Security Navigator: arming the industry with digital insights

More than 4.5 billion people now use the internet today, spending approximately more than 100 days online out of the whole year. We rely on the internet for almost everything – grocery shopping, connecting with our colleagues, booking doctors’ appointments and much, much more. COVID-19 is also likely to have a permanent impact on our relationship with and reliance on technology. But whilst technology is quick and convenient, our digital freedom is certainly not a given. Cyber-criminals increasingly use our spaces of connection and digital progress as opportunities for harm and disruption. Anyone can be a victim on an individual or collective level. This can lead to a breach in digital trust.

At Orange Cyberdefense, we believe that the digital world can remain a trusted means of leisure, professional opportunities and services that make everyday life easier, more prosperous and fulfilling. That’s why we strive to create lines of defense and protect freedom in the digital space. Ultimately, our purpose is to build a safer, digital society. To give back some of those digital freedoms that cyber-criminals might try to take from us. That safer, digital society starts with awareness and knowledge of the potential threats that the online realm may pose.

It’s for exactly this reason that we’ve created the Security Navigator. Our first edition summarises the intelligence we gathered in the last year through our 16 CyberSOCs. This intelligence comes from our analysis of over 50 billion security events daily, the resolution of over 35,000 security incidents and more than 170 incident response missions. Our world-class experts have digested all of this unique information and presented it to you, the reader, in the Security Navigator, to the benefit of clients and the broader cybersecurity community.

What can you learn from our Security Navigator, I hear you ask?

Back in 2017, RSA Chief Executive, Art Coviello said of the security industry: “There is too much spending on the wrong things. Security strategies have been driven and sold on fear and compliance issues with spending on perceived rather than genuine threats.”

We start the report by giving the reader a realistic view of the state of the threat today, and how this threat landscape is shaped through the relationship between three primary components – structural forces, inflationary factors and the evolution of technology. In support of Coviello’s claims, which still ring true three years on, we paint a picture of the things businesses should care about, and the things they shouldn’t worry about when it comes to securing their people, systems and infrastructure.

We’ll provide a very real, first-hand picture of the security events over the past year, based on the continuous stream of data that passes through our 10 CyberSOCs and 16 SOCs. In taking a delve into this data, we reveal the total number of incidents we observed, how these were spread across vertical and organization size, their criticality, and the types of incidents more commonly detected, including malware trends.

Our pen-testing team and CSIRT teams will provide some stories and anecdotes from the front lines; how they’ve used their very special set of skills to troubleshoot and resolve customer assignments, and the crucial lessons learned from some of the scariest IT nightmares!

What was the ‘big thing’ in the last year? Where did all our data go? In the report, we’ll take a trip down memory lane, analyzing the security incidents that made headlines, where organizations went wrong with their cyber-defenses and the far-reaching implications of breaches and hacks on their victims. Despite new regulations, state-of-the-art technology and a greater understanding of cyber-risk, 2019 will forever be marked as the year in which we saw the most – and an incredible number of – data breaches. It’s clear that no organization – regardless of size or sector – is immune to the charms of cyber-criminals and, as a result, businesses face significant risk. The best will exploit the opportunity and remain resilient in rough seas. Those that don’t identify appropriate safeguards early enough will face significant and frequent disruption – with perhaps irreparable, long-lasting damage.

And we’re only just scratching the surface of what this document covers. From a critical analysis of how effective VPNs and PKIs are, to security case studies and predictions for the years to come, our aim is to provide you with meaningful insight, actionable intelligence and recommendations on how to better prepare and arm yourself in the face of growing – yet manageable – risk online.

We hope you find the content useful and don’t hesitate to get in touch for more information!