This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Matt Hartley, Co-Founder & Chief Product Officer at BreachRx.
How have cyber attacks evolved over the past 12 months?
Over the last couple of years, ransomware has become widely prevalent and can have a mammoth impact on a business. Not only do these attacks prevent a business from safely operating, but the successes adversaries have had are leading them to more frequently exfiltrate data to exploit for increased ransoms. In addition, the proliferation of nation-state-grade tactics,techniques, and procedures into the underground continues to be a major source of new “innovation” for criminals. With more nations entering the mix given the low bar for entry, this trend will only continue to improve the capabilities of criminals, hacktivists, and other threats.
What lessons can be learned from the biggest cyber attacks in recent history?
While we perpetually hope and work toward security technologies that will outpace cyber attackers, the arms race between defenders and attackers will clearly continue well into the future. Defenders need to continue to move away from a network-and technology-centric to a risk-centric approach that centers on understanding and then protecting the data, process, people, and operations of their organizations. In addition, people-centric teams like privacy and legal involved in responding to attacks need to add automation quickly as they’re already overwhelmed.
What will cyber attacks look like in the future?
Over the last twenty years, we’ve seen that attackers are motivated by the same innovations as researchers, technologists, and the greater business community. For example, with the expansion of automation and technology to automate workflows over the last decade, we’ve seen adversaries adopt similar technologies for their attacks. This trend will only continue – attackers will increasingly adopt technologies emerging from communities like machine learning and artificial intelligence. Further, the success of legitimate as-a-service businesses has led to an surge of malicious as-a-service “businesses” that have lowered the bar for less-sophisticated adversaries to launch sophisticated attacks. Coupled together, the future attacks will have the ability to more easily increase the scale and breadth of their attacks, making it much harder for defenders to respond quickly and effectively.
What are three pieces of advice for organizations looking to get ahead of the cyber attacks of the future?
First, build security and privacy in from the start. Organizations that wait to try to bolt security or privacy into their processes and products after they’ve been built are exposing themselves to serious risk of compromise and will be tempted to continue to kick the can down the road on what would likely be major, expensive efforts to add protections and controls after the fact.
Second, expect more oversight from insurance companies and governments – the impacts from data breaches have already driven increased oversight from insurance firms and led to the creation of dozens of regulations in the United States and across the world, which requires notifications, allow for oversight, and huge fines that can ultimately takedown a business if these aren’t understood and prepared to deal with correctly.
Third, while putting together the traditional high-level incident response plan is useful for compliance and to determine some organizational processes ahead of an event, they’re never pulled off the shelf during an incident or breach. Teams ultimately need discrete, actionable, and automated playbooks that can be practiced and used to respond quickly and effectively to attacks now and that will emerge in the future.