Cyberspace remains plagued by vague assumptions surrounding the correct methods of preventing cyber-attacks. Whilst some of these preventative measures have merit (often there is no smoke without fire), they are often exaggerated in effectiveness against determined and multi-faceted attacks.
Our 2019 CrowdStrike Global Threat Report suggests that the cyber landscape once again changed with more frequent attacks coming via alternative methods such as malware-free intrusions. In fact, the report revealed 51 percent of cyber-attacks were orchestrated via malware-free means, whereby an actor doesn't employ a malicious file or file fragment to a computer disk. These attacks are usually perpetrated by more sophisticated adversaries, particularly in EMEA and North America, and are much harder to detect. Typically, organizations will have to rely on behavioral detection and human threat hunting to intercept malware-free attacks.
Despite the growing focus on best practices and increased regulation in recent years, businesses need to take a more proactive approach to cybersecurity. Here are some of the common misconceptions of attack prevention.
Anti-virus is enough to prevent intrusion from adversaries
Anti-virus (AV) software is an important first step in protecting against foreign infiltration. However, relying on it solely is a mistake. Traditional anti-virus software can only go so far in preventing and detecting infiltration, as traditional or legacy AV deployments can only detect known or existing viruses.
With the current threat landscape evolving at such a rapid pace, it is common to see ‘zero day’ viruses completely evade detection by these solutions. While AV is a good foundation, it is insufficient against modern adversary tools like polymorphic code, that changes the appearance of code every time it runs, or crypting, which allows adversaries to reshape code till undetectable by AV. As such, signature-detection is becoming obsolete as a reactive means of cybersecurity.
The proliferation of data and devices has opened up entirely new means for infiltration, and legacy solutions are no longer suitable for preventing modern-age threats like ransomware and malware-free attacks due to the outdated model that legacy solutions usually use.
Cybersecurity is a purely technological issue
Whilst the technological aspect of preventing cyber intrusions is important, there must be a wider focus on the human aspect of preventing this as well. This is something being picked up on across the industry with, for instance, the RSA 2019 conference focused on ‘the human element’.
Today we are too quick to forget that sophisticated techniques, like malware-free and living off the land techniques, are not machine powered but done via a human threat actor. For this, we need humans to help us defend as such threat hunting is essential for identifying anomalous behavior occurring on a network before it becomes a threat.
In a wider sense, the human element is integral for ensuring that cybersecurity practice isn’t a blanket of technologies thrown at the issue but an ongoing, evolving strategy tailored to the organization at hand.
From the company at board level down to those orchestrating a company’s digital offerings it is imperative that businesses ensure that all are taking responsibility for their shared cybersecurity. Executives need to lead from the front in ensuring that cybersecurity is a core business consideration. Little lenience will be given if it is only prioritized by a compartmentalized security team. As we work from the top of an organization to the bottom, this role moves more from strategy to practical implementation.
This includes being considerate of the steps they should take to prevent intrusion, such as working via VPNs when working remotely, reducing the amount of private files accessed outside of the office infrastructure, and using mobile device management to control the devices with permissions to access secure files. Still, issues may arise if these technologies are not deployed appropriately.
Cloud is less secure than physical storage solutions
One of the most common misconceptions of cybersecurity is that cloud data is less secure for businesses than legacy infrastructure such as data centers. However, cloud servers generally provide a secure environment. Specifically for enterprise companies, cloud security is often a more appropriate option.
Enterprises require an ecosystem that is adaptable, speedy and reliable, allowing them to scale their security and data systems in-line with their ever-evolving business. Online services often provide a multi-layered approach, putting several layers of code in between an adversary and your data. Some cloud solutions also offer advantages through crowdsourcing and analyzing security data. When put in practice, this allows organizations to leverage innovative forms of this data, harnessed by artificial intelligence: certain forms of this AI can identify threats before they begin infiltration.
One of the conveniences touted by on-premise solution providers is that they aren’t contingent on connectivity like the cloud. However, this alleged-benefit also generates issues for on-prem solutions given that the patch and update processes are particularly grueling for security teams.
By contrast, large-scale cloud operations such as Azure, GCP and AWS are permanently in the cycle of being patched and improved to ensure their software is keeping to the evolving standards needed to prevent intrusions. This constant process is seamless and requires minimal, if any at all, involvement from the IT team to implement.
Outsourcing your security washes your hands of liability
Organizations have an obligation to monitor their data and endpoints. If not for their own cybersecurity considerations, then at least in order to meet compliance standards. However, these considerations do not disappear through outsourcing security.
Whether in-house or outsourced, employees need to follow some basic practices to ensure they are taking responsibility for their security. While outsourced security may help you identify gaps, it’s the responsibility of all employees to maintain a secure shared working environment. For instance, leaving unlocked devices unattended and unmonitored increases the likelihood of infiltration, and liability lies with those who acted irresponsibly.
The threat landscape expands significantly as adversaries discover new and more sophisticated ways of reaching their objectives. The cybersecurity industry has grown to match and to protect organizations. While there are rules established at the dawn of cybersecurity which are now maxims, many are outdated. As such, it is integral that organizations constantly review their practices in the context of the new tactics, techniques, and procedures (TTPs) being used by adversaries to ensure they aren’t treating past myth as modern fact.
Whilst these best practice tips are crucial to the wider understanding of security as a whole for organizations, today’s companies need to look to better-fitted security methods and processes as well in order to best reduce intrusions.
The emergence of lateral movement tactics within IT systems means that adversaries are becoming more difficult to detect and erase. There is no foolproof method to ensuring you do not experience sinister cyber activity. However, certain steps can go a long way to bettering your chances of cybersecurity success.