zero-day attacks," a malicious type of cybersecurity attack that exploits security weaknesses that the vendor, or developer, is unaware of or has yet to address. A few months ago, Google's Threat Analysis Group published a blog post that highlighted the rise in zero-day attacks. Its research found that, halfway into 2021, there were "33 [zero]-day exploits used in attacks that have been publicly disclosed this year," 11 more than the total number from 2020.

At Verizon, our "2021 Data Breach Investigations Report" also underscored the number of cybersecurity challenges that organizations are currently facing. The report found that phishing and ransomware attacks "increased by 11 percent and 6 percent, respectively." Looking at the data, the security landscape certainly appears to be grimmer than usual.

While these data points paint an alarming picture, I would hasten to add that they only tell part of the story. Data breach disclosures are more transparent than ever, and the media has become increasingly attuned to the regularity and newsworthiness of severe breaches. So, while the stats support the idea that breaches are increasing, it's imperative to acknowledge that we're also hearing about them far more than we used to.

That said, the rise in cyberattacks will be of particular concern to cybersecurity professionals. Over the past year, we have witnessed an increasingly proactive effort by criminals to not only exploit vulnerabilities and demand ransoms from organizations but to disseminate their ransomware services and financially leverage their expertise. Cybercriminality has become "democratized" and is available to the masses. As such, the fact that malicious actors are increasingly able to target vulnerabilities that developers or programmers have yet to address is cause for concern.

So, what's the solution? To start with, organizations would do well to adopt a proactive approach to identifying and addressing vulnerabilities. Teams that remain reactive will always be on the back foot, and it's that disconnect between real-time problems and "too little, too late" fixes on which cybercriminals rely. Every large enterprise should have a dedicated team of cybersecurity professionals whose focus is on identifying, fixing, and patching problems. Take a hardline stance, and work on the front foot.

Secondly, prepare, prepare, and then prepare some more. We all know that when an attack happens, your capacity to respond effectively is driven primarily by the processes and systems you already have in place. During a crisis, the combined effect of reputational pressure and (possibly) financial risk will cloud everyone's judgment. Organizations can help protect themselves by preparing long before the crisis has arrived.

It's not just a technical issue, either. Your company's sales teams, PR department, and legal team should all be fully aligned regarding their respective roles and responsibilities in the event of a security breach. Identify your critical infrastructure, sign off on your response plan (and update it), and execute accordingly. My first question to new customers is: "When was the last time you practiced a cybersecurity breach with your key stakeholders?"

For many, unfortunately, the answer is "never."

Finally, make sure you have executive buy-in. From talent acquisition to IT spending and modernization, it's imperative that executives understand the breadth of the cybersecurity specialist's mandate so they can properly support that person. Our capacity to act is determined by their willingness to trust us, so it's our job to ensure they understand the parameters we are working within, what we can and can't control, and what needs to be done now to mitigate future risk. When executives are making budgetary decisions, they need to ensure that security is front of mind and not an afterthought.

About the Author(s)

Chris Novak

Global Director at the Verizon Threat Research Advisory Center

Christopher Novak is a co-founder and the Director of the Verizon Investigative Response Unit, a division of the Verizon RISK Team. He is an internationally recognized expert in the field of Investigative Response and Computer Forensics. He has been involved with information security for over a dozen years. Christopher has assisted corporations, government agencies, and attorneys with all matters involving computer forensics, fraud investigations, and crisis management.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights