Here are the key findings and takeaways for CIO/CISOs from the recent Fortinet Threat Landscape Q1’19 report
In recent years, cyber security attacks have increased substantially and companies have to bear phenomenal losses to safeguard themselves from the clutches of security threats. The latest threat landscape report from Fortinet for Q1 2019 shows that cyber criminals are not just becoming increasingly sophisticated in terms of their attack methods and tools, they are also becoming very diverse, throwing greater challenges to IT and security professionals.
The Fortinet report explains how attackers are increasingly using a broad range of attack strategies, from targeted ransomware to custom coding, to living-off-the-land or sharing infrastructure to maximize their opportunities, and using pre-installed tools to move laterally and stealthily across a network before instigating an attack. Based on the report findings, we provide insight into how CIO/CISOs should adopt a proactive approach, such as threat intelligence and other techniques to curb cyber security risks.
Here are some of the highlights of the research:
- Majority of threats share infrastructure: The degree to which different threats share infrastructure shows some valuable trends. Some threats leverage community-use infrastructure to a greater degree than unique or dedicated infrastructure. Nearly 60% of threats shared at least one domain indicating the majority of botnets leverage established infrastructure. This makes it clear that infrastructure plays a particular role when used for malicious campaigns. Understanding what threats share infrastructure and at what points of the attack chain enables organizations to predict potential evolutionary points for malware or botnets in the future.
- Ransomware far from gone: In general, previous high rates of ransomware have been replaced with more targeted attacks, but ransomware is far from gone. Instead, multiple attacks demonstrate it is being customized for high-value targets and to give the attacker privileged access to the network. Some of the recent ransomware variants such as LockerGoga demonstrates that CISOs need to remain focused on patching and backups against commodity ransomware, but targeted threats require more tailored defenses to protect against their unique attack methods.
- Pre- and post-compromise traffic: The Fortinet research demonstrates if cyber criminals carry out phases of their attacks on different days of the week. It finds out when comparing Web filtering volume for two cyber kill chain phases during weekdays and weekends, pre-compromise activity is roughly three times more likely to occur during the work week, while post-compromise traffic shows less differentiation in that regard.
- Content management needs constant management: New technologies such as Web platforms are getting a lot of attention from cyber criminals recently. These platforms make it easier for consumers and businesses to build Web presences. They continue to be targeted, even associated third party plugins, says the study.
- Tools and tricks for living off the land: Threat actors increasingly leverage dual-use tools or tools that are already pre-installed on targeted systems to carry out cyber attacks. This “living off the land” (LoTL) tactic allows hackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder.
Michael Joseph, Regional Director System Engineering, India & SAARC, Fortinet believes that CISOs need to rethink their strategy to better future proof and manage cyber risks. He suggests, “Embracing a fabric approach to security, micro and macro segmentation, and leveraging machine learning and automation as the building blocks of AI, can provide tremendous opportunity to force our adversaries back to square one.”
While the malicious attempts to damage systems of a firm are increasing, they are also getting more complex. To stay ahead of cyber threats, CIO/CISOs must evaluate their cybersecurity processes to make sure that effective systems are in place.
Here are some of the key takeaways for CIO/CISOs:
1. Invest in threat intelligence programs
In order to understand existing or potential hazards targeting valuable assets, firms rely on threat intelligence. The information gathered is used to identify, prevent and react to such threats through informed decisions. With threat intelligence program, CIO/CISOs can stay up to date with security threats, including methods, targets and vulnerabilities. Fortinet researchers recommend only a security fabric that is broad, integrated, and automated can provide protection for the entire networked environment, from IoT to the edge, network core and to multi-clouds at speed and scale.
2. Combine IT security and business risk management
As cybersecurity is not just an IT-related threat, its impact could even have greater legal and regulatory implications. That is why IT security needs to blend with business risk management strategy too. CIO/CISOs need to support IT governance, including data security, as a way to ensure IT strategy aligns and supports the business’ overall objectives.
3. Ensure smooth C-suite communication
The lack of collaboration at the C-suite level is creating cybersecurity risks in the enterprise. A report by Accenture states that only 40% of CISOs surveyed said that they always communicate with other business managers proposing an integrated security approach.
4. Creating a ransomware defense
Detecting and preventing ransomware has become imperative. Hence CISOs need to understand the nature of ransomware attacks and what they are targeting—geography and vulnerabilities. They should prioritize patching and establish backup, storage, and recovery activities.
5. Be careful of pre-installed tools
Organizations must pay particular attention to pre-installed tools that can be exploited to escalate privilege and hide malicious code and attacks. Intent-based segmentation uses business logic to segment the network, devices, users, and apps, can prevent lateral movement of LoTL attacks, thereby, preventing them from accessing critical data and infrastructure.