No future for the lone ranger
Part 2 of Nicolas Drogou’s threat data analysis.
In my previous article, we shared some insights presented in the comprehensive report Security Navigator. As we monitor security devices, endpoints, cloud applications, operational technology environments, and networks for our customers worldwide, we have a continuous stream of data that passes through our 11 CyberSOCs and 17 SOCs. Gathering data and insights is an important step to a sustainable cybersecurity strategy.
Control the vulnerabilities
The threat landscape remains hyperdynamic and is perpetually evolving. A holistic approach to threat management is the only way to properly mitigate risks. Easier said than done, but if we cannot control the threat and the potential unknowns, we can certainly have more control over the knowns and the identified vulnerabilities. Let’s dive into some fairly simple aspects of this approach.
Firstly, understanding the threat landscape and where it’s heading is necessary. To do so you need access to data, expertise, and the right technology. But, in a market where cyber expertise is scarce – up to 2.9 million vacancies are open today according to non-profit ISC2, how do you do this?
This fight is not one that we can win alone. Nobody can and the meaningful way out of this is by partnering. Your suppliers, service providers, and even competitors are all in the same boat. They may not have all the answers either, but by reaching out to the right partners you become stronger with more insights, which ultimately will provide you with more insightful and rational views, support and data points to sustain your decision-making process.
Targeting weaker spots
Our research has seen a significant shift when it comes to threats relating to organizational size. Generally, most incidents indeed occur in companies with more than 10,000 employees. But what we also saw is a dramatic rise in attacks on medium-sized businesses. In 2019, we tracked 31% of all recorded incidents here, which is a significant increase from the previous 19%. At the same time, incidents in large organizations declined from 73% to 58.8%. It appears that threat actors have partly shifted their focus, now targeting medium-sized businesses with 1,000-10,000 employees much more than previously observed. If this trend continues, we likely see a surging threat development against smaller organizations, with less muscle to fight it off. This also speaks for forming alliances to build a stronger and more persistent community against the dark forces.
Waves of business-critical hits
In 2019, we saw two trends continue from the previous two years: incidents ranked as a medium gained almost 10% compared to last year. Meanwhile, incidents with low criticality nearly halved. Attacks classified as high have remained stagnant at 16.04%. From 2017 to 2018, high impact attacks tripled, so it’s a relief that that didn’t occur again. What leaves an uneasy feeling, however, is that the number of attacks deemed as business-critical, while not being dramatically high at 0.11%, has nonetheless doubled compared to 2018. This is comparable to the status of 2017.
A joint effort is a strong one
All of these facts make me feel ever-more convinced that we have to fight cybercrime, not as masses of individual organizations, but as an individual mass – together. Forming a community of trust is about sharing data, insights, and expertise. It remains equally important to empower our clients, end-users, partners, friends, and relatives to understand the benefits of sound security hygiene. The combination of these joint efforts must strongly contribute to helping businesses of all sizes combat threats and protect their key assets.