The cybersecurity territory has changed substantially in just a few years.
The realities of cyber crime in 2021 are vastly different than in 2018 – and they are generating a whole new approach to effective cybersecurity. We see 6 key adaptive responses emerging in response to the digital ecosystem shifts of the recent years.
They’re fundamental shifts in viewpoints that many businesses today may have missed in through the disruption of global pandemics. The smartest, most intelligent cybersecurity solutions are driven by the new cybercrime threats.
Cybercrime is massively organised
Once upon a time, cyber crime was like graffiti – individuals and small gangs set out to do what harm they could in locations they could reach.
Today cybercrime is massively organised on an industrial scale. After all, cybercrime is a whole lot less risky than drugs – and its profit potential is massively bigger – because it offers multiple income streams AND anyone using a computer is a target.
It’s become a growth opportunity for organised crime.
Today there are wholesalers, retailers and a mass market for them to attack. Specialist developers continuously improve their attack tools, then licence them to malicious organisations that specialise in the persuasion strategies that get people clicking links that let them past your defences.
Today Ransomware as a Service (RaaS) is so big that the top developers conduct exhaustive interviews to get the best talent.
Successful attack strategies are repeated again and again at target after target across whole sectors – and the developers continuously refine their attacks, then repeat them.
Cybercriminals leverage multiple market opportunities
The ransom element of an attack is just one income stream for cybercriminals – and often the least value. They fully understand the value of different data in different markets – including selling contact data to scammers and IP to industrial espionage.
The “dwell time” that cybercriminals spend inside a network BEFORE they hit the “ransom” button can be anything from 44 to 88 days. During that time they explore laterally for everything of value inside your systems as well as up and down your supply chain. It’s only after everything of value is identified and all their locks are in place that they activate the final strike.
Regardless of whether the ransom demands are paid, repeat attacks happen 80% of the time – a known target is easier to hit again than a new target.
Cybersecurity has historically come last in IT budgets
Most IT budgets have a line item for cybersecurity defence – but it comes AFTER the strategic and operational priorities of productivity and innovation.
Limited funding means that many organisations – both in business and the care and community sector – cannot afford to run a Security Operations Centre (SOC) staffed by experts and the associated tools they need to do their job correctly.
Cybersecurity has primarily focussed on boundary defence
The focus has been on reactive approaches of boundary protection and recovery. Keeping perpetrators out, with a fallback of restoring from backup if they do somehow get in. (And – like COVID – they do get in.)
Typical investments in response to security breaches are still reactive and dated. They include:
- The first one is security training awareness.
- The second is establishing a Security Operations Centre (SOC).
- The third is installing Endpoint Detection Response on devices in the network.
- Fourth is backups and recovery.
- Fifth is enhanced email scanning.
However, while these approaches are vital security foundations, they are also a decade old. While they are necessary cybersecurity foundations, they no longer offer sufficient protection in 2021.
They’re extremely well understood by cyber criminals. Endpoint Detection and Response is such a well-known process that hackers now test their software against tools and develop ways to bypass them.
Security Awareness Training is often inadequate as statistics show that 20 out of 50 IT Professionals with Global Administrative Privileges fail to detect a phishing attempt specifically designed to target them.
Distributed work and outsourcing have multiplied vulnerabilities
In recent decades, outsourcing has been an increasing trend, whether it’s government outsourcing care obligations (such as the NDIS), corporations outsourcing IT operations, or small businesses outsourcing bookkeeping.
More private and confidential personal and operational information is spread around more distributed and public networks in more small, resource-limited organisations than ever before.
This distribution was pushed even further by a pandemic response where many more people are working from home across public networks. While this necessity has created more flexibility, it has also created a whole new level of operational risk.
Companies are increasingly being held accountable
Expectations today from consumers, customers and suppliers are changing. The scale of cybercrime is such that they’re no longer sympathetic to big disruption and shutdowns.
Cybersecurity is no longer just a technical matter that can be managed within your IT team – it’s becoming a major operational risk (and responsibility).
For instance, as a consequence of the Colonial Pipeline attack, the major investors are facing a class action for the financial harm done by their response to the attack.
This means “We’ll react to it if it happens” is not an adequate strategy for the long term.
The past year’s global news confirms this
Ransomware attacks aren’t just occasional news items on the IT page anymore – they’ve become an oft-repeated global news story. In recent months, attacks have been made on:
● Meat processors in Australia, Canada and the US – disrupting national food supply chains.
● The Colonial oil pipeline serving the east coast of the USA – causing fuel shortages, fuel price spikes and substantial business disruption.
● The Waikato District Health Board – which was shut down for 3 weeks and ended up rebuilding their systems because they couldn’t recover them.
No one is “too small”
It’s not just commercial organisations under threat. Young people and their schools are targets for criminal exploitation. The care and community sector is under attack for their rich stores of personal information and their growing interconnections with government systems.
In one example from April 2021, a cyber security attack was made on UnitingCare information systems in Queensland, responsible for hospitals, aged care and LifeLine services in Queensland.
Not only did their users have to “revert to paper systems”, they could not say definitively whether the personal data they held on their clients had been compromised.
Even if you’re small, you’re a target. Cyber criminals want your data – your bank details, your contacts, your intellectual property. They want anything they can sell on the DarkNet – to anyone for any purpose.
It could be mental health case details that leave a patient vulnerable to blackmail. It could be address details for a victim of domestic violence that their abuser will pay to get. It could be service organisations who access bigger systems with more data and more money. It could be information identifying potential abuse victims to predators.
Cybersecurity is evolving
There are several fundamental shifts happening in cyber security strategies and solutions in response to the rapidly changing digital ecosystem.
