One of the most valuable weapons in any cybersecurity specialist’s arsenal is insight. Accessing and analysing data about threat types, volumes, methods and motivations offers a critical edge when designing an effective security posture. At Carbon Black we consider our Threat Analysis Unit (TAU) to be a vital part of what we do to help customers counter the threats they face. The latest intelligence to come out of TAU shows us that 2017 was a year of ballooning risk, rampant ransomware and growing awareness of the reputational damage that security breaches inflict. Here’s what we learned…
The risk of attack grows ever higher
The number of attacks is increasing exponentially – by 328% in fact. At the start of 2017, the average computer protected by Carbon Black was targeted by an attack 0.7 times per month. By December 2017 that number had leapt to three attacks on average per computer, per month. As a trend there was a 13% monthly growth rate in attacks on endpoints in the course of 2017. This means that an organisation with 10,000 endpoints is seeing an average of 1000 attacks per day.
The type of attack is changing, too. We saw linear average monthly growth in the rate of non-malware attacks of 6.8%, these kinds of attacks comprising 52% of all attacks. Non-malware attacks use authorised software to gain a foothold in the target system and are therefore hard to detect using signature-based anti-virus software.
This increase in the volume and evolution in the type of attacks has provoked an increase in organisations’ expenditure on security. Gartner has predicted that spending on security will rise by 7% in 2018 as companies invest to safeguard themselves with next generation anti-virus software that is up to the challenge of detecting and stopping non-malware attacks in their tracks.
The year of ransomware
2017 might have been the Chinese Year of the Rooster but the only crowing that security experts heard came from the army of cybercriminals who made it the year of ransomware. The ease of anonymity offered by TOR, the rise of cryptocurrencies to facilitate payments and the emergence of ransomware-as-a-service all contributed to this bumper year. Technology, government and legal industries bore the brunt of what amounted to a $5bn crime spree, according to Cybersecurity Ventures Research, with that sum handed in ransoms to criminals. With a paycheque that big in front of them, and little hope that the world will remove the incentive by refusing to pay ransoms, they are unlikely to change tactic any time soon.
Accepting that sad fact, it’s up to businesses to protect themselves unilaterally from attacks that can damage their networks, profits and – since the catapulting of ransomware into the public awareness – their reputations.
Reputations rocked by ransomware
The Wannacry and NotPetya attacks drove ransomware into the public consciousness properly in 2017, with more than half of the population experiencing it for the first time. They were quick to form judgements about where responsibility for protecting against ransomware attacks lay: squarely with individual businesses. Our research showed that 70% of consumers would consider ceasing to trade with a retailer, healthcare provider or financial institution that was affected by ransomware.
Linked to this is the fourth “R” (forgive me for adding to the traditional triumvirate) that is starting to have an impact on security postures and that is “regulation.” The enacting of the GDPR in May will see one particular security challenge brought into the spotlight and that’s the time it takes to receive a breach notification. As we’re all aware, the new regulation requires organisations affected by a data breach to inform affected data subjects within 72 hours of its occurrence.
Research we carried out earlier this year showed that organisations were suffering from a lack of data visibility and were not confident that the toolsets that they have in place for classifying critical data and identifying and prioritising risk to that data were effective and easy to manage. This shortcoming means that security teams can struggle to identify the suspicious behaviour on the network that could indicate a fileless attack in progress. Without the ability to detect a breach, organisations will run the risk of failing to notify compromised data subjects within the required time scale. Plus, and perhaps more concerningly in the immediate term, they’ll also be under an attack that they don’t know about!
This current state of the nation can seem like a bleak picture with attacks increasing, ransoms growing and reputations under fire, but there are positives, too. The security industry is fighting the good fight, using every weapon in our arsenal to defend against attacks as they evolve. We’re developing ever more sophisticated defences that can detect and stop fileless attacks before they breach the perimeter, and using threat intelligence to understand the motives, drivers and methods of our adversaries. What we do is not just a matter of business, it is a matter of pride. From more analysis from the unit or for more detail on the threat horizon, why not download our latest report: Carbon Black 2017 Threat Report.