The new Verizon DBIR reports on current security threats. We looked into what you can do to help protect your assets and improve your security posture
The year 2020 will go down in history as the age of the modern pandemic, remote work arrangements, social distancing, and, it appears – increased severity of cyberattacks. According to this year’s Verizon Data Breach Investigations Report (DBIR) – a comprehensive annual analysis of cybersecurity incidents and data breaches – attackers are becoming increasingly efficient and more motivated by financial gain. It has been revealed that they are employing ‘hacking’ methods over malware and other low-impact techniques, and look to uncover and exploit even the smallest vulnerabilities in enterprise security systems.
At 119 pages, the full report, which has been referred to as the “breach bible” for the security industry, is not a quick read. But this year’s edition is the most extensive one to date, analyzing a record total of 157,525 incidents across 16 verticals, of which 3,950 were confirmed data breaches. As with previous years’ editions, the Verizon report doesn’t offer specific advice or guidance on how to address these emerging threats – it presents you with the data, including specific industry and regional analysis, leaving you to draw your own conclusions and come up with strategies that suit your specific business needs. We’d like to share our take on what these findings mean to the cybersecurity community, and offer suggestions on how organizations can strengthen their security posture while still saving costs in these ‘uncertain times’.
No industry is immune to cyberattacks.
This year, the report adds several new verticals to its breach analysis, highlighting the fact that organizations across every industry are being targeted through a variety of methods. Web applications are a common target, which largely follows the trend across industries of moving business to a web-focused infrastructure. And as the infrastructure changes, the adversaries’ tactics change along with it to take the easiest path to data. The Web Applications attack pattern is composed of two main action varieties: the use of stolen credentials and the exploitation of various vulnerabilities within the web app infrastructure.
The pandemic creates the perfect playground for hackers.
For cybercriminals, the current situation is a dream come true. One: around the world, many employees are suddenly working remotely, connecting to corporate networks from home using unapproved, unsecured devices through relaxed access policies. Two: Organizations, especially government agencies and healthcare providers, are much more willing to meet hackers’ demands for ransom because they can’t afford to be disconnected from their systems even for a short period of time while managing a global health crisis and/or providing critical care for their patients. Three: companies are generally reluctant to spend money on anything, including additional security measures, fearing prolonged global economic slump. Not surprisingly, the report finds that there’s an increased number of offerings of cybercrime “as a service” and a growing level of interest in learning hacking skills. After all, it’s all about financial reward, and cybercrime during a pandemic is proving to be a very lucrative business.
Digital transformation has sparked a need for security infrastructure automation.
With so many internet-facing assets, it is impossible to adequately protect each endpoint using manual processes. Without complete visibility into their security infrastructure, organizations can’t safeguard their systems against hackers’ relentless search for vulnerabilities like expired TLS/SSL certificates.
And while it may take some time for the economy to return to pre-pandemic levels, the time to invest in automation is now. In times like these, organizations need to think both in terms of current business continuity and long-term growth. Automation can help create a framework of management and control for endpoint security, provide workflow-based self-service capabilities to application, network, and security engineers, even if they are unable to physically get to the office, and deliver compliance and scalability to support future growth.
Investing in tools to identify and contain threats can help protect enterprise assets and cut down on the time it takes IT teams to investigate and remediate security issues. But real savings lie in automating security processes, like certificate lifecycle management. With the help of policy-backed low-code automation that fits into everyday operations, business processes and workflows, organizations can proactively identify vulnerabilities before they can be exploited by bad actors. Event-driven automation can also be configured to execute specific threat resolution workflows, accelerating teams’ response to threats and minimizing any potential downtime.
Sure, a pandemic can be a lucrative time for cybercriminals, but it can also prompt organizations to reconsider their security policies and tools. Investing in a highly robust, cloud-compatible SOAR and SIEM platform today, would go a long way in delivering cost-savings through automatic triaging and auto-remediation of cyber exploits, which in turn would help decrease operational and personnel costs, reduce the number of false positives, and ultimately improve the organizations’ security posture. Today’s companies don’t have to choose between investing in security and cutting costs – doing both can help them survive the current crisis and emerge from it better equipped for the future.
If you think you can benefit by automating your PKI tasks or network management activities, drop by our website to learn how AppViewX makes that possible. We’d also be more than happy to get on a 30-minute call with you to analyze your needs and tell you exactly what AppViewX can do for you – set up a session with one of our experts today.