According to the Cybersecurity Market Report, global spending on cybersecurity products and services is expected to exceed $1 trillion between 2017 and 2021, while costs associated with cybercrime will increase to $6 trillion by 2021, reinforcing the cybercrime epidemic impacting enterprises and governments worldwide. The growing attack surface, the cybersecurity workforce shortage, the increase of nation-state cyber threats, and the lack of cybersecurity awareness training for employees are all factors that contributed to the sharp increase in cyber attacks against enterprises in 2016.
From the large-scale Dyn attack to the recent reporting of the 2013 Yahoo breach, many major players saw their defenses compromised last year.
The security landscape for 2017 will be faster-growing and more complicated than ever before. As your trusted advisor in cybersecurity, allow Herjavec Group to break through the clutter and focus your attention on the top cybersecurity related questions all C-level executives should be asking this year:
Wishing you a (cyber) safe and successful 2017!
How can we leverage Threat Hunting to alleviate the pressures of IoT?
We are connecting 5.5 million new devices to the internet each and every day. This represents a 30% increase year-over-year from 2015 to 2016. Unsurprisingly, it’s been predicted that the number of connected things in use worldwide will only continue to scale, reaching 20.8 billion by 2020 (Gartner, 2015).
With the rise of Internet of Things (IoT) devices in corporate environments and the anonymous nature of online activity, security threats associated with IoT will also continue to grow. Mobile devices pose a major threat to organizations as cybercriminals often leverage mobile malware to target victims.
Furthermore, there has been a rise in social engineering threats using IoT as a medium to target consumers. Social engineering involves the exploitation of humans (thought to be the weakest link in security) and relies on a set of technological, psychological, and physical techniques that trick a user into breaking security protocols. These techniques include:
Phishing – Phishing occurs when an attacker masquerades as a credible source and sends an email requesting that a user performs an action (ex: clicks a URL, or opens an attachment) and conveys confidential information. Spear-Phishing is similar, but the attacker targets specific individuals and includes relevant information to appear even more convincing.
Vishing – Malicious attackers will attempt to call various individuals or groups to gather information about a target or in order to influence an action. For example, a common scenario would involve a hacker calling a helpdesk to request that a new account should be created.
Impersonation – Pretexting as another person or presenting a false identity can allow an attacker to gain access to information, facilities, or secure systems.
According to Will Ehgoetz, Sr. Threat Hunter at Herjavec Group, 2017 will see a drastic rise in issues relating to IoT. Many organizations are still working towards gaining a full understanding of IoT-related weaknesses. In fact, many default-configured devices can be exploited immediately upon being connected to the Internet. Businesses will also be vulnerable to more DDoS attacks since IoT devices can now be used as a medium to coordinate massive botnet attacks.
While many countries are beginning to mandate a certain level of security for the IoT devices they manufacture, governing bodies don’t always understand: the reality of how the devices are manufactured the price impact of securing devices the lack of technical knowledge of consumers purchasing the devices .
Since consumers want low-cost, easy-to-use devices and manufacturers are unwilling to pay premium prices for built-in security, insecure IoT devices will continue to persist in the market.
From an enterprise perspective, the lack of security surrounding IoT devices is especially concerning since consumer devices will inevitably end up on corporate networks. For example, if a company installs a smart appliance into its kitchen for employee use, that appliance may be connected to the Internet. Who will have access to that device? What can be done with that access?
As businesses begin to modernize their policies and physical spaces, it’s important to ask how smart offices can impact the corporate networks stored within. Moreover, if an organization uses a bring-your-own-device (BYOD) policy, an infected mobile device can easily spread its malware into the corporate network once connected, similar to how viral flu can spread.
“A proactive defense is key to addressing security issues in the Internet of Things,” Ehgoetz points out. “Adopting a threat hunting program in order to efficiently sift through large volumes of data is important, but you need to learn how to walk before you run.”
For organizations, this involves establishing a plan to increase maturity over time, meaning C-level executives, in collaboration with the IT team, must ask, “How do I increase my maturity to move from a purely reactive defense towards a proactive defense?”
