New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks. How to Address Incident Response Challenges

Similar documents
Kaspersky for Business. On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives. Kaspersky Lab

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

The 2017 State of Endpoint Security Risk

Building a Threat Intelligence Program

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Wick Hill Group, River Court, Albert Drive, Woking, Surrey, GU21 5RP

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

CYBER RESILIENCE & INCIDENT RESPONSE

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

2017 RIMS CYBER SURVEY

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

State of Cloud Survey GERMANY FINDINGS

HOSTED SECURITY SERVICES

Second International Barometer of Security in SMBs

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Mastering The Endpoint

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

ACHIEVING FIFTH GENERATION CYBER SECURITY

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

EFFECTIVE INCIDENT RESPONSE

Managed Endpoint Defense

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

Are we breached? Deloitte's Cyber Threat Hunting

Security in India: Enabling a New Connected Era

Conducted by Vanson Bourne Research

State of the Cyber Training Market January 2018

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

CICS insights from IT professionals revealed

8 Must Have. Features for Risk-Based Vulnerability Management and More

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Cybersecurity 2016 Survey Summary Report of Survey Results

Evolving Threats Call For Integrated Endpoint Security Solutions With Holistic Visibility

Resolving Security s Biggest Productivity Killer

THREAT HUNTING REPORT

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

AUSTRALIA Building Digital Trust with Australian Healthcare Consumers

DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT

Sponsored by Raytheon. Don t Wait: The Evolution of Proactive Threat Hunting Executive Summary

THE STATE OF CLOUD & DATA PROTECTION 2018

Bring Your Own Device (BYOD)

REPORT. proofpoint.com

Background FAST FACTS

Reducing the Cost of Incident Response

NEXT GENERATION SECURITY OPERATIONS CENTER

Panda Security 2010 Page 1

to Enhance Your Cyber Security Needs

Kaspersky Security Network

RUAG Cyber Security Understand Cyber. Protect Values.

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

RSA NetWitness Suite Respond in Minutes, Not Months

UNLOCKED DOORS RESEARCH SHOWS PRINTERS ARE BEING LEFT VULNERABLE TO CYBER ATTACKS

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Gujarat Forensic Sciences University

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

THREAT HUNTING REPORT

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

DDoS MITIGATION BEST PRACTICES

FOR FINANCIAL SERVICES ORGANIZATIONS

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

DIGITAL TRUST Making digital work by making digital secure

Automated Context and Incident Response

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

BYOD Risks, Challenges and Solutions. The primary challenges companies face when it comes to BYOD and how these challenges can be handled

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Cyber Security in Smart Commercial Buildings 2017 to 2021

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Attackers Process. Compromise the Root of the Domain Network: Active Directory

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

From Reactive to Proactive: How to Avoid Alert Fatigue

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Trend Report. Network Security: What IT Decision Makers Really Think

Toward an Automated Future

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Security-as-a-Service: The Future of Security Management

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Tripwire State of Container Security Report

Disaster Recovery Is A Business Strategy

SIEM: Five Requirements that Solve the Bigger Business Issues

RSA Cybersecurity Poverty Index

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

with Advanced Protection

TRUSTED MOBILITY INDEX

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Best Practices in Securing a Multicloud World

Evolution of IT in the Finance Industry. Europe

Machine Learning and Advanced Analytics to Address Today s Security Challenges

Cybersecurity in Government

Transcription:

New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks How to Address Incident Response Challenges

01 Introduction This year, Kaspersky Lab s quarterly threat reports highlighted significant developments in the world of advanced attacks and epidemic outbreaks, with the infamous WannaCry and ExPetr attacks dominating headlines the world over. Today, as well as having to cope with a near-constant deluge of traditional malware, businesses are also at risk of facing more sophisticated threats that often involve fileless malware, ransomware, reconnaissance activities and social engineering techniques. Such cunning attacks are usually multi-layered operations that may not even involve any malware at all, allowing them to easily slip undetected through endpoint protection solutions, leaving companies with a false sense of security when cybercriminals leave no footprint or destroy almost all traces of their activity. Apparently, endpoints are still the main entry point for attackers and traditional prevention strategies used by companies are no longer adequate. With a security breach now more a question of when, not if, businesses need to rethink their approach to managing corporate security, putting more focus on always-on monitoring and analysis leveraging threat intelligence, as well as mitigating an incident s consequences. It is now impossible for companies to fix and block everything, meaning frameworks need to be put in place that enable constant investigation and regular evaluation to ensure response strategies are up to date. Cybersecurity, therefore, is no longer a destination, but a continuous journey. In such an environment, incident response becomes a complex organizational process that requires strategy, advanced cybersecurity technologies and input from many people within the organization. It demands a fast, efficient approach to assessing the vast volumes of security data generated by today s rapidly evolving threat landscape. The days of being able to manually respond to alerts and generate a complete picture of security are long gone, causing a millions of alerts problem for IT security departments. Combined with an industry-wide skills shortage, this can result in the most crucial incident indicators being missed by overwhelmed security teams while the attackers slip undetected into the corporate infrastructure and remain there, undiscovered, to spy, steal or damage. To help businesses navigate through today s cyberthreat landscape and address the organizational challenges and strategies of minimizing risks and responding to attacks, Kaspersky Lab carried out a study investigating the top concerns in the industry and the real incidents that businesses have faced in the last 12 months. The findings are summarised in the following report.

