By: Gaurav Mohan, VP Sales, SAARC & Middle East, NETSCOUT
Cybercrimes continue to grow in terms of both complexity and frequency. Among the businesses that identify breaches or attacks, 21% lose money, data, or other assets, and 35% report being negatively impacted in other ways and suffering from wider business disruption.
As such, it’s vital for enterprises to ensure the security of data, applications, networks, and critical business processes to stay competitive and thwart attackers. Depending on traditional security solutions and methodologies isn’t enough to combat the sophisticated attacks that target businesses today.
Instead, enterprises need a robust cybersecurity resilience strategy that ensures business continuity before, during, and after a cybersecurity incident. Cyber resilience strategies address an enterprise’s ability to predict, resist, recover from, and adapt to attacks.
Attackers have adjusted and thrived since the pandemic
As enterprise IT has had to react and adjust to network changes triggered by a massive shift to remote work, cyberattackers also have reacted and adjusted the ways in which they target and attack enterprises, with major shifts occurring in attacker capability, the types of attacks being made, and the ways in which attacks are being carried out.
Indeed, attackers saw the pandemic as an opportunity to increase activity by exploiting the vulnerability of employees working from home, evidenced by the fact that one recent survey found 47% of people fell for a phishing scam while working at home. According to our latest Threat Intelligence Report, attackers launched 5.4 million DDoS attacks in 1H 2021. For just the first quarter of 2021, attack frequency increased by 20% over the same period in 2020. But attackers didn’t simply increase the number of DDoS attacks launched: They also developed new ways to target the attacks and monetise them.
From the attacker’s perspective, adding DDoS attacks to a list of ransomware services is a smart business move. DDoS attacks are incredibly cheap, easy to launch, and increase the chances of scamming the victims. But attackers aren’t stopping there.
They’ve also developed new malware to attack and infiltrate systems. Prior to the pandemic, about 20% of cyberattacks used previously unseen malware or methods. During the pandemic, that proportion rose to 35%. Some of the new attacks use a form of machine learning that adapts to its environment and remains undetected.
Hackers also are using credential-stuffing techniques to gain access to employees’ credentials, subsequently selling the stolen data to other cybersecurity criminals. Credential stuffing is a form of cyberattack whereby hackers use previously stolen combinations of username and password to gain access to other accounts. Increasingly, credential stuffing is being used to give attackers access to virtual meetings, where they obtain confidential or sensitive information that is then sold to another party or made available to the public to damage a company’s reputation.
Moreover, attackers have focused renewed attention on devices that enterprises increasingly have had to rely on to support remote work and digitisation.
Cyber resiliency takes centre stage for CIOs and CSOs
All of these factors are leading enterprises to prioritise cyber resiliency—the ability to predict, resist, recover from, and adapt to attacks. Ultimately, cyber resiliency centres around creating visibility across the enterprise and improving the ability to identify and measure risk, taking into account how your business operates, its value chain, how information and data flows across the enterprise, and critical applications and systems.
The changes wrought by the pandemic on enterprise networks have, likewise, moved cyber resiliency from a security initiative to a business strategy. In fact, 66% of enterprise security professionals plan to invest in cyber resiliency this year, according to a recent study, and 75% have increased cybersecurity budgets as a result of the pandemic to do so.
The four most challenging aspects of incorporating cyber resiliency in organisations are that digital businesses are growing too quickly to keep up, COVID-19 has changed the cyber landscape, threats to the organisation are more advanced today compared with 2019 and many companies still don’t have the right tools or technology.
The impact of these changes for CIOs and CSOs is twofold. Firstly, there’s a need for organisational change to better align cybersecurity and IT. Security teams should detect, validate, investigate, and respond to threats on an ongoing basis. But, security is also a strategic priority for network teams. In fact, a reduction in security risk is among the key measurements of success for network teams—even before service quality, network visibility, and end-user experience.
Secondly, enterprises need to resolve technical issues to achieve greater network visibility with intelligent edge defence and enable automation on par with attackers. Poorly performing infrastructure will have adverse impacts, including loss of productivity, poor customer service, a significant reduction in revenues, and additional vulnerability to cyberthreats.
Today’s complex digital infrastructure demands collaboration between network and security teams to gain better clarity on whether an IT service event is a performance issue or a security incident. Cross-team collaboration will drive cost and operational efficiencies, reduce overall risks, and quicken the pace for resolving security incidents. IT leaders can encourage this collaboration by providing a transformational security view across operations and infrastructure.