Fig. 1: The hunting maturity model, The Who, What, Where, When, Why and How of Effective Threat Hunting (SANS, 2016)
Organizations must ensure that the right data is being logged and apply intelligence to what is already known in order to create a good proactive threat hunting environment. Additionally, company leaders should have a thorough knowledge of the organization’s “crown jewels” and prioritize protecting the most important data first and foremost.
In order to accomplish this, leaders must have a clear understanding of log sources and the degree of visibility provided into the network. Next, it’s critical to recognize the existing gaps and missing data. Evaluate whether logging this data could provide a better picture into the company’s threat landscape.
Building a strong threat hunting program as part of an organization’s cybersecurity plan requires an understanding of the threat actors, the type of information they’re after, and the techniques employed in order to get into corporate networks. “Threat hunters are not simply waiting to respond to alerts or indicators of compromise. They are actively searching for threats to prevent or minimize damage” (SANS, 2016). By gaining a higher understanding of this information, enterprises will be better equipped to combat the risks presented by IoT and develop strong risk management programs to protect their sensitive data.
To learn more about Threat Hunting and how Herjavec Group can establish a Threat Hunting practice for your organization, read our Threat Hunting blog.
Enterprise environments generate massive amounts of data and expect security analysts to sift through it to investigate each symptom. “This is not only unrealistic, but may also be counterproductive,” says Mike Kolasa, VP of Security Analysis at Herjavec Group.
Security symptoms often only tell a partial story. By adding the context of time, we uncover whether a symptomatic security alert can be deemed irrelevant or if it can be mapped to serious incident an organization faces. When you understand big data analytics in relation to time, threat detection becomes infinitely easier.
With big data analytics, enterprises can simplify the process by allowing analysts to understand behavior in order to identify outliers, which may directly trace back to a threat scenario or incident. If the analyst can leverage big data to effectively detect historical threats, they can identify future threats and find a solution.
With this in mind, Herjavec Group’s Managed Security Services practice relies on two custom-built solutions that leverage Big Data Analytics to filter out noise, and deliver relevant actionable alerts:
Herjavec Group Threat Framework: proactively identifies attacks through dynamic and evolving threat modeling applied to managed technologies.
Herjavec Group Analytics Platform: filters, then correlates, customer data and threat intelligence into actionable, relevant alerts. Alerts triggered using Herjavec Group’s Threat Framework are processed through the Platform, which automatically performs additional enrichment functions, including IP reputation look up and deduplication, prior to preparing a readable output for Herjavec Group’s security analysts to review and action accordingly.
To learn more about Herjavec Group’s use of Big Data Analytics and how your organization can benefit from logging and correlation support, review our Managed Services summary.
How will the changing governance measures affect us in 2017?
In 2017, governance will play a huge role in the global security landscape. There will be greater regulation surrounding best practices and the regulations that already exist will be enforced more stringently. Multiple agencies and industry bodies will continue to establish their own security requirements, presenting a hardship for enterprises expected to comply with many unique, yet similar, regulations. It will be imperative for executives and their security teams to pinpoint the exact relationship between security and the business. As we look forward to 2017, and beyond, it will be crucial for security priorities to meet business requirements.
Herjavec Group encourages enterprises to scrutinize third party assurances strictly. Vendors need to be able to communicate how your environment is being protected. For example, if you’re moving data to the cloud, what security measures are protecting both the cloud and the assets within it? Open communication, clear documentation, and transparent escalation paths are required to develop strong service oriented relationships with your vendors. Regular audits should be performed to evaluate how work is being conducted and sensitive data is being handled.
According to Robert Steadman, VP of Consulting Services at Herjavec Group, despite incredible advances in speed, scope, and technology, the core principals of information security have remained constant: application, infrastructure, and process. Enterprises have to consider all three aspects to ensure that the right support mechanisms are in place. It is highly critical for enterprises to implement strong cybersecurity practices to satisfy governmental and industry standards so Herjavec Group strongly advises developing a standard cadence of security audits and engaging expert security consulting services.
Security consultants will review your organization’s security architecture, preventative controls, and detective controls to understand your existing information technology control framework; identifying where you are most vulnerable to cyber threats and attacks. Herjavec Group leverages a risk-based approach, The Three Spheres of Influence review, to better understand an enterprise’s security posture and identify missing controls:
Learn more about Herjavec Group’s Security Consulting Services, including technical security assessments, security strategy assessments, and PCI Compliance here.
Are we confident in the access controls guiding our IAM practice?
Excessive employee access is one of the fastest growing unmanaged risks to the protection of critical enterprise data and information assets. The impact of cloud, mobile devices, and IT consumerization, coupled with increasingly sophisticated cyber attacks, makes the possibility of a security breach a serious threat to enterprises globally.
In the 2017 security landscape, Identity and Access Management (IAM) will remain a top priority for enterprises globally. Ketan Kapadia, VP of Herjavec Group’s Identity and Access Management practice believes, “While many organizations claim to grasp the risks presented by uncontrolled employee access, most still have not proactively developed adequate audits, policies, and procedures to detect & prevent insider threats.”
Ketan encourages security executives to ask themselves:
What identity and access control policies do we have in place today?
How do we onboard new team members?
Do we change access based on employee role changes?
How do we offboard employees?
To proactively validate access controls, it may be necessary to engage an expert IAM partner who can support your firm through:
Assessment (Process Review, Business Requirements, Strategy & Roadmap Planning)
Solution Design (Solution Architecture, Identity Lifecycle Framework, Access Governance Framework, SSO Framework, Privileged Access Framework)
Deployment (Solution Installation, Deployment, Testing & Validation, Production Migration)
IAM as a Managed Service (24x7x365 Support On/Off Premise, Operational Governance, Continuous Solution Evolution)
Identity and Access Management consultants can help transform your organization’s access requirements into an information advantage, both on-premise and in the cloud. With the right business and security processes in place, enterprises can protect their corporate data and information assets in order to safeguard their business’ reputation, legal responsibilities, and financial well-being. A proactive identity and access management practice can also support in enhancing end user experiences and improving business operations securely.
To learn more about Herjavec Group’s Advanced Identity and Access Management Practice, click here.
Ransomware is a type of malware that, upon infection of computers, restricts user access to files and often threatens the permanent deletion of data unless a ransom is paid. In fact, the FBI’s Internet Crime Complaint Center stated that over $24 million was paid to attackers in 2015. In Q1 of 2016 alone, ransomware costs rose to $209 million, leading Herjavec Group and Cybersecurity Ventures to project that ransomware costs would rise to $1 billion by year’s end.
One reason ransomware remains profitable for cybercriminals is the rise of crypto-currencies. Digital currencies allow cybercriminals to operate without the fear of retribution since payments are not easily tracked by law enforcement agencies.
Robert Herjavec, Founder and CEO of Herjavec Group, believes, “There is no effective law enforcement for financial cybercrime today. Organizations need to increase their defenses and become more resilient because there is no end state in sight for this epidemic. So long as cybercriminals can get paid, with limited risk, attacks will continue. The challenge remains that large enterprises aren’t nearly as agile as their attackers.”
The threat of ransomware is expected to steadily increase in 2017. In their 2017 report, The Next Tier: 8 Security Predictions for 2017, Trend Micro forecasted a 25% growth in the number of new ransomware families in 2017:
Fig. 3: Annual number of ransomware families, The Next Tier: 8 Security Predictions for 2017 (Trend Micro, 2016)
Herjavec Group advises against paying the ransom if an organization is infected with ransomware. While cybercriminals often demand a sum of money, even if an organization pays the ransom, they may not get their files back. As an example, Cryptolocker, a ransomware responsible for accumulating almost $3 million before it was taken down in 2014, did not decrypt files after the ransom was paid. Paying the ransom in hopes of decrypting files also emboldens cybercriminals to run more complex ransomware scams on other victims.
