Organizations Still Falling Victim to Predictable Cyber-Attacks


Despite most cyber threats, like ransomware, being both known and predictable, many orgnaizations are still underprepared.

Experts speaking at the IRISSCON 2024 conference in Dublin noted that many incidents are indeed preventable.

Analyzing the findings from Verizon’s Data Breach Investigations Report (DBIR) 2024, Phillip Larbey, Associate Director for EMEA at Verizon, said that the vast majority of cyber incidents involve at least one of three elements – human error, social engineering and ransomware.

“Organizations should know what’s coming,” stated Larbey.

Ransomware and extortion made up 32% of attacks in the DBIR. Attackers frequently use a combination of vulnerability exploitation and stolen credentials to gain initial access and then achieve lateral movement to enter the most sensitive systems and data without detection.

Both tactics are normally preventable. Larbey highlighted DBIR figures which showed that 47% of vulnerabilities are still unremediated 60 days after discovery, while 8% are unremediated after 365 days.

Therefore, organizations must become more agile and proactive with their vulnerability management strategies.

Regarding credential theft, Larbey noted that unnecessarily high privilege levels are prevalent in organizations, which means compromised accounts makes moving around networks far easier for attackers.

“User account privileges are way beyond what users want or are even aware of,” he said.

In addition to addressing excessive privileges, it is straightforward for organizations to learn if any of their user credentials have been compromised. Larbey urged firms to use services that can provide weekly reports on whether any of their credentials have been published on the dark web.

“Getting ready is the most critical part that isn’t happening,” he commented.

Preparing for Black Swan Events

Separately, Dave Lewis, Global Advisory CISO at 1Password, and Rich Mogull, SVP Cloud Security at FireMon, explained that ‘Black Swan’ cyber events – those viewed as unforeseen – can and should in fact be planned for.

This includes widespread cyber incidents like the 2017 NotPeyta malware attack.

“You can’t predict when they’ll happen or what they’ll look like, but know they’ll happen,” said Mogull.

He advocated for incident response processes used by emergency services to ensure an effective response to unexpected cyber incidents. This involves a triage system, which recognizes what needs to be addressed as a priority to enable fast recovery.

“It’s about having a system and process to account for the unknown,” said Mogull.

There are incident response frameworks designed for real-world emergencies that are relevant to cybersecurity. This includes the US National Incident Management System (NIMS), which has clear steps and procedures in areas like communication and command and control infrastructure.



Source link