The number of cyberattacks in 2020 will only continue to grow compared with previous years, according to recent research reports published by cyber security companies. The increase in cybercrime is largely down to the rise of Ransomware as a Service (RaaS), but the fact that cybercriminal groups are working more closely together also plays a major role. By forming alliances, they have been able to extend their reach, increase the strength of their attacks, and develop more advanced tactics.
Many of the popular techniques used by cybercriminals are relatively simple to protect against, thanks to powerful cybersecurity solutions. Yet, companies remain vulnerable to some of the most common tactics used. Adopting a proactive, up-to-date security policy is absolutely essential if you are to detect and prevent cyberattacks swiftly in 2020.
Our cyber security experts at Infradata have put together a list of some of the best measures you can take to enter the new year with a stronger and more effective cyber security policy.
1. Don't forget the cybersecurity basics
The basic principles of user awareness, secure configurations, and asset and vulnerability management still form the basis for an effective and practical cyber security shield.
Organisations must routinely review and improve their default cyber security measures in force, including:
- Cybersecurity awareness campaigns and programmes for users. New tactics used in cyberattacks are uncovered every year – such as ransomware, credential phishing, and privilege escalation. But by regularly training users through company-wide updates on new types of phishing or social engineering tactics that have been detected, users become familiar with the latest cyber threats and are in a better position to detect threats themselves.
- Effective asset management and maintaining a software inventory are crucial to understanding how and when your organisation is exposed to certain threats and what digital footprint your company leaves behind. Vulnerability management and patch management helps to verify known vulnerabilities and identify, prioritize, and rectify insecure configurations.
- Multi-factor authentication (MFA) must apply to all users. Cybercriminals prove time and time again that they have clever ways of getting hold of sensitive data in no time. This leads to more serious types of attacks. However, MFA makes it a lot harder for cybercriminals to get privileged access to systems.
- Powerful privileged access management (PAM) processes are also a must. This restricts the amount of damage that can be caused by outside access. It also reduces the risk of spreading harmful viruses and/or software to other systems.
- Implement password security to ensure endpoint security. The best solutions provide valuable insights and critical prevention, so cybercriminals are unable to crack the security on end devices in an effort to prevent traces of their activity from being left.
2. Make the most of the security tools you are already using
The preventive functions of endpoint security and other security solutions are all too often set to monitoring mode. This is usually because managers are afraid of solutions disrupting certain business services or they fear too many potential false positives.
But that means some attacks that could be easily blocked could end up getting through. Make sure your security tools have prevention and blocking turned on. The most basic functions such as machine learning, prevention, and quarantine are becoming more and more effective in stopping common techniques that criminal organisations use. Typical techniques such as TrickBot (malware) and Ryuk (ransom) are now blocked effectively by the endpoint security products available. In addition, known indicators of compromise at the network level can easily block simple general techniques for connecting with C2s and downloading as the subsequent phases of an attack.
3. Focus on more than malware: strengthen security against modern cyberattacks
As advanced attacks develop, companies are increasingly faced with more than just malware problems. IT security teams need to look for the early warning signs of an attack, such as code execution, persistency, stealth, command control, and lateral movement within a network. Conventional defence in depth technologies cannot identify or respond to these kinds of signals.
With the introduction of contextual analysis and behaviour analysis technology in security solutions – often delivered in real-time using machine learning and artificial intelligence – these types of attacks are quickly detected and stopped in their tracks. Being able to perform analyses on the basis of context and behaviour is a key point of focus when choosing your security solutions in 2020.
4. Survival of the fastest: mastering the 1/10/60 challenge
An important metric for security teams is the breakout time, which indicates the time it takes from the initial intrusion until lateral movement within an environment. Average breakout times are only a few hours for cyber threats, so it’s important to remember the 1/10/60 rule.
The 1/10/60 rule means that you have:
- one minute to detect an intrusion
- ten minutes to perform a full investigation into the intrusion
- sixty minutes to remove the threat from the environment.
Companies that apply the 1/10/60 rule in 2020 will have a greater chance of neutralizing an attack before it even starts to spread from its initial point of intrusion, thereby minimizing the impact and preventing further escalation.
Adopting this rule will admittedly be challenging for many companies in 2020. It requires investment in deep visibility tools to automatically perform a threat analysis, plus remediation solutions that cover the entire organisation. Threat analysis tools and endpoint detection & response (EDR) tools will no doubt help response teams to understand the nature of threats and take action more quickly.
5. Work with a partner that has the cyber security expertise you need
It is tempting for organisations to focus primarily on technology to tackle common cyber security challenges. But as cyberattacks continue to demonstrate, hardware and software are not enough; having cyber security professionals on hand is also essential to ensure a high-security level that works. Dedicated, effective, and experienced cyber security experts are hard to find, not to mention expensive.
That is why companies tend to look for an external partner, with certified and talented experts, often supplemented by managed security services and an outsourced security operations centre (SOC). This is a cost-effective way to help detect and neutralize cyber threats in your day-to-day operations.