Micro Focus is now part of OpenText. Learn more >

You are here

You are here

Combating Cyber Threats with Cyber Resilience

Kev Breen Director of Cyber Threat Research, Immersive Labs
Photo by Tobias Tullius on Unsplash

The threat landscape is vast and constantly evolving, and for most security teams, overcoming the difficulties is an uphill battle. As teams' responses evolve, so do the tactics used by cybercriminalsand subsequently, security teamsto mitigate breaches and vulnerabilities. Since blue-team playbooks are only effective for the time in which they are written, teams must remain nimble and constantly shift their approaches. What they knew yesterday may not be good enough for tomorrow.

To stay on top of ever-changing risks, organizations will have to build cyber resilienceespecially as the high demand for cybersecurity talent persists and organizations continue to battle alert fatigue. This means that organizations should form strong, forward-looking cyber-resilience strategies to address future risks and stay one step ahead of cybercriminals.

As we kick off a new year, cyber resilience is about to become more important than ever before. Here's why.

Ransomware and Vulnerability-Exploit Risks Will Worsen

Ransomware is one of the most common types of cyberattack—and we can expect to see severe ransomware risks get worse this year. It is expected that total global ransomware damages will exceed $30 billion by 2023, exacerbated by hybrid and remote work, as a wide-scale transition to the cloud for streamlined data sharing and storage will uncover a host of emerging digital threats. Ransomware attacks will also continue to use double extortionfueled by an organization's willingness to pay what it takes to ensure that essential business functions are restored.

Software supply-chain attacks and other software-vulnerability exploits are also likely to increase in both frequency and severity. In particular, the 2020 SolarWinds attack piqued the interest of cybercriminals intent on replicating the approach in the hopes of vacuuming up sensitive information—including source code and access tokens.

Many more identified Common Vulnerabilities and Exposures (CVEs) had a substantial impact on organizations throughout the past year. Notably, the Spring4Shell vulnerability, which was widely abused by attackers to spread Mirai malware, affected 16% of organizations in the first four days since the vulnerability's discovery. This was especially critical since the exploit was leaked before Spring Framework developers could release patches.

Indeed, cybercriminals are getting quicker, and so are their tactics; once exploit code for a given vulnerability is made public, we often see it used against vulnerable organizations within hours, not days or weeks. Hackers have a tight network; as digital connectivity continues to expand, so will hackers' access to vulnerability insight all over the world. Accordingly, development teams need to shift left and better prioritize security at the very start when they are writing code.

At the same time, cyberattackers' tactics, techniques, and procedures (TTPs) are evolving at such a fast pace that, without regular crisis and skills exercising to complement security teams' traditional by-the-book training methods and certifications, security teams cannot build the cognitive agility and brain-muscle memory needed to react quickly when a cyberthreat occurs. The pace at which new threats emerge will quicken—and defenders will find themselves one step behind.

Get Ready, Get Resilient

As cyber risks evolve at an exponential rate, security leaders must reshape how they think about cybersecurity readiness. Traditional training methods will never stack up to combat today's cybercriminal activity, so organizations must train employees to have the skills and cognitive agility to deal with evolving cyberthreatseven if it's something they haven't faced before in reality. Continuous upskilling through real-life cyber-crisis simulations will help security teams and workforces keep pace with cybercriminals and prepare for future attacksintroducing new, complex, unfamiliar crisis scenarios that mirror the intricacies of real-world attacks.

While it's been traditionally difficult to measure cyber resilience, security teams should ensure that they aren't just checking a box as a means to prove that they're "ready." Instead, they should prove their cyber readiness with concrete data, as they compare their cyber-defense and crisis-management capabilities to industry benchmarks. Gathering and analyzing data on areas in which security teams excel and where gaps lie allows security leaders to make smarter, better, informed, and cost-effective decisions. Demonstrating proven cyber resilience will be essential for security teams to weave into their overall cybersecurity preparation strategies as we enter this new year and face the impending threat landscape.

Keep learning

Read more articles about: SecurityData Security