Gartner Insights: How to Respond to the Cyberthreat Landscape
The digital transformation era has fundamentally changed how organizations operate, including how they manage information technology processes and systems. This change has been driven primarily by a desire to improve efficiency, reduce costs, and increase agility across multiple business areas. These changes are often accompanied by a shift from traditional physical environments to fully virtualized ones.
While the benefits of virtualization are well documented, the adoption of virtualization leads to the creation of highly vulnerable network architecture, especially when combined with public cloud resources.
The risk of cyberattacks is increasing across industries, impacting every aspect of modern life. This includes everything from financial institutions to healthcare providers, manufacturing companies to retail stores, government agencies to educational institutions, energy utilities to transportation systems, telecommunications carriers to media outlets, and many others.
Gartner Cybersecurity Research
In fact, according to Gartner, nearly 90% of large enterprises now face some form of cyberattack each month. And among those attacks, 40% are considered high severity. In addition, there are over 3,200 known malware families, ranging from simple viruses to sophisticated targeted attacks.
Gartner found that most organizations understand the importance of addressing cybercrime, but only some know how to do it properly. They believe cybersecurity must address technology and people issues, but they don’t fully realize how much of a challenge this truly is.
Gartner’s research found that the current cybersecurity approach is failing, and a shift is needed.
The research recommends that organizations take a holistic view of the problem and ensure proper alignment of security to top emerging threats by:
• Gaining a clear picture of the current state of play: What are the biggest threats facing companies today? Where do they lie within the context of the overall threat landscape? And can you identify the threats?
• Understanding where the most significant risk lies: Which areas pose the greatest threat to businesses today? And why?
• Implementing effective strategies for mitigating threats: What are effective ways to address the most significant threats? For example, what types of technologies can help protect against data breaches? And how do you protect against insider threats? Or secure cloud environments?
Post-Covid Era Cybersecurity
Even though we’re now past the COVID-19 crisis, there were many disruptions in the cybersecurity industry. Many large companies continue to focus on remote work, causing cloud-based operations to increase and expanding 5G networks connected devices at faster speeds and greater bandwidths. Cryptocurrencies exploded in popularity and are now bought, sold, and traded by individuals on a grander scale than ever before.
Many organizations need more visibility into the full extent of the risks across their growing attack surface, making it challenging to identify and address vulnerabilities effectively.
In addition, the rapid pace of innovation and sophistication in attacks makes it increasingly challenging for organizations to keep up with new threats. Organizations must ensure they have the right solutions, like a threat intelligence management or extended detection and response (XDR) platform, to defend against cyberattacks proactively.
Cyber Attacks and Attackers are Evolving
The stereotypical hacker working alone is no longer the main threat. Today’s attackers are more methodological and work within larger teams of individuals, often organized into hacking collectives known as advanced persistent threats (APTs). These groups are typically comprised of highly skilled professionals who spend months planning and executing complex attacks against specific targets. They employ multiple security measures to avoid detection and maintain operational secrecy. In addition to traditional hacking techniques like social engineering, spear phishing, and brute force password cracking, APT actors rely heavily on automated tools, including artificial intelligence, machine learning, and automation, to carry out their attacks.
Over the next few years, attackers will be able to accelerate the end-to-end attack lifecycle, from reconnaissance through exploitation, from weeks to days or even hours, due to technological advances.
For example, Emotet, an advanced banking malware that uses social engineering tactics to steal credentials, can change the nature and scale of its attacks based on what it learns about its target environment, making it difficult to detect and stop.
Increased Cyber Risk Regulation
The number of global regulatory bodies overseeing cyber risk is expanding rapidly. In addition to the European Union’s General Data Protection Regulation (GDPR), there are now additional regional laws such as the California Consumer Privacy Act (CCPA), the Australian Privacy Principles (APPs), and the Canadian Personal Information Protection and Electronic Documents Act (CIPPEDA).
In parallel, the complexity of digital transformation continues to evolve, creating challenges for businesses across industries. For example, while most enterprises have adopted cloud computing, only some have fully embraced big data and analytics. This leaves many firms needing to prepare for the next wave of digital disruption.
The combination of increased regulation and technological change creates significant challenges for companies seeking to protect sensitive information and maintain control over it.
Technology Advancements
With the advent of artificial intelligence (AI), it seems that many of today’s most pressing cybersecurity challenges are being met head-on by technology. The threat landscape continues to evolve rapidly, from the rise of botnets to the proliferation of zero-day exploits. This evolution presents significant opportunities for businesses seeking to automate manual tasks and free up human expertise to tackle higher-level problems.
But while some organizations are leveraging automation to address low-hanging fruit, others need help to adapt to the ever-changing nature of modern threats, adopting a risk-based approach toward automation. Organizations can leverage existing technologies to better manage the risks associated with particular attacks by taking a risk-centric view of automation.
Understanding Tactics, Techniques, and Procedures (TTPs)
The key to success lies in understanding how attackers operate. Understanding why attackers behave the way they do helps you identify the risks associated with their actions and what mitigation measures need to be taken to reduce the likelihood of successful attacks.
I’ve written about how the MITRE ATT&CK Framework helps analysts understand how attackers operate to identify potential weaknesses and take appropriate measures to strengthen them.
ATT&CK helps analysts understand both the techniques and the ways attackers use them. If an attacker has successfully pivoted from one target to another by stealing credentials, you need to know why they did so. Because they don’t have the tools to exploit an application’s remote-executable vulnerability, or do they prefer to leverage credentials over exploits because it gives them greater flexibility and stealthiness?
Once you understand the tactics attackers use, you can develop a strategy for mitigating risks posed by specific attacks. You could also invest in a threat intelligence management solution with automation and AI capable of analyzing massive amounts of data to identify emerging trends, like Anomali ThreatStream.
Automating routine tasks frees up critical resources for tackling more complex issues. And by understanding TTPs, you reduce the likelihood that an attacker will succeed in compromising sensitive information.
Preparing for the Next Cyber Attack Wave
Many organizations continue to think that cybersecurity risk is just about technology; it’s not. Many organizations still see themselves as isolated islands, disconnected from the rest of the world.
The evolution of threats has changed the cyber threat landscape. Today, attackers no longer just target individuals or organizations—they go straight for the heart of the enterprise, where data resides, and attack the systems that process and store information.
Gartner recommends that companies align their security strategies with the changing threat landscape. This means understanding the most likely future threats, developing a plan to address those threats, and building a resilient infrastructure that can withstand attacks.
Download Gartner’s report, “How to Respond to the 2022 Cyberspace Landscape,” to gain insights on preparing for the next wave of cyberattacks.