To better combat cyberattacks, prevention is better than detection, says Check Point Software.
As the world grappled with the coronavirus pandemic last year, ransomware and other forms of cyberattack shifted into high gear. Savvy cybercriminals knew just which vulnerabilities to exploit to carry out their attacks. In the face of looming cyberthreats, a report released Wednesday by cyber threat intelligence provider Check Point Research provides tips on how to better protect your organization from a potential cyberattack.
SEE: Incident response policy (TechRepublic Premium)
For its “2021 Cyber Security Report,” Check Point looked at some of the major cyber incidents that occurred in 2020, from ransomware attacks against healthcare facilities to data breaches of large companies to the SolarWinds-related exploit and attack. Some of these attack vectors increasingly employed newer and more nefarious tactics.
Ransomware attackers, for example, shifted toward a double-extortion strategy. Looking at the third quarter of 2020, almost half of all ransomware attacks not only encrypted sensitive data but threatened to release it publicly should the ransom not be paid. At the same time, the average ransom demand hit $233,817, up 30% from the second quarter.
“Ransomware attacks have ramped up again in 2020, with the double-extortion technique putting more pressure on organizations to give in to the hackers’ demands,” Maya Horowitz, director of Check Point’s Threat Intelligence & Research, said in the report. “To avoid being a ransomware victim, organizations must adopt a strategy of threat prevention and not rely on detection or remediation alone. They should deploy dedicated anti-ransomware solutions, virtually patch relevant vulnerabilities such as RDP, and educate employees about the risks of malicious emails that can carry the malicious payload.”
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
Amid ransomware and other types of attack, poor cyber hygiene habits have put organizations at risk, especially as IT staff and remote employees struggled to quickly adapt to a work-from-home environment. Among 46% of organizations, at least one employee downloaded a malicious mobile app that threatened their networks and data.
“As we rely more on our mobile devices to stay connected and manage our lives, attackers are increasingly targeting them via sophisticated malware, malicious apps, and trying to exploit vulnerabilities,” said Isaac Dvir, director of Check Point’s Mobile Solutions, in the report. “Enterprises need to adopt mobile security that can seamlessly protect unmanaged devices from these advanced cyber threats, and users should be careful to use only apps from official app stores to minimize their risk.”
Further, the average time that organizations took to identify and contain a data breach was 280 days, according to Check Point. At the same time, the average cost of a breach in terms of losses and remediation was almost $4 million.
SEE: Security threats on the horizon: What IT pro’s need to know (free PDF) (TechRepublic)
To help your organization better prepare for and protect itself against that next cyberattack, here are five tips from Check Point:
- Establish real-time prevention. Attacks from unknown threats pose critical risks to businesses, and they’re also the hardest to prevent. That’s why many businesses resort to detection-only protection. Some rely on event monitoring and threat hunting by Security Operations Center (SOC) teams to detect them after breaching their systems. But this is a far less effective strategy. The strategic imperative for organizations is to prevent cyber attacks before they breach enterprise systems.
- Secure your everything. The new normal introduced during the response to COVID-19 requires that you revisit and check the security level and relevance of all your network’s infrastructures and processes, as well as the compliance of connected mobile and endpoint devices, and your growing Internet of Things device estate. The increased use of the cloud also demands an increased level of security, especially in technologies that secure workloads, containers, and serverless applications on multicloud and hybrid cloud environments.
- Consolidate your infrastructure for better visibility. Dramatic changes in your company’s infrastructure give you an opportunity to assess your security. Are you really getting what you need? Is your security actually protecting the right things? Are there areas you’ve overlooked? Through consolidation, you’ll gain better visibility across your network resources. You can achieve this type of effort by reducing your product solutions and vendors, and your overall costs.
- Implement absolute zero trust security. Across the industry, security professionals are shifting to a zero trust security mindset. No device, user, workload, or system should be trusted by default, neither inside nor outside the security perimeter. But rebuilding your security around a zero trust approach often leads to complexities along with security gaps. The goal is to base your zero trust security on a cyber security architecture that consolidates a wide range of security functions. As you redesign your security, keep in mind the seven principals of the extended zero trust security model: Zero trust networks, workloads, people, data, devices, visibility and analytics, automation and orchestration.
- Keep your threat intelligence up to date. Threat intelligence combines information from multiple sources, providing more effective protection for your network. To prevent zero-day attacks, organizations first need incisive, real-time threat intelligence that provides up-to-the-minute information on the newest attack vectors and hacking techniques. Threat intelligence must cover all attack surfaces including cloud, mobile, network, endpoint, and IoT. Further, you need comprehensive intelligence to proactively stop threats, effectively manage security services to monitor your network, and have a dedicated incident response to quickly respond to and resolve attacks.