We live in a time when wars between countries are also moving into the digital sphere. In an environment where the number of cyber attacks is constantly increasing, organizations can no longer rely on the traditional approach to protecting software from malware.
Today, it is clear that the installed antivirus does not provide security. First of all, the question is whether all computers and devices (endpoints) are properly protected with the latest anti-malware version. Continuous monitoring of endpoint coverage, however, is a challenge for IT staff. Even if malware protection software is installed, detecting and preventing complex attacks is an added challenge. As a general rule, IT administrators will not receive immediate insight into what is happening or a historical overview of what happens during a security breach. As a result, they will not be able to respond better.
Due to the escalation of cyber threats, few organizations have sufficient number of individuals who are able to analyze and verify many incidents and suspicious events.
For example, simply detecting malware in a file does not provide enough contextual information about how the threat or even the breach occurred. Was it detected as a result of the action of the user who opened the email attachment? Another user might have downloaded the same file previously, but then the anti-malware software was updated so there was no detection? Who are the other affected users? Or is none of that about opening an email attachment, but rather the discovery caused by “browsing” a legitimate news portal that threatens and delivers malware through an unpatched Chrome browser? Or is the detection not the result of a user “click” at all, but a malicious attacker having remote access to our network due to a malicious file being delivered to a computer disk via a remote office LAN?
These and many other scenarios are possible with any malware detection. Therefore, it is important to rely on automated analysis that gives administrators and IT analysts a quick look at what is happening and whether it is happening with a threat. Detection context is critical, as it provides insight into the actual level of risk, and traditional anti-malware and other analytic security tools won’t help us much.
Three levels of protection
Is anti-malware alone enough? What do organizations need to do to improve protection? In order to get the most out of security solutions, organizations need to focus on the main sources of risk, which are the three levels of protection.
1. Protect users from harmful XDR content: from computer to email
content Protection includes timely detection of malicious content, automatic event correlation and contextualization of detection – from terminal computers to email traffic. Instead of individual visualizations, we are talking about a new proactive technology – XDR (Extended Detection and Response) Providing an effective response to modern threats. XDR provides automation and thus facilitates data analysis. When a threat is suspected, the user can easily access the stored sequence of events and determine the cause of the alarm. At the same time, the need to search for diary entries from different sources was eliminated, time was saved and real insight into the risks arising from a single perception (or group of perceptions) of malicious content was achieved.
While until recently XDR solutions were intended only for “deep pockets” organizations, today XDR is equally accessible to small and medium-sized businesses. Instead of relying on a classic antivirus, companies will integrate multiple products into one tool with XDR and significantly reduce risks. This solution is easy to manage and automatically eliminates the time needed for analysis. Trend Micro Vision One XDR It greatly facilitates analysis of threats in email traffic, across the Internet, in the cloud infrastructure and of course at the endpoint.
2. Identity management
With the increasing number of public access points in the enterprise (VPN, SSL VPN, RDP …), in addition to the growing number of Web applications as a service, there are also more opportunities for attackers to break into the enterprise. Therefore identity theft is one of the main directions of attacks for unauthorized access to the IT system. The need for remote access during the pandemic has increased the attack space for many organizations. At the same time, the attacker’s work is facilitated if passwords are used without additional checks or factors (such as a certificate, one-time password, etc.). Improperly managed identities to access all business applications make the situation easier for attackers.
Identity management solutions provide multi-factor authentication and single sign-on (SSO). Users have to rely on passwords as little as possible. Reports should be available from anywhere, and this has been particularly evident during the pandemic. Its use must be safe for the enterprise. Administrators also need to know who accessed which app and when. Multifactor authentication solutions reduce the role of passwords and thus unauthorized access to accounts.
User identification and authentication are very important in the era of digital transformation. Therefore, Zero Trust Network (ZTNA) solutions are increasingly sought after. They provide employees with secure remote access to any application. The user gets access to the right resources at the right time and the need for a local VPN is eliminated.
3. Educate employees about cyber threats
The last level of an organization’s defense against attacks is employees. That is, in many cases, it all depends on whether the employee will click on the link in the email or not. Education about attacks, especially those sent via email, is key to strengthening an organization’s resilience to abuse.
Large organizations traditionally solve such problems by systematically educating employees about security threats. However, traditional SAT (Security Awareness Training) initiatives therefore require a lot of money and time, and these are limited resources. The attackers know this and take advantage of it.
Such issues can be circumvented with software-backed SAT solutions. It enables automatic and continuous training of employees (and integration of saonboarding employees). The focus is on current threats. Employees are not interrupted by prolonged training, but by shorter moments of learning, often in response to the opening of risky relationships. In addition to the links provided by simulation attacks, SAT training also includes occasional exams and short courses arranged by topic. As employees find it easier to identify cyber threats, organizations create greater flexibility. Traditional forms require a lot of preparation and time, but here we are talking about a very fast implementation and continuous process.
The “epidemic” digital transformation has changed the threat landscape
Digital transformation has allowed businesses to continue during the pandemic. At the same time, the landscape of threats has changed. As companies took steps to transform their businesses, cybercriminals eagerly waited for their chance and seized new opportunities to attack organizations.
Trend Micro, a manufacturer of anti-malware solutions, told us at Annual Report On the most important types of security threats in 2021, it provides guidelines for behavior and defense against cyberattacks in future periods.
In 2021, there is a growing trend for hacker groups to carry out modern ransomware attacks. This is in contrast to the spray and pray method of previously common types of ransomware attacks. Before carrying out an attack, these groups take enough time to investigate the situation and study the organization.
The health sector, which in previous periods did not appear on the list of targets for these attackers, is affected today, as are state administration institutions and banks. It is accompanied by a list of many other sectors and industries. No one is exempt from translation.
In addition to mail, cyber attackers focus on the cloud
Business continuity has been greatly facilitated during the pandemic by moving to cloud, SaaS, and IaaS services. Malicious actors, on the other hand, are willing to take advantage of the complexity of cloud infrastructure.
Email has been and remains the most popular collaboration tool and main application for any organization. So it is not surprising that it is still the most widely used method of attacks. Phishing is a very effective way to spread malware. Number of phishing attacks blocked by Trend Micro Cloud App Security Doubled in 2021 compared to the previous year. Two-thirds of these emails are classified as spam and the remaining third as phishing. With the help of advanced tools like authorship analysis, it is Cloud Application Security In 2021, he also detected and blocked a large number of BEC (Business Email Compromise) attacks.
It is important to note that attackers exploit both old and new vulnerabilities equally. Despite the availability of fixes, attackers continued to exploit a number of old vulnerabilities. according to Trend Micro Scan Vulnerabilities older than three years were used to carry out a third of attacks in 2021.