One year ago, my phone lit up with the first text alert about the NotPetya cyberattack. This attack—which occurred just a month after the devastating WannaCry worm infected computers with ransomware across 150 countries—was moving across the world at unprecedented speed.
More than 2,000 NotPetya attacks were launched, permanently wiping data from infected computers across Europe, Asia, and the Americas and causing more than $1 billion in damage in the process. But despite all that debacle, the vast majority of organizations are still woefully underprepared for the next attack.
As the event unfolded, the Check Point threat research team studied the differences between NotPetya, WannaCry, and other major global incidents. Most disturbing was the realization that NotPetya was not a "hundred-year flood." We quickly understood that NotPetya was the second signal in a row that we were at the dawn of a new, fifth generation of cyberattacks (i.e., Gen V attacks).
Gen V attacks, signified by very large data breaches, can be significantly more disruptive than previous threats, such as traditional virus attacks. Gen V attacks are also multi-vector. New attack types can hit network, endpoint, mobile, and cloud environments, sometimes as part of coordinated campaigns.
And, as with WannaCry, the NotPetya attack leveraged a series of tools, some of which were based on previous versions of baseline malware and known vulnerabilities, as well as exploit kits developed by government agencies.
Why companies are unprepared for Gen V attacks
To mark the anniversary of the NotPetya outbreak and to determine how security infrastructures have improved, Check Point conducted an industry study to gauge security and IT professionals’ opinions on Gen V attacks and their levels of preparedness to defend against them.
The results were concerning. Some three in four CISOs (77%) do not believe they are equipped to handle Gen V attacks. The study found that the biggest internal barriers to achieving higher levels of security are staffing challenges and security technologies that conflict with the business or the user experience.
Most unsettling is the finding that companies are actually less prepared than their CISOs believe. When Check Point surveyed the type of security technologies that companies deploy, it found that only 3% are using threat prevention products that can successfully keep a business from falling victim to a Gen V attack.
Nearly four in five organizations (79%) are using security software built for Gen II or Gen III attacks—despite what is clearly a Gen V-level global cyber threat environment.
To achieve the highest security level, organizations must integrate and unify security infrastructures so they operate better together, sharing threat data across all entry points in real time. This means evolving from a layered, component-contric security approach to one that is more holistic—what some call a complete security architecture.
Attacks are occurring faster and with more fury
Countries and their infrastructures are being attacked every day, as recent reports on alleged attacks on the US power grid demonstrate. At the same time, billions of dollars are being stolen or extorted in attacks on Bitcoin exchanges, ransomware attacks, and high-level corporate phishing.
Regardless of the organizations or motivations behind these attacks, critical infrastructure, personal assets, and business assets are at risk of becoming collateral damage. Countries and the global business community need to defend themselves better. The large-scale, multi-vector nature of these attacks is several generations beyond the average enterprise’s security capabilities.
You need to get the basics right. Organizations of all sizes need to:
- Deploy advanced, real-time threat prevention that stops attacks before they get a foothold on corporate networks.
- Segment networks to quarantine attacks and stop them from propagating.
- Extend the most advanced prevention technologies to all places where corporate compute, systems, and data reside, including networks, clouds, endpoints, and mobile devices.
- Collect and distribute threat intelligence to all enforcement points.
- Centralize policy and event management control across all networks and cloud environments.
Working together as a global security community
Beyond increasing investment to protect digital assets, critical factors in the fight against Gen V attacks are the needs to educate, and to remove the barriers that currently inhibit small and large businesses alike from implementing Gen V-level cyber protection. As evidence that we are at an inflection point, the World Economic Forum recently cited cyberattacks and data fraud as two of the top five global risks in terms of likelihood (the others are related to climate).
Because cyberattacks are becoming a modern weapon of choice for crippling critical infrastructure, we must work together as a global cybersecurity community to not only protect individual organizations, but also to create a shared vision around protecting cities, nations, and the citizens within them.
Without a concerted, collaborative effort, we can expect nations, communities, and our most trusted companies to continue to be woefully unprotected against the next mega cyberattack.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
