This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with David Vincent, Chief Security Evangelist and VP of Product Strategy at Appsian.
It’s common knowledge that cybercriminal activity is constantly increasing and is one of the biggest globally challenges that organizations will face in the next two decades. Current reports from numerous sources such as IBM, McAfee, Verizon, Cyber Magazine, etc., are predicting the impact of cybercrime damage to reach $6T by the end of 2021.
It is difficult to accurately report on the evolution of cyber-attacks that occurred within the last 12 months because according to the annual Verizon Data Breach Investigations Report, 58% of cyber-attacks take months or even years to detect, but they did indicate that 36% of confirmed data breaches involve phishing techniques, and 24% of those cyberattacks targeted financial institutions. Additionally, according to BlueVoyant, the top 5 cybercrime attack methods in 2020 were: phishing scams, website spoofing, ransomware, malware, and IOT hacking.
We can all agree that cyber-crime is no longer the highly skilled college student mischievously trying to hack into an organization. Now cybercriminal organizations like the top five: Cobalt, Lazarus, MageCart, Evil Corp and GozNum are recruiting highly skilled cybercriminals, but not just for the sole purpose of performing their own criminal activity against organizations. These cybercriminal organizations have evolved into cybercrime entrepreneurs through the development of increasingly sophisticated cybercrime tools that the average cybercriminal could not create on their own and selling these tools on the black market for a reasonable price. This is drastically increasing the population of cybercriminals that organizations must defend against.
More and more cybersecurity professionals are mentioning that they have seen some of the most authentic bank phishing attempts recently. Bank Phishing is a criminal activity where a malicious person(s) attempts to fraudulently acquire sensitive information, such as online banking passwords and credit card details, by masquerading as a trustworthy organization or website. These phishing attacks are usually done in the form of an email, and the increase in the number of “highly authentic” phishing and website site spoofing attacks are likely a result of cybercrime entrepreneurs selling their sophisticated crime kits on the black market to less experienced cybercriminals.
Organizations need to:
No doubt phishing scams, website spoofing, ransomware, malware, and IOT hacking will continue to occur, and these techniques will improve in their effectiveness with more convincing presentations of bank phishing emails and fraudulent websites. New cyber-attack methods will also appear, which will be difficult for anyone to predict what those will be, but many conference topics and articles have been mentioning the following as areas that will likely see more cyber-crime attacks.
Always Understand Your Current Risk Exposure & Vulnerabilities – The first step in any battle is to assess your defensive capabilities to identify weaknesses that need to be resolved quickly. This can be done by conducting a thorough risk assessment to identify and quantify all of the potential security risk exposure, and then evaluate the design and operating effectiveness of those controls intended to mitigate those risks to determine if any vulnerabilities exist that could be exploited by cyber criminals. Part of this risk assessment should determine your security control environment’s capability to detect, prevent, respond, and recover from threat events. Furthermore, it is important to monitor the residual risk level, of a given risk event, against the organization’s maximum risk appetite level to determine if they have implemented adequate level of mitigation controls. Residual Risk = Inherent Risk – Control Effectiveness. If the residual risk level is too close or exceeds the maximum risk appetite level, then the organization must go back and improve their control effectiveness.
Perform Independent Risk Assessments – Have an independent audit performed every six months to evaluate the design and operating effectiveness of the security control you have implemented to safeguard your systems and data. Part of this independent risk assessment should determine your security control environment’s capability to detect, prevent, respond, and recover from threat events.
Implement A Continuous Improvement Process – After implementing the 6 leading practices listed in question # 2, consider implementing AI & ML capability to constantly (24/7/365) perform your security risk assessment based on the “monitoring of the key risk indicators to detect and respond to anomalies and threats”.