Corporate Governance,Cybersecurity,Risk Management,Technology
May 13, 2019
Proactive Defense for Tomorrow’s Security Demands
May 13, 2019
The digital age brings many benefits—but opening the door to cyberattacks is not one of them. According to the Accenture Ninth Annual Cost of Cybercrime Report, in 2018, the average annual cost of cybercrime in the United States was $27.37 million, up more than 25 percent on the year before. Although a relatively modern phenomenon, cybercrime is increasing both in numbers and in scope. The average number of breaches in the United States was 178 in 2018, up 14 percent from the year before, with malware, botnet attacks, and malicious insider incidents all up in 2018. Whatever the industry, these are worrying trends. But aside from the costs needed to resolve cybercrime, there is another far more dangerous consequence—the erosion of trust.
Trust is the fuel that drives the digital economy. It can strengthen an organization’s standing and lead to new revenue-generating opportunities with customers. But trust can be quickly lost, so protecting sensitive data has become an essential ingredient of every good business model. To avoid well-orchestrated cyberattacks, organizations must be vigilant. They must keep pace with the evolving nature of the threats they face and adopt a proactive cyber defense strategy to defeat them. And the board must be vigilant and actively involved in conversations about what is being done to mitigate this enterprise-wide risk.
So what’s happening in the world of
cyberthreats and where are cyberattacks headed? Let’s look at three growing threats:
- Credential and identity theft. However robust organizations’ security defenses may be, the weakest link still lies in social engineering such as phishing. An easy target is credential and consumer data theft, where the increase in consumer data available to fraudsters is driving fraud losses higher every year, the Federal Trade Commission reports. Whether committing credit card fraud, stealing passwords or using a synthetic identity to obtain control over a customer’s account, new forms of theft offer high-dollar returns with a low risk of detection. Adversaries may also use large data sets in new ways, such as corporate credential theft where adversaries gain access to critical processes and data within, say, a financial institution or set of financial services organizations. This is a popular breach strategy favored by organized crime and politically motivated adversaries in particular.
- Data manipulation. As data currency grows in significance, stealing data won’t be the route to financial gain. Rather, strategic data manipulation which could destabilize systems and markets will lead to the greatest financial impact that cyberthieves can make. According to a report from CNBC, manipulating credit scores or bank account numbers is a natural evolution from yesterday’s big data breaches that exploited the personal information of millions of consumers, healthcare patients, or government workers. Here, artificial intelligence (AI) may have a negative impact. Authenticating data and validating its integrity can be challenged by the adversarial application of AI (such as attacks exploiting machine learning models), fracturing trust across many institutions through data theft, manipulation, and forgery. Organizations need to employ countermeasures—data provenance (verifying the history of data from its origin throughout its life cycle), threat modeling, and alerting—for early detection of data changes. By assessing anomalies and quantifying data trust, security teams can better forecast cybercriminal and cyberespionage attacks over time.
- Disruptive and destructive malware. Ransomware threats have targeted critical infrastructure sectors at alarming rates—it’s reflected in the cost of ransomware across all industries and countries, which has grown 21 percent in the last year. As cybercriminal and cyberespionage groups continue to use destructive and disruptive malware paired with evasive techniques (like modifying permissions or how authentication is performed), the application of malicious programs could become more targeted. Threat adversaries may take advantage of system encryption and file destruction for greater impact to critical systems supporting the delivery of core services—and it could be hard to decipher the differences between an attack and a coverup. Data manipulation and theft followed by ransomware or the resurgent wiper ware, a form of attack that erases data including logs used to monitor for suspicious activity, can impede incident responders’ ability to perform forensics, stop the attack, and remove adversaries from their systems.
As security and regulatory demands grow, organizations
need to prepare for a worst-case scenario. While the organization’s
security team will be its front-line soldiers in the event of an attack, the
team’s leaders will need to keep the board of directors apprised of any changes
that require their attention—and especially any matters that require disclosure
under regulatory rules. In a similar vein, boards will need to continue to
educate themselves about the growing and changing threats so that they can keep
up and ask the right questions in the event of a breach or attack.
To help their organizations defend against
new threats and adversaries, boards and leaders might ask themselves the
following five questions:
- What are we doing to collaborate with peers and
third parties on multistage exercises? Leaders must actively encourage collaboration
and threat information sharing—even among competitors—as there is safety in
numbers when defending against cyberattacks.
- Are we investing in tools that identify external
discussions about our organization? Use artificial intelligence, big-data
analytics, and machine learning to enable security teams to monitor, react and
respond in nanoseconds and milliseconds, not minutes, hours or days.
- How can we strengthen insider threat programs that
disincentivize malicious adversaries? Monitor continuously and vigilantly, not
only for unauthorized access, but also for undiscovered threats and suspicious
user behavior. Use incident response and threat hunting teams to look for the
next breach to “find them before they find you.”
- Are we improving online accountability through
corporate policies and education? Provide ongoing training and skill
reinforcement so that employees think and act with security in mind.
- How often do we simulate adversarial threats
using disinformation, emerging technologies, and compromised corporate
credentials? Transform the incident response plan into a crisis management plan
and test it repeatedly to build a “muscle memory” response.
Above all, the boards and leaders of organizations
must strive to be better informed not only about existing threats, but also how
those threats are evolving if they are to take cyber resilience to the next
level of maturity and effectiveness.