June 4, 2019 • The Recorded Future Team
The enterprise network of today is a complex one. As it expands and becomes increasingly manifold, so too do advanced cyber threats.
On top of today’s virulent threat environment, all IT components vary in defendability, which presents additional defense challenges. Malware continues to loom as the primary threat of concern, while phishing and ransomware remain persistent menaces as well.
These are fundamental security truths that pervade every industry, summarized in CyberEdge’s “2019 Cyberthreat Defense Report,” the sixth annual report examining key trends in cybersecurity. In this blog, we’ll walk you through research-backed insights on the security problems organizations are currently grappling with, and look at how threat intelligence can help.
Let’s start with the current security posture of most organizations. In the report, respondents were asked to evaluate their security foundation and how well it’s working. This includes whether changes are necessary and countermeasures should be added to augment existing defenses.
According to the report, “78% of survey respondents reported successful attacks last year,” but only “65.2% expect the same in 2019.”
The onslaught of cyberattacks shows no signs of slowing down. Interestingly, as can be deduced from above, 12.8% of organizations believe improvement lies ahead.
This could be for a number of reasons. First, security budgets are the highest reported in the past six years. Additionally, organizations are investing significantly in security analytics. Finally, over four in five respondents believe that machine learning and artificial intelligence technologies are enhancing the ability to detect advanced cyber threats.
They’re not wrong — threat intelligence powered by machine learning has been found to improve the existing security solutions organizations use through integrations, help them make informed decisions faster, and get faster access to relevant and actionable context.
As mentioned above, some IT components are easier to defend than others. This includes websites, physical and virtual services, and data stores. These components are static, making it easier to keep them current with patching and to detect threats that target them. Conversely, newer IT components like application containers and operational technology (OT) devices are more difficult to protect. Cyber threats targeting these components are still evolving, so there’s not much experience to draw from when it comes to establishing defenses. OT devices are often more difficult to patch because the critical functions they control can’t afford to experience much (or any) downtime, making a proactive security approach powered by threat intelligence more vital.
According to the report, for the past three straight years, “development and testing is the IT security function rated most inadequate in terms of organizational capabilities.”
Since application containers are considered the most difficult IT component to secure, it makes sense that application development and testing remains a primary challenge for security organizations. On the positive side, IT security vendors continue to innovate within development, security, and operations tools to increase automation within development and testing, including:
CyberEdge found that “the top cyber threat hunting inhibitor pertains to the challenge of implementing and/or integrating threat hunting tools and technologies.”
This could be considered an opportunity for threat hunting software vendors to offer new APIs to make integration easier, and in doing so, gain a competitive advantage. It could also be an avenue for offering consulting services along with installation and configuration.
84.2% of organizations are experiencing a shortage of qualified IT security talent. For the past two years, it’s been the most challenging to recruit IT administrators and IT security architects and engineers.
A persistent challenge to every IT security organization out there is finding and retaining talent. It’s been a primary inhibitor to fighting cyber threats for the last three years. Bringing IT admins, security architects, and engineers on board is probably most difficult simply because these positions require considerable experience and wide-ranging expertise. Here, threat intelligence again makes a significant difference by helping automate many security functions that previously required manual time and expertise.
Next, CyberEdge delved into the kinds of cyber threats and other obstacles to security that today’s organizations are most worried about. Establishing a baseline for these concerns can help determine how organizations can optimally improve cyber threat defenses, and in which areas.
Malware has been the number one cyber threat causing concern in the last five years, which is not surprising.
2018 saw some of the largest, high-profile data breaches in history. Marriott Starwood hotels, Under Armour, Google+, Panera, and Facebook were all targets, and they all share a common thread: malware.
According to CyberEdge, this year the percentage of organizations:
This is a trend that’s continuing in 2019 and causing major problems for local and state governments as well as private-sector organizations.
It’s disconcerting that the number of organizations who didn’t pay ransom, but still lost their data, has increased. Automated backup solutions are a must-have, and when used properly, an infected end-user laptop simply has to be reformatted, reimaged, and restored. There are plenty of quality automated backup solutions available in the marketplace, and it’s critical that organizations invest if they haven’t done so already.
CyberEdge found that “too much data to analyze” is the number one cyber threat defense inhibitor, and “low security awareness among employees” and “lack of skilled personnel” follow closely behind.
IT vendors and service providers who offer security analytics capabilities should take note: these solutions are well poised to help IT security organizations manage the amount of security events that impact the typical enterprise security infrastructure.
For addressing cloud security needs, CyberEdge found that:
The difficulty of recruiting new IT security talent is widely known at this point. It’s natural that the main strategy of choice for addressing cloud security needs is training existing staff.
Almost four out of five respondents felt that their organization has made improvements in vulnerability and patch management in the last year. However, this leaves 22.3% of organizations who aren’t confident as to whether progress has been made. This is a difficult position in today’s cyber threat climate.
The dire need to reduce the overall attack surface by eliminating vulnerabilities within the infrastructure cannot be overstated. It’s great to invest in cutting-edge technologies for detecting advanced threats, but it’s arguably more important to first eliminate your own infrastructure’s vulnerabilities, which renders cyber threats made to exploit them harmless. Threat intelligence provides the essential context needed to prioritize which vulnerabilities to patch first.
Defending against cyber threats is an extremely challenging undertaking — no argument there. It only takes one successful exploitation for chaos to run rampant, so security professionals have to be informed and ahead of the game at all times.
There are many facets of security that have to be addressed in order to establish a solid baseline of defense, so there’s no magic bullet. However, one way to gain significant tactical advantage is to employ a cyber threat intelligence solution that helps you to prevent or mitigate attacks.
To learn more about what your security peers are struggling with and how they perceive their security postures, download the “2019 Cyberthreat Defense Report.” For more information on how to leverage effective threat intelligence to improve your security posture, request a personalized demo.