The increasing frequency and seriousness of systems breaches have elevated the importance of actively searching for indicators of compromise. Detecting such indicators and mitigating the impact of a breach requires an organization to gain a full understanding of their network environment under “normal” conditions. Performing regular cyber threat assessments can give you the information you need to keep your system safe.
Cybersecurity market is growing.
Cyberattacks have been growing at an alarming rate. In Q3 of 2016 alone, 18 million new malware samples were captured. More than 4,000 ransomware attacks have occurred each day since 2016. In response, the cybersecurity market has been growing in leaps and bounds. In 2004, the market was worth $3.5 billion. In 2017 it’s expected to be worth more than $20 billion — potentially reaching $1 trillion by 2021.
Gaps exist between time-to-compromise and time-to-discovery.
Despite increasing investments in cybersecurity, organizations will inevitably face attacks. Often, they won’t even know they’ve been breached. That’s a problem because detecting and responding to attacks swiftly is essential to mitigating risk. According to one report, 60% of data is stolen within the first few hours. But as the 2016 Verizon Data Breach Investigations Report shows, 83% of compromises took weeks to uncover, with some companies taking as long as 200 days to detect a breach.
What are the top vulnerabilities organizations face?
The top cybersecurity vulnerabilities facing organizations today fall into three categories.
- Outdated and unpatched systems. You only have to look at the recent WannaCry and PetYa ransomware attacks to see the what happens when patches aren’t deployed as soon as they’re available.
- Insider threats. While outside attacks are much more frequent than inside attacks, employees still inadvertently cause breaches — often by falling for phishing scams. Of the 874 incidents reported to the Ponemon Institute for its 2016 Cost of Data Breach Study, 586 were caused by employee or contractor negligence.
- Daring exploits. Hackers are taking a “leave no vulnerability behind” approach, attacking vulnerabilities both old and new. According to Fortinets’s Q4 2016 Threat Landscape report, 86% of firms registered attacks that attempted to exploit vulnerabilities over a decade old.
Recognizing indicators of compromise
By establishing a baseline of your system’s and employees’ normal behavior, anomalies become more visible. There are several common red flags that businesses should look out for:
- Reduced network operating speeds or heavy network traffic from a workstation
- Antivirus and other security software that is disabled or not operating properly
- Machines restarting or shutting down without warning
- Unexpected destination IPs outside of customers and services locations
- Strange and failed entries in firewall and security logs
However, identifying known red flags isn’t enough because they constantly change and evolve. Additional steps must be taken to keep up with new threats.
Prevention as a Policy
A smart cyber threat prevention strategy starts with focusing cybersecurity on known vulnerabilities. An effective way to find them is to perform a cyber threat assessment to identify where your most valuable assets reside, weak links in your security, unsanctioned applications and network usage patterns. We offer to assess your network for free.
A partner of Fortinet, neteffect can help you make sense of the results. Our experts know how to dig deep for indicators of compromise and help secure your organization from future attacks. Contact us.