02 Methodology The Kaspersky Lab Corporate IT Security Risks Survey is a global study of IT business decision makers, carried out by B2B International on behalf of Kaspersky Lab in April 2017. The research questioned 5,274 workers about various aspects of cybersecurity, including their company s attitudes towards the area, the main challenges they are facing and the types of approaches/strategies they currently use. Respondents represented very small businesses (1-49 employees), small to medium sized businesses (50-999 employees) and large organisations with 1,000+ employees. Results were compared to last year s survey - as well as between regions, industries and company sizes - to paint a comprehensive picture of the threat landscape.

03 Key Findings Targeted attacks have become one of the fastest growing threats in 2017, increasing in overall prevalence by 6% compared to 2016 and by 11% for enterprises. Comprising of not just common malware, but a unique malicious pattern that cybercriminals are using on organizations, a targeted attack is extremely dangerous for companies that rely solely on conventional approaches to cybersecurity. As there s no such thing as a common approach to fighting complex threats, businesses are struggling to understand how to deal with targeted attacks, with 42% of respondents admitting that they are unsure of the most effective response strategy. Worryingly, this figure is significantly higher (63%) among respondents who are IT security experts. A lack of IT security experts, especially those with specific knowledge in SOC management, incident response and threat hunting, is aggravating the situation. Half of businesses (50%) admit that they need to hire more experienced IT security professionals and a shortage of internal dedicated staff increases exposure to targeted attacks by 15%. However, organizations are reluctant to increase their security spend on protection against targeted attacks: 78% of respondents think they are currently spending enough, or even overspending, when it comes to investing in advanced threat defence. Meanwhile, there is a clear need for security solutions that go beyond prevention, as speed of detection is critical when it comes to the cost of breaches. When attacks were detected immediately, the average cost of recovery was $63K for SMBs and $102K for enterprises, compared to $465K and $1.2m respectively if detection took more than one week. Finally, efficient incident response is not just about technology. To be able to effectively combat complex cyberthreats, organizations need to think about it as a process, not a destination. In addition to the right technologies, the strategy should also involve human expertise (in house or outsourced), incident investigation frameworks, procedures and cost-efficiency planning.

04 Targeted attacks: An uphill battle It s no secret that IT security teams have had their hands full over the last 12 months, highlighted by the fact that over three quarters (77%) of businesses reported that they experienced some kind of incident during this period. Indeed, all types of attacks have increased in prevalence over the past year, with targeted attacks specifically showing one of the biggest overall increases (6%). This is placing a huge amount of pressure on security teams, with many facing the dilemma of how to incorporate a response strategy that is able to protect their organizations against complex cyberthreats, without impacting business processes. Data breaches are no longer a question of if, but when Over a quarter (27%) of businesses admit that they have experienced targeted attacks on their infrastructure, up from 21% this time last year, and 33% of businesses feel that they are being specifically targeted by cyberattacks. As you would expect, large organizations have experienced the highest number of targeted attacks, most likely due to the treasure-trove of sensitive corporate data that enterprises today hold, while organisations in the IT and telecoms (30%), healthcare (30%) and utilities (29%) industries have received the most interest from cybercriminals.

