• July 5, 2016

Sleeping With the Enemy: The Very Real Threat of Unrecognized Intrusions

By Cheryl Soderstrom, Cybersecurity Chief Technologist, Enterprise Services Americas, Hewlett Packard Enterprise

The enterprise is under siege. According to research from Symantec, hackers and cybercriminals created 317 million new pieces of malware in 2014, while Gartner estimates that the average enterprise is inundated with 17,000 malware alerts per week.1 Even for large security teams, that volume is nearly impossible to address—and studies show that they’re struggling to keep up with the successful exploits. In addition, a 2015 FireEye report found that it takes the average enterprise 205 days to discover a compromise.

As we all know, this is unacceptable. Cybercriminals would already be using trade secrets or customer data, causing corporate damage and disadvantage.

Threat actors take time to research a target’s vulnerabilities, deploy their initial intrusion, exfiltrate data, and cover their tracks—or they subcontract various parts or stages of the work through a sophisticated criminal ecosystem. Adversaries have the support structures traditionally associated with legitimate markets and business disciplines including financial backing, tools, subcontracting, “as a service” business models, product launches, bulk pricing, partnerships, supply chains, and 24/7 support.

So, what should enterprise CIOs and IT organizations be doing?

Proactive Approach

Studying this rather sophisticated marketplace will lead to an understanding of how bad actors develop, adopt, and adapt their tactics and tools. That knowledge can make it easier to recognize criminal “fingerprints” in or around the enterprise, and anticipate potential attack lifecycle decisions before the most significant damage is done.

Today, attacks are attempted by such a variety of sources and with such frequency that it’s becoming critically important for the enterprise to:

  • Decipher which threats deserve the most attention
  • Recognize the tools, techniques, and procedures threat actors are using
  • Implement proactive measures to protect against attacks and, just as importantly, discover them

Frankly, it starts with investing in technology and teams that proactively focus on recognizing the up-front techniques and habits of threat actors. While this approach won’t eradicate cyber attacks, it will slow them down. By allowing security teams to recognize intruders earlier in the attack lifecycle, it will significantly mitigate potential damage to the enterprise and certainly reduce costs associated with breach clean-up.

Having said this, securing the enterprise actually starts at the top of organizations, where decision-making and budgets are owned. Security teams should be given the budget to support these kinds of proactive initiatives focused on early attack lifecycle intervention. It gives CIOs the opportunity to do something meaningful in cybersecurity that reduces risk exposure up front and minimizes damage down stream.

At the end of the day, effective cybersecurity requires the investment of time, money, and strategic planning. By proactively arming the enterprise, it becomes possible to recognize, mitigate, and even prevent future attacks from happening

Learn more about how to fight back against cybercrime here.

Related posts:

1Firstbrook, P. and MacDonald, N. “Malware Is Already Inside Your Organization; Deal With It.” Gartner. 12 Feb. 2014. https://www.gartner.com/doc/2665320/malware-inside-organization-deal-it (16 Dec. 2015)