Today’s threat actors are constantly on the move. And COVID-19 has created even more opportunities for them, as emergency digital investments broaden the company attack surface. The FBI recorded a 300% increase in reported cybercrimes within the first month of the pandemic. It’s perhaps no surprise that over two-thirds (68%) of business leaders feel Cybersecurity risk is increasing.
Thriving darknet marketplaces offer a continually evolving source of readymade attack tools and knowledge to financially motivated cyber-criminals. Theirs may be a highly professional, commoditized industry worth over $600 billion. On the opposite side, mass remote working has exposed distracted employees, unsecured endpoints, and residential networks to a surge in threats. CyberSecurity skills shortages only increase the challenges facing CISOs.
Organizations must move quickly to spot and stop attacks as early as possible within the kill chain. But the old endpoint Cybersecurity paradigm is not any longer fit-for-purpose. We must reinvent our approach to security to remain one step before those that seek to cause us harm. The primary tread on this journey is knowing the Dos and Don’ts of cybersecurity.
DON’T believe detection alone:
In October, HP identified a large-scale TrickBot campaign using Microsoft’s “Encrypt with Password” feature. This helped malicious documents slip past network security and behavioral detection tools because the malware was only deployed if users entered the password sent within the phishing email. What can we learn from this? Some resourceful cyber criminals can often evade these detection-based tools . They don’t even need to use zero-day exploits or polymorphic malware.
Detection-based security tools also suffer from frequent false negatives and false positives. In fact, research shows that some Cybersecurity operations center (SOC) teams are receiving over 10,000 alerts per day, which they need to trawl through to seek out serious threats. This will end in alert fatigue, and ultimately, missed attacks . Once hackers have bypassed these defenses, they will move laterally to targeted systems with additional payloads dropped to steal data, mine for cryptocurrency, deploy ransomware, and more.
DON’T make users the last line of defense:
The main target of attacks is usually the endpoint, or the user responsible for it. CyberSecurity tools guard users — by blocking malware before it reaches them, or detecting malicious content when a user clicks thereon. However, as mentioned, real-time detection is way from 100% effective.
Users are still too often the last line of defense. The past year has seen a 176% increase in malicious Microsoft Office files, and COVID-19 has been a much-used and effective phishing lure to trick employees. User education can only work out to some extent. Humans will always make mistakes and, once they do, the whole organization could also get in danger.
DO build Cybersecurity from the bottom up:
It’s time to reinvent how we approach security, by building it into systems from the chip up. Meaning shifting to a protection-first model. The one that doesn’t believe in detection but instead uses sound security engineering practices like fine-grained isolation, the principle of least privilege (PoLP), and mandatory access control.
Protection-first also means micro-virtualization, where user prforms risky actions – like opening web links, downloads, and attachments within hardware-enforced micro-VMs, isolated from the remainder of the device or network. This way, it doesn’t matter if a document or website contains malware because the hacker has nowhere to travel, nothing to steal, and no way to persist. Users can return to their day job and click away confidently.
By isolating key attack vectors like browsers, email, and downloads, organizations can dramatically reduce their attack surface. The foremost common avenues to compromised endpoints become dead-ends. When threats get executed within micro-VMs,an in-depth “flight recorder” also capures the complete attack kill-chain. This provides the SOC team with rich, hi-fi threat intelligence and indicators of compromise (IOCs) which will be wont to help defend other systems.
DO rethink your approach to Cybersecurity:
Incremental innovation in security is failing to disrupt committed threat actors. We’d like to prevent placing the burden of security on end-users with a replacement, hardware-powered approach that isolates threats, ensuring they can’t infect PCs or spread through corporate networks. this is often just the beginning. It marks the start of a virtualization-powered revolution in Cybersecurity, which promises to maximize user productivity and minimize cyber risk.