05 But it s not just the quantity of incidents that is causing problems for businesses. Two-thirds of respondents (66%) agree that IT security threats are becoming more complex, with 62% saying that they have experienced complex IT security incidents in 2017, as cybercriminals continue to develop their skillsets. Complex security incidents experienced None........................ 34% 9% 6% 34% 1 incident.................... 23% 2 to 3........................ 20% 4 to 5......................... 9% 6 to 20....................... 6% 20% 23% 21 to 50....................... 2% 50 or more separate incidents.. 1% Too many to guess............. 1% Don't know.................... 4% Оverall Finance 62% 67% Industrial/Manufacturing Utilities & Power Healthcare 65% 64% 64% IT & Telecoms Not financial institutes Hospitality Government Retail & Wholesale Other 62% 62% 61% 59% 58% 59%

06 As a result, organizations are waking up to the fact that cybersecurity breaches are now inevitable. Indeed, 57% of companies believe that their organizations will be compromised at some point, up from 51% in 2016, suggesting that mindsets are changing when it comes to cybersecurity and highlighting a need to be able to effectively respond to any attack. However, despite this awareness of the threats, businesses are still reluctant to increase their security spend, potentially due to being repeatedly told to buy new solutions to counter the next big threat. As the chart below shows, just 15% of businesses don t think they spend enough on protection against targeted attacks. Attitudes toward investiment in protection from advanced threats Targeted attacks 15% 58% 20% 7% We don t spend enough to protect against this We spend an appripriate amount We over-spend on this. We could have effective protection for less Don t know With regards to targeted attacks specifically, the vast majority (84%) of C-level IT specialists believe their company is either spending enough or over-spending on protection. Interestingly, this figure is slightly lower (79%) among C-level executives in non-it roles, suggesting that they are either more concerned about the business risks related to targeted attacks. When it comes to responding to an attack, confusion reigns A significant challenge facing businesses in today s cyber-battle relates to a lack of knowledge and expertise, which is making it harder for businesses to put clear response strategies in place. When asked, 42% of respondents agreed that their organization is not sure of the most effective strategy to combat threats like targeted attacks. This figure is higher for businesses in the healthcare (46%) and manufacturing (47%) sectors, possibly suggesting that firms in these industries are overwhelmed by the threat posed by such incidents. There are also some geographical differences. Half of businesses in the APAC region agreed that they were unsure of the best response strategy, compared to 41% in Europe, 39% in North America and just 31% in Russia.

07 Similarly, 46% of respondents agreed that their knowledge of IT security threats specifically targeting their business is far from ideal, rising to 62% in APAC and dropping to 42%, 41% and 36% in Europe, North America and Russia respectively. Businesses today cannot afford to be complacent when it comes to their cybersecurity, so need to ensure that an effective response strategy involving a combination of procedures, technologies and human experts is in place for when an attack does occur. Cybersecurity expertise 70 60 62 50 40 30 50 41 42 39 41 36 31 45 39 38 39 20 10 0 APAC Europe North America Russia Latam Japan Lack of knowledge of effective response Lack of knowledge of specific threats

08 Need for speed One key issue the research highlights is the importance of speed when it comes to detecting and responding to data breaches and targeted attacks. As well as the speed of detection being one of the strongest drivers of overall cost, rapid remediation is key to limiting the costs related to long-lasting reputational damage such as lost business, increased insurance premiums and embarrassing compensation bills. But, according to the research, just a quarter (25%) of companies discovered their most serious security incident within a day, highlighting the importance of a comprehensive incident response process. Worryingly, it took every tenth company a year to discover the loss, theft or damage of data, making remediation a more complicated and expensive process. Time until discovery More than a year About a year Several months Several weeks Several days Within a day Within a few hours Almost instantly Percentage 5.9 10.3 16.6 18.3 22.9 12.3 8.7 3.6 Government organisations were the quickest out of the blocks, with 34% detecting their most serious security incident within a day, compared to utilities where discovery took a year or more in 21% of cases. This difference is likely due to a combination of reasons, including the pressures government organisations face when it comes to protecting data, the emphasis placed on security generally and the complexity of internal network architectures. And it certainly pays for businesses to be on the ball, as detection speed has a significant material impact on the financial cost of an attack. For SMBs, the average cost of recovering from a targeted attack if it is detected immediately is $63K. This figure then jumps to $78K if detected within a week and $102K if detection takes longer than one week. Total Impact: SMB Total Impact: Enterprise $102K $63K $78K $456K $775K $1.2M Immediate Detection Within A Week Over A Week Immediate Detection Within A Week Over A Week

