Vint Cerf and Bob Kahn, inventors of the TCP/IP protocols, are considered to be the fathers of the Internet. In 1992, they founded the Internet Society. This non-profit organization’s mission is “to promote the open development, evolution and use of the Internet for the benefit of all people throughout the world”. To do this, its objectives are focused on several areas. These include research, eduction on Internet use, the use of common standards, and, of course, cybersecurity.
In this field, the Internet Society developed the initiative the Online Trust Alliance (OTA). The Alliance aimed to identify and promote security and privacy practices among organizations and help improve Internet users’ trust. This is why its expert committees have developed multiple frameworks and best practice documents for companies, which deal with subjects such as email marketing or the Internet of things.
Of these publications, the best known is probably its Cyber Incident & Breach Trends report, the latest edition of which has just been published. This study compiles the most noteworthy trends from the cyberincidents in organizations in the previous year. Although the 2018 data shows some positive aspects such as the decrease in the number of data breach incidents, other conclusions, such as the huge financial cost of cyberattacks, are more worrying.
Costs, existent trends and emerging trends_
The OTA calculates that the total impact of cybercrime worldwide in 2018 is over $45 billion. The organization does, however, point out that not all kinds of cyberincidents can be estimated with such precision. So, while BEC scams had an estimated impact of $1.2 billion, and there are expensive estimates regarding ransomware ($8 billion) and credential stuffing ($5 billion), it is harder to gage the cost of data breaches and new categories such as cryptojacking.
Besides this, the report deals with cyberattack and cybersecurity trends over the last year. The organization splits these into two groups: existing trends, which includes kinds of cyberattacks that already had an impact in previous years; and emerging trends, which includes three tendencies that, while not exactly new in 2018, experienced a huge boom. Among the trends that it highlights are:
- The growth in the impact of ransomware: Although the number of attacks dropped, the financial impact of these attacks increased 60% to reach $8 billion. Curiously, the report also highlights the fact that public organisms are less likely to pay ransoms.
- Cyberattack insurance has become more important. The agency Fitch Ratings states that the cybersecurity insurance sector grew 8% in the US, reaching $2 billion in dividends.
- Attacks against cloud systems are on the up: The company Digital Shadows estimated that there were 1.5 billion files exposed worldwide in 2018 due to misconfigurations or errors in cloud services.
- IoT, an increasingly common attack vector: The IoT is used to carry out all kinds of cyberattacks, from DDoS attacks to ransomware. Generally speaking, the root cause is the continued use of default passwords, insecure software, or employing unencrypted communications. The report gives as an example a serious incident that Cisco discovered, in which 500,000 of its routers were attacked by a piece of malware.
- Regulatory changes for user data protection: organizations are subject to ever more regulation to protect the privacy of their data, such as the GDPR in Europe.
On the other hand, the report gives the following three emerging trends.
- These attacks involve installing malware on third-party devices, computers or systems in order for cyberattackers to use their resources to mine cryptocurrencies. The initial attack vector was web browsers, using malicious code. But cyberattackers now use all sorts of vectors, from apps on mobile devices to systems on large servers. The OTA insists that it is hard to calculate its impact, but estimates that the number of attacks tripled in 2018.
- Credential stuffing: According to a report from Akamai, there were over 30 billion attempts to access online accounts in 2018 that can be attributed to credential stuffing. In most cases, unauthorized access is facilitated by the use of weak passwords.
- Supply chain attacks: The OTA points out that this kind of cyberattack, which uses third parties (such as the external content of a website, software from another vendor, etc.), is nothing new; the attack on Target in 2013, and 2017’s NotPetya are two examples. However, they are still alarmingly common, and are taking on new forms. They estimate that half of all cyberattacks in 2018 were carried out this way.
Finally, given this cyberattack landscape, the report concludes with a series of fundamental cybersecurity principals that all organizations must heed. The summary is:
- All companies contain sensitive information. Cyberincidents will happen.
- Protection, privacy and protection in light of incidents is the responsibility of everyone.
- Data management and privacy practices must be continually reviewed.
- Continuous training for employees is the key to success.
- All organizations need a tested, up-to-date response plan.
Response to the most complex cyberattacks_
The OTA report reflects the fact that the cyberattack landscape is increasingly sophisticated. Cyberattackers now use Living-off-the-Land techniques, such as fileless malware that uses malicious code or the use of legitimate third-party programs. Supply chain attacks are just one example of this.
The most common cybersecurity solutions are often unable to detect these tactics. This poses a cybersecurity challenge for SOCs and all kinds of public and private organizations. They must now deal with threats that require much more attention and detail that traditional attacks.
In this sense, the solution Cytomic Orion allows agile cycles of learning, adoption and evolution. This reduces the time and cost needed to provide detection and response services, thanks to the threat intelligence tools. This way, some of the main challenges facing SOCs can be resolved. There is a dramatic reduction in the detection, containment and response time for attacks that have managed infringe our systems, getting around traditional prevention measures. There is also a huge improvement in defensive measures, which in turn reduces the system’s attack surface.
Because rapid identification and detection of threats and anomalous behaviors of cyberattackers allows you to avoid the economic damage that increasingly professionalized attacks can cause.