The cybersecurity threat landscape is shifting rapidly, and security teams need new ways to fight back. With ransomware attacks increasing by 105% in a single year and overall cybercrime soaring, the dark side (i.e., cybercriminals) appears to be winning. If nothing changes, by 2025, cybercrime will do over $10 trillion (about four-fifths of China’s GDP) worth of damage to the global economy each year.
From cloud migrations to IoT integration and hybrid working, IT environments are changing at a record pace. The attack surfaces they present are changing too. However, even though new vulnerabilities are constantly emerging, only 22% of enterprises can monitor their attack surface for changes in real time. Meanwhile, the community faces an existential skills gap as vulnerabilities continue to outnumber personnel.
Security might be getting harder, but the continued decline in defensive effectiveness need not continue. With cybercrime endangering trillions of dollars and, increasingly, people’s lives, there isn’t any other choice but to re-focus on defense. However, this does not mean doubling down on reactive measures. Nor does it entail relying on the emergence of a new generation of security tools to stop threats. Research from IBM shows that firms with more than 50 security tools are, on average, less secure than those with fewer tools.
Instead, it’s time to take the fight back to attackers and make IT environments inherently difficult to compromise. This means reinforcing, revisiting, and re-imagining how proactive cybersecurity happens.
The Best Time to Find Weaknesses Is Before an Attack Happens
Proactive security will become more critical for a straightforward reason: reactive security is no longer reducing cybersecurity risk the way it used to.
Ever since the cat and mouse game of cybersecurity started, threat actors have invested considerable effort in figuring out how to enter and compromise victim networks without being spotted. The sad truth is that, in this respect, criminals appear to have gained the upper hand. Immense financial rewards have turned talented developers towards the dark side and catalyzed a new generation of threats that can slip under the radar of reactive security postures.
The emergence of fileless and in-memory attacks, like Conti ransomware and hacked versions of Cobalt Strike (which threat actors have recently ported to Linux), have made signature-based defense obsolete. Meanwhile, as IT suites become more distributed and harder to define, lateral movement has gotten easier, spreading the blast radius of even minor attacks.
As a result, threat actors have no trouble persisting in victim networks undetected. A recent study from Sophos found that threats linger in victim networks for an average of 264 hours or 11 days. And, thanks to highly evasive malware and human-operated attacks, they have plenty of time to either bypass or disable reactive security controls like antivirus by escalating privileges and compromising administrator accounts.
Defenders cannot spot malicious behavior before attacks escalate. But with the average breach costing $4.35 million, relying on insurance or cleaning up afterward is not a sustainable strategy either. The damage from an attack goes beyond whatever is stolen. When companies don’t practice resiliency, factors like downtime, impact to operations, and customer trust can irreparably harm a brand.
Prioritized Discovery
To break this deadlock, more companies are shifting away from reactive towards security that is motivated by proactively understanding the attacker’s perspective. The find-and-fix mentality around patching vulnerabilities can only be effective if the discovered vulnerabilities are properly prioritized. This is because security teams are often only able to patch a small percentage of their vulnerabilities. In order to maximize the utility of the security team, they need to spend their limited time patching the ones that matter most to the adversary.
To do this, defenders need automated tools which filter their existing vm results through the lens of the attacker’s perspective. When every bug you patch is the one currently most threatening to your network, you have optimized risk mitigation in this area.
However, even the most proactive organizations in operation right now are running into a significant security obstacle—visibility.
Bringing Back Visibility Is Key
It’s no longer safe to rely on a security posture designed to fill gaps identified by a penetration test or security audit months or even weeks ago. Solving the growing visibility challenge inhibiting security posture validation and risk discovery will be one of our generation’s core cybersecurity challenges.
For large enterprises, finding new solutions for attack surface management should be the number one priority this year. In terms of validation, the flip side of proactive security, it’s increasingly vital to deploy solutions like continuous automated red teaming (CART) that give a real-time picture of control effectiveness.
The ultimate goal for every defender is to see their organization from an attacker’s point of view. This is what we built Randori to do.
Click here to get started with a free assessment of your attack surface.
