Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage Articles Three Major Cybersecurity Pain Points to Address for Improved Threat Defense

Three Major Cybersecurity Pain Points to Address for Improved Threat Defense

Leia em Português

Key Takeaways

  • Each organization needs to address existing pain points before it can improve its security posture. Problem identification is, after all, required before it can even start devising or purchasing solutions.
  • Cybersecurity threats will not disappear anytime soon. It’s more likely for them to grow in number and sophistication instead. Just as organizations strive to enhance their defenses, attackers improve their tools, tactics, and procedures (TTPs) to subvert these. Therefore, a combination of proactive and reactive defense strategies is a must.
  • The current cybersecurity skills gap isn’t expected to disappear anytime soon. Organizations without the budget to hire their own team can work with a variety of third-party providers. These include managed detection and response (MDR) service providers and managed security service providers (MSSPs). Companies can also work with software tools such as security incident and event management (SIEM) and unified threat management (UTM) systems.
  • One of the biggest problems cybersecurity professionals face is the influx of alerts. While gathering as much intelligence as possible on any given threat is ideal, they also need a way to prioritize threats, separating red from gray alerts.
  • Enhancing one’s cybersecurity posture today requires several steps and additional investments. Only with the right people, systems, and applications in place can they realize overall network protection.

Cybersecurity is one of the most critical issues that any business today needs to address. What many may not be aware of is that this requires dealing with several aspects. Three pain points in particular are worth mentioning — 1. threat volume and complexity, 2. a growing cybersecurity skills gap, and 3. the need for threat prioritization. These are the subjects of this article, including recommendations on what organizations can do to relieve them.

Pain Point #1: Increasing Volume and Complexity of Threats

The battle between organizations and cyber attackers continues to rage on. As long as threat actors can find security gaps in systems and networks to abuse and profit from, cyber attacks will continue to ensue.

Predictions from industry analysts and cybersecurity researchers all agree that business owners need to keep up with developments in the threat landscape if they wish to stay safe from both known and unknown dangers. Over time, we have come to know many of the threats that pose the most significant risks to enterprises, which include:

  • Cryptojacking: Mining for cryptocurrencies remains a worthwhile endeavor, even if BTC has recently dropped below US$8,000. Mining a single coin, however, can use as much energy as a small country consumes. That’s why cybercriminals have taken to compromising company networks for their gain. The result? An ever-increasing number of cryptojacking attacks. In the first half of 2019 alone, that amounted to 52.7 million according to a report.
  • Internet of Things (IoT) threats: As more and more employees use their own devices at work, the higher the chances of exposure their companies face. That doesn’t include the security cameras and other smart devices that organizations add to their networks to enhance their physical security and increase worker productivity. All of these can serve as additional points of entry for threat actors who are always on the lookout for security gaps to exploit. Case in point? A recent report revealed a 55% hike in the number of IoT threats from 2018.
  • Geopolitical risks: Organizations stand to lose more than just reputation damage when their networks get breached. Apart from potential loss of customers and therefore, revenue, they also face more significant penalties for failing to secure the privacy of customer and employee information amid stricter data privacy regulations. We have, for instance, seen Equifax pay at least US$650 million in data breach settlements just this year.
  • Cross-site scripting (XSS) attacks: All software and hardware will have some vulnerabilities which cannot be completely removed. This fact could stem from the practice of building programs and systems without security in mind. Being the first to market with a product may be foremost in developers’ minds, which may not leave them enough time for vulnerability tests. This lack of diligence may be causing users grief in that they are left vulnerable to hackers with a knack for finding security holes, hence the increase in exploitable zero days.
  • Mobile malware: Connectivity is a double-edged sword. The more connected devices there are in a network, the more avenues threat actors can use for their nefarious schemes. Any insufficiently secured mobile device that accesses a corporate network is a potential attack vector. Moreover, cyber attackers are well aware of that fact, thus the rising volume and sophistication of mobile malware. In 2018, the number of mobile malware attacks reportedly doubled.

Given the constant developments in the threat landscape, organizations must keep up. They need to stay abreast of the latest tools, tactics, and procedures (TTPs) employed in cyber attacks. With that knowledge, they can educate employees, thus reducing the risks that come with human error. This improvement is an excellent means to avoiding common attack vectors like phishing emails, spam, and malicious instant messages that can put their entire organization at risk.

Knowing what threat actors are up to and how they compromise networks can help enterprises beef up their security policies and guidelines to avoid the hassle that comes with succumbing to an attack.

These days, reactive protection is not enough. Companies need to stay ahead of the curve when it comes to cybersecurity, which requires the right know-how and skills. That entails obtaining the necessary resources, which brings us to the next challenge.

Pain Point #2: Lack of Security Resources

Securing a network requires skillful researchers and analysts who monitor for and dissect threats to come up with the necessary fixes. That could pose a challenge amid the currently worsening cybersecurity skills gap. A 2018–2019 survey revealed that 53% of the organizations believed they lacked cybersecurity experts. Without skilled human resources in-house, detecting and blocking threats is next to impossible. A workaround for this is outsourcing.

An organization with a relatively small security budget and pool of experts can opt for all-in-one packages such as security incident and event management (SIEM) software. This product is especially useful for organizations whose network is comprised of several disparate systems that run different applications. Of course, this may not be a bulletproof solution, as like any program, SIEM software has its limitations.

SIEM solutions and similar tools such as unified threat management (UTM) systems can benefit from additional threat intelligence sources to cross-check and vet initial findings with. Readily available data feeds and application programming interfaces (APIs) can prove handy in threat correlation — finding connections among potential threat sources, attacks, and malicious actors, for instance.

A company that doesn’t have its threat experts or IT security team, meanwhile, can opt to hire third-parties to take care of its needs. Managed detection and response (MDR) service providers who specialize in threat hunting and incident response can be considered by those who require protection against both known and unknown threats. For their day-to-day tasks, they can rely on managed security service providers (MSSPs).

Whether a company opts to create a security team or outsources to a third party, it needs to make sure that its choice matches its requirements. Most times, a combination of the right people and tools is vital. It is essential to determine if the security provider utilizes all potential sources of threat intelligence to ensure their clients’ safety. That doesn’t mean they need to bombard customers with tons of logs that would only add to their problems. Instead, they need to help their clients assess which threats need immediate attention and which can be left on the back burner.

Pain Point #3: Threat Prioritization

Whatever solution a business chooses to bolster its security posture, it may be faced with tons of threat intelligence to sift through. Hundreds of cyber attacks per minute create massive amounts of information. A risk mitigation plan must make sense of all this information.

Identifying all potential avenues that attackers may take to get into a network entails scouring through publicly available incident reports and other sources for indicators of compromise (IoCs). The more data gathered, the better. However, collecting information may result in redundancies and false positives and negatives.

Data gathered needs to be consolidated. The information must be normalized or aggregated to ensure a consistent format that any of the systems and solutions in a company’s network can use. This process also deletes redundant and inaccurate information. Cross-checks can be made across sources to eliminate inaccuracies further. Only after this step can comparisons and connections be made.

Cyber attackers use a variety of TTPs to carry out malicious activities while evading detection. However, connections can still be made if data comparisons reveal similarities in domains used, for instance. A name, an email address, an IP address, a company, or other forms of virtual identification can tie attack vectors to the actors behind the deeds. This process requires sifting through a company’s traffic logs to see if any user attempting to access its network is in its list of IoCs.

This practice takes time and may result in an overwhelming number of incidents that can’t possibly be addressed at the same time. Security teams need a way to determine which event needs prioritization and which can wait. For this, an effective correlation process can help, especially about determining the scale of a threat. Threats that are deemed the most dangerous by reports require utmost priority. Those with an insane number of attack vectors can follow, and so on. Essentially, the bigger a threat is, the higher it should be on the organization’s cybersecurity priority list.

How to Effectively Mitigate Risks Amid the Rising Number and Sophistication of Cybersecurity Challenges

To effectively mitigate the risks brought on by the three cybersecurity challenges presented above, organizations need to at least:

  • Reduce or eliminate human error: It’s a sad fact that most threats that cripple a business are enabled by employees who fall for phishing scams, click links to malicious or compromised sites, or respond to spam.

    A constant increase in phishing websites was seen in the first quarter of 2019 — from 48,663 in January to 50,983 in February and 50,983 in March. We may see the same trend in the future as the ruse continues to work against the customers of even the biggest brands.

    Business email compromise (BEC) attacks that prey on the level of trust users afford to co-workers (especially corporate head honchos) will continue to rake in billions for threat actors over time until victims stop taking the bait.

    Headlines are bound to get worse as long as employees lack security awareness. As such, organizations need to enrich every employee’s knowledge — at the very least to make sure they don’t unwarily become a cybercrime accomplice. Doing so is important to avoid putting the safety of individuals and companies at significant risk.

  • Create an incident response plan: Prevention is better than a cure, especially when it comes to cybersecurity. Organizations need to detect and contain an attack before it causes irreparable damage. They need to use tools that identify threats before these can break their defenses. One way of doing this is through amassing and correlating threat intelligence.

    Mitigation is easier said than done, however. Most companies still suffer from breaches despite all caution. In such cases, it would do businesses well to ensure that their networks are security-resilient. Resilience, in this regard, refers to an entity’s ability to return to its original state after a security attack or breach occurs.

    Measures need to be put in place to cover attack prevention, detection, containment, and remediation.

  • Encrypt data: All organizations are prime breach targets. Any company can become a victim despite all security efforts. Regardless of the circumstances tied to an incident, one thing is sure — any piece of stolen encrypted data is of no value to thieves. Data encryption is another layer of protection that companies, especially those that don’t want to end up paying exorbitant breach settlement fines, can utilize.
  • Use artificial intelligence (AI): The quickest solution to the cybersecurity skills gap is to enable one person to do the work of five with AI. The only caveat being that one person needs to become a highly skilled security expert who can quickly assess, triage, and address threats. Again, a problem.

    Organizations can’t rely on technology alone, nor can they do everything on their own. This instance is where outsourcing can be useful. Instead of adding members to their security team, they can augment their internal resources with those of the security service providers. They only need to make sure that they choose the right ones for their specialized requirements.

  • Reduce gaps in security: Patching can be a hassle but is, unfortunately, necessary if an organization is to stay safe from threats. There are ways to make the activity less tedious. Following a simple process is one way to go about this:
    • Maintain a regularly updated list of all of the applications and systems used throughout your network. You can’t protect something that’s not on your list.
    • Make sure the patches you apply on an application will not cause another (dependent software) to stop operating. The more dependencies there are among systems and applications, the tougher patching can be.
    • Enlist the help of the most knowledgeable users of systems and applications when patching. The process will be much faster and smoother if expert users are involved, as this distributes the effort and minimizes errors that can arise from lack of knowledge on how systems and applications work.
    • Risk analysis for every vulnerability allows an organization to prioritize patching for those that present more significant dangers. The bigger the risks a bug poses, the higher it should be on the vulnerability team’s to-do list.
    • Testing a patch before actual implementation reduces errors that may arise due to incompatibility. This process takes more time than applying the fix itself, so organizations need to ensure that patches won’t cause applications or systems to break when applied to avoid rework.
  • Enrich threat intelligence: Probably the most critical element of cybersecurity is knowing as much about threats as possible to ensure protection against them. You need to know what you are going up against if you are to figure out a way to address a threat. The only way an organization can do that is by enhancing its threat intelligence. Companies need to gather as much information as possible — where a threat comes from, how it gets into a network, who is behind it, and so on — before they can address it and take action.

    At the end of the day, though not all data may prove useful, it does pay to utilize all available resources to come up with the most effective security strategies to ensure overall network protection.

Surviving amid an ever-changing threat landscape requires huge investments on an organization’s part. Reactive defense is, unfortunately, no longer enough. A proactive stance toward security is more critical than ever. That requires staying abreast of cyber attack developments, investing in security (engaging third parties, if necessary), and gathering actionable threat intelligence.

About the Author

Jonathan Zhang is the founder and CEO of Threat Intelligence Platform (TIP)—a data, tool, and API provider that specializes in automated threat detection, security analysis, and threat intelligence solutions for Fortune 1000 and cybersecurity companies. TIP is part of the WhoisXML API Inc., a trusted intelligence vendor by over 50,000 clients.

Rate this Article