The industry produces new tools, techniques, and frameworks to protect against cyberattacks every year. Organizations have raised their cybersecurity budgets practically every year for the last two decades. Still, the number of reported incidents and breaches each year is still rising.
And that's not all. The Mean Time To Identify and Contain (MTTI/MTTC) breaches is still not going down. We've been harping on this for years—but it never improves. Since 2017, MTTI has risen from 191 to 204 days... and MTTC has risen from 66 to 73 days. On average, that means it now takes 277 days after a breach occurs for an organization to identify and contain it.
How is the Industry Going Backward?
First, we have to acknowledge once again that cybercriminals are relentless about improving and adapting their tactics. Effort is required on the part of security teams just to keep things “as is.”
But the truth is most security incidents and breaches aren’t caused by a lack of expensive tools. They are made because a cybercriminal identified a simple weakness and exploited it. It could be poor governance around manual payments that allows a BEC scam to succeed—or it could be an insecurely configured server that was trivial for a cybercriminal to access.
Our point is simple. Many organizations are overspending on fancy tools and services while neglecting the basic requirements of a strong cybersecurity program. Why? While simple and intuitive, the basics are tough to enforce consistently across large, complex environments.
Nonetheless, the risk of serious incidents and breaches remains high until an organization has established the necessary processes and controls to enforce basic cybersecurity hygiene.
Get the Basics Right
Protecting against cyberattacks requires a thorough foundation in cybersecurity basics, including:
- Understand your attack surface. It may be obvious, but where your organization is exposed to the Internet is also where it is exposed to attack. This is why it’s so important to deeply understand your attack surface—something many organizations still struggle with.
- Don’t overcomplicate your technology stack. Overly complicated security stacks don’t just waste resources. They harm outcomes. Aim to weed redundancies out of your stack and simplify the technical experience for security personnel.
- Take the shortest path to prevent threats. Take a leaf from the cybercriminal manual and look for the easiest way to achieve your objective. Before spending on tools and services, look for the simplest ways to defang high-risk threats. For example, disabling PowerShell and RDP on user devices prevents a high proportion of ransomware variants from firing.
- Least privilege access. No user or service should be able to access data, resources, or services that aren’t required for their role or function. This requires strict enforcement of the least privilege access model and a streamlined process to request and grant additional privileges where needed.
- Enforce secure configuration. Misconfigured digital assets—including devices, software, servers, cloud storage, and more—are a leading cause of vulnerability. As a baseline, ensure assets are configured in line with a best practice standard such as CIS Benchmarks or DISA STIGs. Do not allow changes from this baseline without a formal change review.
- Vet your supply chain rigorously. Supply chain attacks are only going to become more common over the next few years. Having a rigorous vetting process for new and existing vendors and partners is essential to avoid the excessive risk posed by associating with organizations that have poor security posture.
- Use governance where technical controls are impractical or ineffective. Governance should prevent users from taking undesirable actions, for example, sending money in response to a BEX or pretexting scam. By forcing employees to complete additional checks, controls, or sign-offs, these scams can usually be prevented without any additional security spending.
Strive for Integrity
The ultimate goal of an effective cybersecurity program is to ensure integrity in an IT environment.
Integrity is the accuracy and completeness of data throughout its life cycle. That means no matter what service, device, or user accesses, stores, processes, transmits, or receives data, it remains accurate and complete. To have integrity, you must protect all data, including those held in configuration files, network devices, endpoints, directory services, cloud instances, and more.
For this to be possible, four things are needed:
- An authoritative baseline of what data should look like.
- A way to identify and protect data from unauthorized change.
- A way to roll back unauthorized changes not blocked at the source.
- A way to verify that controls 1 – 3 are in place and working correctly.
Put simply, integrity is understanding what is supposed to exist and happen in your environment so you can prevent everything else. What happens if you know every time something changes, you stop anything that isn’t authorized… and you expand this capability across all asset classes?
- Ransomware and other malware can’t run in the environment.
- Attackers can’t traverse the network or exfiltrate data.
- Nobody can add, modify, or delete files or configurations to introduce risks or vulnerabilities.
- Users can’t accidentally run malicious attachments.
- Nobody (even privileged administrators) can alter critical system files.
- Even complex threats involving trusted entities are alleviated because unauthorized changes that create risk are blocked or rolled back.
This approach takes away a massive proportion of the risk associated with cyberattacks with minimal human involvement.
Get the Full Cybercrime Story
In our latest report, we provide a detailed analysis of the year’s top evolving cyber threats—without unnecessary fluff. The findings implore the critical need for robust cybersecurity measures and how cybersecurity professionals combat the ever-evolving threats.
Discover:
- The 4 primary monetization strategies driving cybercriminal behavior
- The rise of BEC scams, ransomware, and supply chain attacks
- The growing role of AI in enhancing social engineering
- Industry analyses and predictions from renowned cybersecurity veterans
Don’t miss out on this essential guide to staying ahead of evolving threats. Download the report!