09 For enterprises, the increase is even more substantial, with a targeted attack costing an average of $1.2M if it remains hidden for more than a week three times higher than the $456K cost for immediate detection. Equally essential as detection is remediation, which is particularly important in limiting the long-term reputational and financial damage associated with a cyberattack. Factors such as lost business, employing external professionals, training employees and paying extra for PR to repair brand damage all come into account, potentially adding hundreds of thousands of dollars onto the recovery bill and making a quick response even more important. Skills shortage makes businesses slow and unsteady So, why are businesses being slow to detect and respond to targeted threats? The simple answer is that there is just too much noise. With businesses facing an ever-growing number of attacks, security teams are struggling with an inability to spot the most dangerous threats through hundreds of thousands if not millions of incident alerts. Over half (52%) of businesses admitted that it is becoming more difficult to tell the difference between generic attacks and truly serious threats, meaning targeted attacks are likely to slip through the cracks and cause severe damage. Clearly, a comprehensive response strategy is vital. A lack of IT security expertise is further aggravating the issue. The cybersecurity skills shortage has been a widely-discussed issue, highlighted by the proportion of businesses that have been forced to turn to external help when recovering from a data breach. Exposure to targeted attacks 38% 53% No Internal Specialists With Internal Specialists Nearly three-fifths (58%) of respondents said a cyberattack forced them to employ the services of IT security consultants, suggesting a lack of in-house talent. Interestingly, there were notable geographical differences. In Japan, for example, 65% of businesses hired external consultants, whereas the figure was significantly lower for organisations in Europe (54%) and Russia (40%). Healthcare (65%), telecoms (63%) and finance (63%) were the industries most likely to look for help externally, while retail and government organisations were more likely to rely on existing staff.

10 Total Financial Impact For SMBs $91K $86K Total Financial Impact For Enterprises $1.1M $930K Presence Of Internal Specialists No Yes Finally, 53% of businesses agreed that they need to employ more specialists with specific experience in IT security rather than general IT professionals a figure which jumps to 61% for enterprises. This is a worrying trend, as having internal IT security specialists gives businesses a financial edge when it comes to responding to data breaches. It also highlights the importance of incorporating a combination of people, processes and technology into any effective incident response strategy.

11 Proactive protection: The answer to targeted attacks All of these trends are combining to form something of a perfect storm of cyberthreats and IT security professionals have started to accept that a change in attitude is required to combat them. Businesses are realising that, in order to gain visibility through the sea of alerts and react immediately to the most severe threats, a proactive detection and response mindset is the best way forward. Nearly three-fifths (59%) of businesses believe their IT security strategy should prioritise being able to more effectively detect and respond to attacks, with the finance (66%) and utilities (63%) industries leading the way. This mindset is especially prevalent in large enterprises with more than 1,000 employees (62%), possibly due to the sheer quantity of attacks impacting such organisations and a more mature understanding of the modern threat landscape. There is also a clear need for security solutions that go beyond prevention and provide a more complete cybersecurity package. For example, 56% of businesses agreed that they need better tools to detect and respond to advanced persistent threats (APTs) and targeted attacks and 67% of companies consider solutions that continuously and proactively seek threats and threat actors that are targeting their organizations to be effective. Countries in Europe appear to be particularly in favour of this approach, with 75% of companies in Italy, 71% in Spain, 70% in France and 69% in the United Kingdom in agreement. At the opposite end of the spectrum are the United States (60%) and Japan (55%). Finally, an attitude in favour of proactive detection and response is endorsed by those in IT, as 60% of IT personnel believe in the effectiveness of services that proactively seek threats that are targeting their organisation, compared to 47% of non-it staff. Businesses are clearly ready to change their thinking regarding effective security strategies. The challenge is creating an efficient process which makes use of technology and people to help organizations stay one step ahead of the attackers.

12 Conclusion The rapid and constant development of the cybersecurity landscape means businesses simply can t afford to stand still when it comes to protecting themselves against sophisticated, targeted attacks, one of the fastest growing threats in 2017. Security solutions are generating more incident alerts than ever before and overstretched IT teams are understandably finding it hard to cut through the noise, meaning the most dangerous threats are often slipping through the cracks. This, combined with the rapid increase in recovery costs as threats remain undiscovered and the fact that threats are getting more complex, is putting businesses on the back foot. Clearly, something needs to change. 57% of respondents to our survey agreed that an attack is going to get through at some point, meaning organizations need to be able to paint a full picture of cybersecurity across the entire organization. This will also enable businesses to adapt their approach and focus on being able to immediately detect and respond to threats, as opposed to the more traditional mind-set of focusing just on prevention. IT security departments, as the technology gatekeepers, have a responsibility to lead this evolution by making sure their organizations continue to invest in advanced technologies and professionals with specific knowledge and experience in threat hunting, forensics and incident response. However, as protection from modern threats is a complex process, these components must be supplemented by effective recovery procedures and a comprehensive incident investigation framework, comprised of always-on monitoring, advanced detection and critical security event mitigation. In today s world, businesses can never be completely risk free. But, by shifting their focus towards proactive protection, adopting a strategic approach to security and planning in advance, they can get themselves into a position to be able to effectively respond to targeted attacks and contain the damage.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback