Turning The Tables On Tomorrow's Threat Agent 

Uploaded on 2023-03-20 in FREE TO VIEW

Long gone are the days of every worker being a nine-to-five commuter. While some employees retain a preference of working in the office all the time, many are embracing the willingness of employers to offer flexible alternatives such as remote and hybrid models. 

Research shows that UK staff went to the office 3.8 days per week on average pre-pandemic, this having dropped to 1.4 days per week in 2022.  

While the new normal is undoubtedly improving workplace cultures and driving forward a new frontier that centres around enhancing the employee experience, in the case of security, it has had dramatic implications. No longer are staff members all accessing the internet behind a security perimeter – where applications were all controlled, and VPNs could be used on a remote basis where necessary to replicate safe sessions.  

Today, employees can readily use the internet to access corporate networks housing sensitive and personal data within key applications and SaaS platforms from a range of devices in a variety of locations. As a result, the web browser has now become the biggest attack surface and target for threat actors, many of whom are leveraging and exploiting it successfully.  

These changes in working patterns have undermined the methods that security practitioners traditionally relied upon to secure their organisations. Indeed, firms have been forced to re-evaluate their business needs and develop entirely new strategic roadmaps, leaving CISOs scrambling to find ways in which to bake in security best practices. 

Understanding Of Modern Security Requirements Is Improving 

During the past three years, the picture has thankfully become somewhat clearer.  Today, organisations typically require a consistent set of security policies for all users - be it an employee in the office, or an engineer commuting and using a cellular network. Regardless of the device they are using and app they need to use, there needs to be a clear security framework that guides universal best practice across the board.  

Unfortunately, firewalls and VPNs simply aren’t designed to deliver that. Instead, organisations are now tapping into cloud services that can effectively manage comprehensive security permissions and deliver key insights, detailing exactly who each user is, and what they can respectively access on the corporate network.  

This has become a highly intelligent process. More advanced security setups can manage privileges and assess the security posture on an ongoing basis, adapting permissions based on the type of user, location of that user, what systems they’re trying to access, and when they’re trying to access them.  

It is critical that companies adapt in this way. Not only has security become a more complex undertaking with many different moving parts, but the threat landscape has also changed dramatically. 

According to Statista’s Cybersecurity Outlook, the global cost of cybercrime was estimated to be $8.44 trillion in 2022 – over seven times the $1.16 trillion reported in 2019. Resultantly, security has fundamentally become a boardroom issue. It cannot be an afterthought. Instead, the CISO now needs to be a major part of business decision making. 

CISOs are there to add value, applying security as an integral part of the technology stack. To achieve this effectively, they must have an ongoing understanding of each new product, how customers will consume them, and the inner workings of the architecture underpinning each solution.  

Responsibility isn’t solely on the CISO, however. A culture in which security becomes a leading priority needs to be instilled throughout the organisation – every enterprise will have different models and workforce structures, and there are many roles that need to be thinking about security more actively. 

Interestingly, a Gartner study found that 88% of boards regard cybersecurity as a business risk rather than solely an IT problem. The threat of ransomware and nation-state-backed threat outfits has changed cyber perceptions, with those at the top table becoming increasingly aware of the challenges.  

Bolstering Defences In The Face Of Evasive & Complex Threats 

This growing appreciation provides CISOs with the opportunity to bridge the gap between technical professionals and the broader C-suite.  They are now enjoying greater influence over boardroom discussion to ensure best practices are instilled more readily. However, given the continual advance of new threats, this is the bare minimum that is required. 

Today, the browser is the new office. Where previously you’d have had to have gone into a conference room to have a meeting, employees are now typically spending 75% of their working days on a web browser or using web conferencing applications.  Unfortunately, as we have mentioned, threat actors are aware of this and the opportunities it presents, adapting their techniques accordingly.  

There has been a significant uptick in the use of evasive attack methods leveraged by nefarious actors, enabling them to bypass traditional security tools such as secure web gateways (SWGs), firewalls, phishing detection tools and malware analysis engines.  

Known as Highly Evasive Adaptive Threats (HEAT), these attacks are actively exploiting the web browser as the attack vector, rendering a decade or so of security investments focused on network perimeter protection almost obsolete. 

It’s a frustrating reality that has left many security departments having to completely rebuild their defences from scratch. Yet the dangers of HEAT simply cannot be ignored. Research conducted by the Menlo Labs team revealed that there had been a 224% increase in HEAT attacks in H2 2021 - a trajectory that only seems to have continued through 2022.  Menlo Security also surveyed 505 IT decision makers at firms with at least 1,000 employees across the US and UK last year found more than half (55%) of organisations encountered advanced web threats at least once a month, with one in five facing them on a weekly basis. 

There are several increasingly concerning signs.

  • Hackers now looking to overcome two factor authentication through social engineering campaigns to access corporate assets, for example. And it is clear that browser-based attacks are not just becoming more common, but more successful. Indeed, almost two thirds of the respondents (62%) to our survey had seen a device compromised by a browser-based attack in the previous 12 months alone.  
  • Further, it is also clear that some of these attacks could have been avoidable. Indeed, the survey shows that less than three in 10 organisations have advanced threat protection solutions in place on all endpoint devices used to access corporate applications and resources, while almost half (45%) had not added any new capabilities to their network security stack in the previous year.   

Embracing A Security-First Culture 

For many, there continues to be an issue around prioritisation. Given the threat landscape, security now more than ever before needs to be a forethought. Yet approaching things in such a manner is easier said than done in the case of organisations that have always made operational changes first before implementing security adaptations on top.  

It’s about embracing a security-first culture – a shift that can be accelerated via a few simple strategies.  

Specifically, CISOs should focus on building a greater consciousness of security within the workforce, enabling every worker to be more adept at spotting suspicious activities such as social engineering attempts. The good news is that a growing number of roles are coming to the realisation that they have a responsibility to practice good security hygiene. CISOs may operationalise this mentality, but it is becoming everybody’s responsibility to embrace it.  

Further, organisations should ensure security parameters extend to all endpoints capable of accessing the corporate network. This can go a long way in enabling firms to thwart any kind of threat.  Perhaps the most important realisation is that there is no quick fix when it comes to the cyber security of an organisation. Good management principles must apply, centred around hiring well, training well and executing towards a roadmap that is forward looking whilst prioritising security. 

Of course, everyone is looking for the next shiny new widget or silver bullet technology capable of keeping everyone safe, but the reality is that the strongest teams are the ones that are consistently deliberate with their intentions, taking longer to steer the ship whilst doing so in a way that’s secure and safe and executed according to the needs of the business.   

Isolating The End Point 

In the case of browser threats, a good starting point for mitigation is removing user interaction and traffic from the browsers themselves as much as possible. This might sound like an impossibility given the criticality of the browser to modern day working models, but it’s easily achieved with the right supportive solutions. 

Isolation technology can be used to isolate the end point from the Internet browser, re-writing it and then delivering it as a clean stream.   

This prevents any malicious code from ever reaching user endpoints by moving the point of execution to a disposable, cloud-based container that acts as digital air gap between the browser and corporate networks. It also reduces the number of alerts reaching the security operations centre (SOC) which can exacerbate alert fatigue – a major issue facing security professionals as they attempt to navigate the demands of the new normal. 

Addressing Security Alert Fatigue 

We’re confident that this approach will soon become the mainstream model for internet security. It’s not necessarily about eliminating proactive detection and identification. Instead, it’s about creating clean working environments while dramatically reducing the burdens on the SOC from alerts and false positives.  

Threat intelligence teams are already looking at massive amounts of data. They don’t want to have to sift through even more to find one needle in a haystack. The more customers can address alert fatigue whilst upgrading their security posture, the better. 

Nick Edwards is VP Product at Menlo Security

You Might Also Read:

Cyber Security Strategies Need To Evolve Alongside The Enterprise:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

 

« Crypto Company Loses $200m To Hackers
WhatsApp Will Not Comply With British Regulations »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

Cyber Security Research Centre - University of Cardiff

Cyber Security Research Centre - University of Cardiff

Cardiff University's Centre for Cyber Security Research is a leading UK academic research unit for cyber security analytics.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

SOC Experts

SOC Experts

SOC Experts is a pioneer (we started SOC training well before people realized how big the domain was going to be) and the only institution to provide end-to-end training on Security Operations Centers

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

OwnBackup

OwnBackup

OwnBackup proactively prevents you from losing mission-critical data and metadata with automated backups and rapid, stress-free recovery.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.

Cysmo Cyber Risk

Cysmo Cyber Risk

Cysmo is an innovative cyber risk assessment platform specifically designed for the needs of the German insurance industry.

NetDescribe

NetDescribe

NetDescribe, part of Xantaro Group, advises and supports companies in building secure and stable IT environments.