Cyber Threat Intelligence: Risk Management Strategies
The ever-expanding attack surface of the cloud calls for effective cyber risk management to enable enterprises to innovate and meet business objectives. Discover how to better understand, communicate, and mitigate cyber risk across the enterprise.
While digital transformation allowed organisations to innovate and support new remote work setups, the growing attack surface introduced new gaps for malicious actors to exploit. As such, Trend Micro blocked over 94 billion threats in 2021—a staggering 42% increase from 2020. To help CISOs pivot their cyber risk management strategy and keep their organisation out of the headlines, Trend Micro Research identified the top four threats in our latest report.
Top threats in 2021
1. Ransomware became more targeted
Ransomware can be a nightmare for any organisation, especially as extortion demands continue to increase. We continue to see attackers shift their strategy from quantity to quality; deliberately targeting profitable victims for a heftier payout. The good news: we saw a 21% decrease in overall ransomware detections for 2021, which could be the result of more effective malware detection and response security tools.
2. Malicious actors capitalise on cloud misconfigurations
More companies shifted to the cloud to support changing business and operational needs amid the pandemic, and although their operational needs were typically met, security and cyber risk seemed to be more difficult to effectively manage.
Setting up cloud infrastructure is notoriously complex and can result in misconfigurations—the ideal entry point for cybercriminals looking to score big. For example, a role-based access control misconfiguration in Kubernetes allowed notorious threat actor group, Team TNT, to compromise almost 50,000 IP addresses in the US and China as a part of a large-scale credential theft campaign in 2021.
3. It’s phishing season: attacks double in 2021
Email continued to be a popular attack vector for cybercriminals; Trend Micro™ Cloud App Security detected and blocked more than 25 million email threats (nearly 50% increase from 2020) in addition to those stopped by the email service’s native security.
Furthermore, phishing attempts doubled from 2020, largely from spam emails. The fear and unease surrounding COVID-19 gave malicious attackers plenty of material to work with—more than 8 million pandemic related threats were detected, with the vast majority being email-based.
4. Old vulnerabilities remain relevant
While Apache Log4Shell (Log4j) was arguably the most prominent zero-day vulnerability of 2021, older flaws remained relevant and effective as well. Data from Trend Micro™ TippingPoint™ shows that the greatest number of detections (75 million) this year were of CVE-2019-1225, a memory disclosure flaw in Microsoft’s Remote Desktop Services (RDS) discovered in August 2019.
Explaining cyber risk to the board
As the digital attack surface expands due to the accelerated shift toward the cloud, enhancing security for more effective cyber risk management is a must. And while you may understand that, getting the board to see it your way can be challenging.
By definition, cyber risk is the financial loss, disruption, or damage to the reputation of an organisation resulting from the failure of its IT systems. Make sure the c-suite understands what you mean by cyber risk—poor security leading to financial losses. Look for security tools that can help you get your message across; by aligning security with the bottom line, and even demonstrating how savings can be optimised for business goals, the board will get on board.
To secure your rapidly expanding digital attack surface, you need comprehensive visibility and continuous threat monitoring. In the cloud and across your IT infrastructure, point products are often unable to provide security teams with the complete picture and threat data needed to effectively understand, communicate, and mitigate cyber risk.
We suggest a unified cybersecurity platform with broad third-party integration into your existing ecosystem. Ideally, the platform should automate security as much as possible and provide remediation guidance—not only will this reduce your cyber risk, but it will also relieve overstretched security teams and free them to focus on only the most critical events.
To address top threats like ransomware, cloud misconfigurations, email attacks, and vulnerabilities, look for a platform with the following capabilities and features:
- Modern technologies like pre-execution machine learning to find unknown malware hidden in office files attached to emails combined with artificial intelligence to check email behaviour, intention, and authorship to identify BEC attacks.
- Support for the Zero Trust approach, which requires all users, devices, and applications to be authenticated before granting access and continuously monitored for any suspicious behaviour. This will stop attackers from flying under the radar after compromising credentials.
- Automated scanning to continuously discover your digital attack surface and alert security teams of any cloud misconfigurations.
- Deep threat intelligence and research for up-to-date vulnerability disclosures as well as virtual patching to proactively limit the scope of an attack (like Log4j) before a vendor patch is released.
- Extended detection and response (XDR) to collect and correlate deep threat data across network, cloud, endpoints, users, and workloads to shore up fewer, but higher-confidence alerts.
For more insights into threat trends and the benefits of leveraging a unified cybersecurity platform, check out these resources: