By: Ray Kafity, Vice President, Middle East, Turkey & Africa
Things are heating up in the Middle East when it comes to cyberattacks, with entire industries, including regional governments, feeling the brunt. So much so, that mainstay industries like Banking & Finance, Oil & Gas, and Retail are increasingly finding themselves in the crosshairs of cybercrime, making them the most heavily targeted sectors in the region. It has become evident that no organization, regardless of size, is off-limits. Organizations must assume they are a target – or will become one eventually. Therefore, adopting advanced tactics of defense and keeping up-to-date with technological advancements in the field is a necessity.
For the modern cybercriminal, there is no better place to hit an organization than its IT infrastructure and data assets. Cyberattackers have various motives, ranging from making a name for the attacking party, impacting the target’s ability to function, extracting sensitive information, to financial gain. It is also important to note that cyberspace mirrors real-world geopolitical, financial, and economic developments.
One of the most prevalent and effective tools in the modern cyberattacker’s arsenal is ransomware. Cybercriminals can mask links to ransomware in emails and web pages to prohibit users from accessing their systems, then demanding a payoff, usually in cryptocurrency, to recover. This evolved method of cyber exploitation has subjected organizations both large and small to significant financial losses, sometimes amounting to millions of dollars. Cyberattacks like WannaCry and Shamoon2.0 compelled organizations and their boards to provide cybersecurity an equal footing across its business functions. Crypto-mining has leveraged many of the techniques used in ransomware. However, instead of using the attack for ransom payments, the breach is instead used to take over resources and steal processing power that can be used for crypto-mining. This form of attack has soared in 2018, given the predictability of getting paid versus ransomware or other forms of extortion. One could also possibly encounter a distributed denial of service (DDoS) attack like the one witnessed in October 2016 – the Mirai Botnet. Mirai exploited insecure IoT-enabled devices, activating them to act as foot soldiers to overload targeted servers.
While external attacks continue to plague organizations, it would be a mistake to overlook the threats that employees and suppliers represent. In fact, according to the Computer Associates Report 2018, most data breaches today involve an insider in some capacity. Loss of credentials due to phishing, data theft, or even carelessness where an employee opens a spam email or unknowingly brings an infected device to work and opens a gateway for targeted attacks resulting in heavy losses. Therefore, gaining visibility into the numerous ways data can be stolen and detecting threats regardless of attack method is critical to building a resilient active defense security posture.
In the face of this rapidly evolving threat landscape, many regional organizations are still relying heavily on traditional prevention security controls that cybercriminals have repeatedly demonstrated they can circumvent. This gives organizations even more reason to pause and think about which cybersecurity controls to prioritize. According to a survey conducted by PwC, titled ‘Adjusting to the new normal,’ 77% of regional CEOs said they feared cyber threats. This fear is driving many companies to allocate resources towards effective detection solutions and implement innovative security controls, and itis where deception-based active defense solutions come into the picture.
The World Economic Forum defines “Active Defense” as a term that captures a spectrum of proactive cybersecurity measures that fall between traditional passive defense and offense. An Active Defense strategy changes the asymmetry of an attack, giving defenders the upper hand against attackers. This approach, driven by deception technology, is designed to detect a threat actor early in their activity by obfuscating the attack surface with realistic device decoys, attractive bait, and breadcrumbs for misdirecting the attack. The deception environment tricks the attacker or malware into engaging and leads them to believe they are escalating their attack when, in fact, they are wasting their time and unknowingly providing threat, adversary, and in some cases, counterintelligence to the defender. The forensic information gathered can then be applied to prevention, isolation, and threat hunting defenses to stop a live attack, collect relevant forensics, and prevent the attack from resurfacing. For a full Active Defense, the activities don’t stop at detection but provide equal value in attack analysis, forensic reporting, and automation to expedite incident response.
It’s evident that organizations need to rethink cybersecurity, and quickly. Recent breaches have demonstrated that solely implementing prevention-based security solutions is an insufficient line of defense against today’s sophisticated cyber attackers. Organizations need to invest in active defense strategies that work to detect and react to increasingly sophisticated cyber threats. It’s not a question of ‘if’ you will be attacked, but ‘when’ – and with the current developments in the region, the ‘when’ is only a matter of time.