To combat the rise in ransomware, multiple layers of security, network, and endpoint technologies are recommended. Enterprises must balance how they detect, protect and respond to ransomware attacks.
If you would like support in combating ransomware or deciphering the complex endpoint security market, please reach out to a Herjavec Group Security Specialist to arrange an Endpoint Toolkit Session for your board or security team.
How could we benefit from a partnership with an MSSP?
As reported in Hackerpocalypse: A Cybercrime Revelation, a severe cybersecurity workforce shortage has left CISOs (Chief Information Security Officers) and corporate IT security teams shorthanded and scrambling for talent while the cyber attacks are intensifying. There were approximately one million cybersecurity job openings in 2016, and that number is expected to grow to 1.5 million by 2019.
Corporations are responding by placing some or all of their IT security into the hands of third parties. The IT security outsourcing segment recorded the fastest growth (25 percent) out of the entire cybersecurity market last year, according to Gartner. Microsoft estimates 75 percent of infrastructure will be under third-party control (i.e., cloud providers or Internet Services Providers) by 2020. MSSPs (Managed Security Service Providers) are a subset of the third-parties, and they focus exclusively on security.
Outsourcing security introduces a whole new risk for enterprises, including choosing the right third-party, which has the cyber defenders, cyber operations, and security platforms to effectively combat an increasingly hostile threatscape.
“Having a partnership with a third-party Security Operations Center (SOC) provider is beneficial to companies that have limited IT resources and lack internal security expertise,” says Melissa Zicopula, VP of Managed Security Services at Herjavec Group. “There is a constant struggle to hire security talent and most importantly, retain resources,” adds Zicopula, who was previously Executive Director of Global Security Operations for one of the world’s top gaming organizations. “Companies want to identify a provider that can manage the risks to their organization’s critical assets in an efficient fashion while aligning with industry best practices and the business’ needs. With this support, organizations can focus their resources on the real threats to the business, while still having a dedicated team of analysts monitoring alerts and detecting intrusions 24/7/365.”
“I often explain to boards that Managed Security Services is the new house alarm,” says Robert Herjavec. “The logs tell you if your house is safe. The insights SOCs can draw from data correlation will tell you if the other houses on the street are getting robbed. Security technology management keeps the system fine tuned. But the secret sauce? That’s in data enrichment. That’s where the magic happens.”
“MSSPs need to continually evolve their practices because proactive threat detection and investigation is becoming the norm,” adds Herjavec. “You can’t just block and defend anymore. The role of the Threat Hunter is key as the expectation is that cyber operators not only detect but they investigate and analyze very sophisticated and persistent threats. Enterprises want to know where the threat originated, how they should respond and what can be done to contain the incident. Today, more often than not, we’re seeing organizations turn to a third-party for these answers.”
Recognizing that security is not purely a technology issue, Herjavec Group combines technical, human and threat intelligence to enrich the information and alerts shared with our customers. We offer two streams of Managed Security Services:
Proactive Threat Detection which includes logging, correlation, and threat hunting Security Technology Management which includes certified optimization, administration, best practices, and health checks
To learn more about Herjavec Group’s Managed Security Services practice, click here.
Closing Thoughts
This summary was consolidated in order to encourage further cybersecurity-related conversations across your boards, executive teams, and security groups in 2017. The questions presented will be important to ask yourself as you adjust and enhance your organization’s cybersecurity frameworks for this year and beyond.
How can we leverage Threat Hunting to alleviate the pressures of IoT?
Are we maximizing our use of Big Data Analytics?
How will the changing governance measures affect us in 2017?
Are we confident in the access controls guiding our IAM practice?
How can we protect ourselves from the rise in ransomware?
How could we benefit from a partnership with an MSSP?
To learn more about Herjavec Group, our cybersecurity products, and service offerings, visit www.herjavecgroup.com.
For immediate media inquiries, contact Erin McLean, SVP Marketing & Communications, at EMcLean@HerjavecGroup.com or 647-826-3115.
Stay Informed.
No comments:
Post a Comment