They’re about more than stronger defences and smarter recovery – they’re changes in the mindsets underpinning effective cybersecurity.
They’re proactive and collaborative.
6 fundamental shifts in cybersecurity for 2021
In response to these current century challenges, cybersecurity is evolving. There are fundamentally new trends and approaches to staying safe online.
Trend 1 – internal behavioural threat monitoring
It’s not enough to build strong walls – using firewalls and endpoint detection – and assume that you’re safe. Determined infiltrators have too many ways in. It just takes one click on one link by one distracted individual and your perimeter has been breached.
Once they’re in, they will spend substantial time INSIDE your network analysing everything of value.
The challenge is to detect criminals in their lateral movement across your network – early – before they finish their excavations and hit you with their final ransomware attack.
Leading edge cybersecurity approaches use AI to analyse network activity, identify suspect behaviour in close to real time. This minimises their “dwell time” – the amount of time between when they get in and when you find them (BEFORE they hit you with a ransomware attack).
Trend 2 – collaborative networks for cyber defence
Cybercriminals target whole supply chains and their networks, often starting with smaller players. They run bulk campaigns using similar attack strategies on whole sectors.
If they can get inside a small not-for-profit, that can give them access higher up the chain to bigger targets (as well as a side dividend in personal data).
Leading approaches to cybersecurity today support collective protection of a network of businesses or organisations.
We know attacks are repeated and hence more detectable – so a collective approach makes a whole lot of sense. It’s just not feasible – or fair – to put massive cyber security costs onto small businesses, service organisations and individuals.
In one current pilot we’re managing, a Canberracollege is not only protecting its own network – it’s also monitoring and protecting the 2,000+ devices of its students and their families from cyber predators.
Any organisation is only as strong as its weakest link – 3rd party suppliers, customers and collaborators. However much you invest in protecting your systems from your attack pathways – it may not protect you.
You need to secure your ecosystem, not just your organisation and your boundaries.
Trend 3 – shared intelligence
Different organisations see different things – and if we shared this, everyone would be better off. The same attack can look very different between a big corporation and a SME – and each view adds vital intelligence about the specifics of the attack and possible responses.
Smart collective defence networks today share their different perspectives on suspicious internal and external activity, combining their knowledge and resources to protect their collective – which increases everyone’s online security.
Collective defence is possible without reduced security when it is combined with:
● AI and machine learning for close to real time analysis applied to
● De-identified data and metadata that protects confidentiality while sharing strategies and tactics.
The result is shared intelligence which helps members of a collective to:
● Identify attacks fast – because multiple, varied perspectives increase attack visibility.
● Respond fast – because what’s been tried and its results are visible to all members.
Trend 4 – fast-response ATTACK intelligence
Traditional approaches to security employ threat intelligence – giving warnings of threats. They can drown network administrators in confusing possibilities. But threat intelligence doesn’t tell you what actual attacks are occurring now.
Threat advisories are overwhelming in volume and complexity – and many are irrelevant. The result is that you can end up paying expensive technical experts to sift through masses of boring detail.
What’s most important to know is what attacks are happening around you – because in today’s world the same attack is repeated against system after system after system.
Within strategic collective defence networks powered by AI and machine learning, not only are actual attacks notified in almost real time – so are successful defensive tactics.
Trend 5 – verified, visible security
With reputations and bank balances on the line, your investment in cybersecurity is no longer an internal matter.
Your customers will increasingly want to know, your suppliers will want to know AND consumers will increasingly want to know “How good is your security? Really? Prove it!”
Increasing demands are being made for visible, independently verified security and compliance. These aren’t just “tick box” surveys, they can be in-depth, exhaustive investigations that take months to respond effectively to.
At Network Overdrive, we are seeing an increasing trend towards major organisations – such as banks, big vendors and government departments – requiring current and potential customers and suppliers to provide audited assurance of the quality and security of their IT infrastructure.
Your cybersecurity will increasingly – and rightly – be the concern of your customers, your suppliers, your insurers, your bank and your auditors (not just your IT manager). Demands for verified proof of adequate cybersecurity are becoming common.
Trend 6 – social and supply chain responsibility
A move developing in all sorts of ways is for businesses to take care of their networks. It’s part of an increasing trend – one where businesses are making a social investment to do good for the communities within which they operate.
“Companies must benefit all of their stakeholders, including shareholders, employees, customers, and the communities in which they operate.” Larry Finke, BlackRock, 2018
Cybersecurity is one arena in which this is showing up as an increasingly necessity in 2021.
It is also pragmatic good sense – because fundamental to protecting yourself is protecting those around you. If you have to do it anyway, then why not do it in a way that protects me AND other organisations you care about?
Are you facing increased security demands and wondering how to meet them?
Does your business cybersecurity approach rely on border protection, backups, hope and expectations of other people having good security?
Have you investigated upgrading your security and been horrified by the cost and effort involved?
Do you have major vendors, customers or investors who are asking for proof that your security is up to industry standards?
Do you just want to do the right thing for the people and organisations in your community?
Get in early on the next generation of Collective Defence security
Network Overdrive has partnered with global cybersecurity provider IronNet to bring the next generation of cybersecurity to Australia.
IronNet is a US-based firm with unmatched government and commercial experience over decades on the front lines. They leverage first hand experience from working at organizations like DARPA and the NSA, U.S. Cyber Command and Silicon Valley to deliver next-generation cyber security.
If you want to explore the shift to cost-effective, powerful, collective defence cybersecurity, contact us today.
Do you qualify to join our Community and Care Sector pilot?
In alignment with our specialist services to the Care and Community sector, we’re conducting a trial program for the sector. Limited places are still available.