Organizations are focused on strengthening their resilience against digital threats. This is especially critical now as we see more and more attacks happening during the COVID-19 pandemic. One can read the news on a daily basis to see how these attacks have been on the rise.
Released earlier this year, the 2020 IBM X-Force Threat Intelligence Index provides ample cause for why vigilance of data protection is important. Below are three trends in particular that stand out from IBM’s report. They are worth considering when evaluating today’s data security environment:
- In 2019, the number of breached records jumped to a total of more than 8.5 billion. This figure was more than triple the number of records that malicious actors compromised in 2018. Part of the reason for this growth was a tenfold increase in the number of records exposed in misconfiguration incidents. (These events were behind 86% of the records compromised in 2019 by malicious actors.) This increase occurred despite a 14% decrease in the number of actual misconfiguration events in 2019, indicating that each misconfiguration incident exposed more records than they did a year earlier.
- IBM X-Force tracked multiple Mirai campaigns in 2019. Unlike previous operations that targeted consumer devices, those attacks set their sights on enterprise hardware in order to establish a foothold in corporate networks. Researchers also observed that weak or default passwords laid the groundwork for malicious actors to target IoT devices with command injection (CMDi) attacks for the purpose of downloading malicious payloads.
- Phishing attacks constituted the most frequently used attack vector (31%) for initial access attempts in 2019. This marked a decrease for phishing, as this tactic was behind more than half of initial access attempts in 2018. Instead of phishing, digital attackers made the decision in 2019 to scan targeted environments for vulnerabilities and to exploit stolen credentials at 30% and 29% of initial access attempts, respectively.
Defending Against Digital Threats
Organizations cannot take the trends discussed above lightly. They require strong resilience against digital threats. The question is: what’s the best way to go about doing this?
At Thales, we’ve taken a look at this in depth, and the research in our 2020 Thales Data Threat Report-Global Edition and 2020 Access Management Index (European and Middle East and US and Brazil Editions) shed light on vulnerabilities that are of special importance to organizations’ ongoing data security. Based on this body of research, we feel strongly that companies need to take a multi-layered approach to data protection by adopting a zero trust model that authenticates and validates users and devices accessing applications and networks.
Fortunately, IBM’s report provides some guidance in this regard, too. Here are some of the best practices the report recommends businesses follow over the course of 2020:
Make Use of Threat Intelligence
Threat intelligence helps organizations to deepen their understanding of what threat actors are after and what types of attack techniques they’re using to get what they want. This information is important to any organizations’ digital security defenses. It helps companies prioritize defenses according to their individual digital security needs. This provides the ability to stay on top of new and evolving threats and minimizes the response time (and cost) in the event of an incident.
Thales recognizes the importance of threat intelligence to each of our customers. As a result, we provide customers with the most up-to-date information about what attackers are doing through our Cyber Security Operations Centre (CSOC), which offers a proactive and threat intelligence-driven approach to security ops that can assess in real time the threat and actively look for problems, non-compliance, misconfigurations, vulnerabilities, attempted attacks and signs of hostile intent.
Build, Maintain and Test an Incident Response Plan
It’s important to have a plan in place in the event organizations experience a data security incident. Waiting until an actual attack occurs is too late. A formal strategy for addressing security events as well as tabletop exercises and other simulations will help organizations coordinate resources more effectively and improve the speed with which they can respond to data security issues. Doing so will help an organization avoid unnecessary recovery costs.
Thales takes the first 48 hours after the discovery of an incident seriously. That’s why we use responders and digital security experts as part of our Critical 48 service to work with customers to identify a potential security event as soon as possible. If a customer has, in fact, experienced an attack, this team of professionals manages the incident through the entire recovery process, and works with the organization to implement meaningful security measures afterward in order to minimize the possibility of similar events occurring in the future.
Implement Multi-Factor Authentication
Last but not least, organizations can beef up their access controls by implementing multi-factor authentication (MFA). As IBM’s report reveals, malicious actors are resorting to stolen credentials or phishing attacks in more than half of initial access attempts. They could then be exploiting weak authentication measures on additional business assets to move laterally through a targeted organization’s network.
MFA can prevent an attack from taking hold and spreading throughout a company’s network. Thales recognizes this fact. That’s why our authentication-as-a-service (AaaS) helps organizations deploy strong authentication measures across multiple access points and manage access to critical data and applications wherever they are located.
The Beginning of Digital Resilience
Threat intelligence, a well-tested incident response plan and MFA are crucial elements to any organization’s digital security posture. But they are not the only elements that help cultivate resilience against digital threats. They are just the beginning.