For enterprises, staying competitive in an ever-changing market involves keeping up with the latest technological trends. However, without the parallel development of security infrastructure and robust response, these technologies could be used as a conduit for cyberthreats that result in losses.
The reality of data breaches
According to a study done by IBM and Ponemon, a data breach costs an average of US$3.92 million. For organizations, this cost can vary depending on how quickly they discover and respond to a breach.
The 2020 Data Breach Investigations Report published by Verizon found that while most of the data breaches in 2019 lasted only days or less, a quarter of the cases lasted months or more. Containment averages also lasted around the same amount of time, with most breaches being contained within days or less.
Overall, the numbers in the report show an improvement in data breach discovery and response compared to previous years. However, the report noted that the apparent improvement could be reflective of the inclusion of more breaches detected by managed security service providers (MSSPs) in their sampling.
Organizations should aim to prevent these breaches from happening; however, preparing for such incidents and having protocols for reducing a breach lifecycle is an essential and realistic approach for dealing with current threats.
Preparing for Threats
Knowing what enterprises are up against is the first step in preparing for and responding to potential cyberattacks. In the past, threats were much simpler, largely defined by the technologies they exploited. Now that enterprises lean on more advanced network and data infrastructures, the attack surface and impact of threats have grown.
Trend Micro’s review of the 2019 threat landscape shows the complexity and persistence of current threats, with cybercriminals employing strategies that take advantage of industry trends and popular platforms.
Ransomware attacks have started to focus more on high-profile targets and less on developing new families, as evidenced by the decrease in new ransomware families in 2019. Based on our detections of ransomware-related threats, the number of new ransomware families in 2019 (95) was fewer than half of the corresponding count in 2018 (222).
Phishing-related activity also decreased. However, these detections doubled (from 65,702 to 131,757) in the case of Microsoft 365, specifically Outlook. This trend reflects how the widespread use of Microsoft 365 by enterprises could have enticed scammers to target the software suite.
2019 was also marked by a number of notable attacks on e-commerce sites as Magecart Group 12 and FIN6 infected thousands of online shops to steal customer credit information.
Figure 1: E-commerce site compromise campaigns perpetrated by Magecart Group 12 and FIN6 in 2019
The threats above highlight the security gaps in technologies used today. These also demonstrate how trends and weaknesses of industries, devices, or platforms shape the attack landscape.
Organizations have a lot of bases to cover as they adopt new applications and software to improve operations and drive innovation. Aside from gaining familiarity with current threats, personnel should also get a firm grasp of all the technologies used by their organization.
While multilayered protection can help in detecting and preventing cyberattacks from breaching defenses, all personnel in charge of maintaining corporate infrastructure should also be equipped with knowledge on how to respond to a discovered breach and active attack.
Threats like these attacking enterprise defenses necessitate an effective incident response strategy. Incident response is the process or that plan organizations use as a guide for managing and mitigating breaches or cyberattacks.
The end goal of incident response is to get the business running again after an attack. This involves identifying and qualifying the threat that breached their defenses. An incident also implies that the organization’s preventive mechanisms have failed and need to be reinforced.
A distinctive characteristic of incident response is that it can be successful without having to identify the threat actor behind the attack. Incident response happens “live,” or during an ongoing attack, with the intention of putting a stop to it. In contrast, something like computer forensics happens after the fact and has the luxury to go more in-depth because the threat has abated.
Two incident response frameworks have been widely accepted as the standard: the NIST (National Institute of Standards and Technology) and SANS (SysAdmin, Audit, Network, and Security). These frameworks closely resemble each other and cover a broad base, from preparing for an attack to making sure an incident is not repeated.
The playbook introduced here is derived from the two frameworks and should help those who are new to incident response with its overall goal and process. These steps are followed on the premise that an organization has detected an attack or a breach. However, as seen in both frameworks, preparing for breaches and threats is an equally important aspect of incident response.
Trend Micro XDR and Managed XDR
Organizations can also benefit from advanced Trend Micro solutions that can proactively protect IT environments from a wide range of cybersecurity threats. The Trend MicroTM XDR solution effectively protects connected emails, endpoints, servers, cloud workloads, and networks. Trend Micro XDR uses powerful AI and expert security analytics to correlate data, as well as deliver fewer yet higher-fidelity alerts for early threat detection. In a single console, it provides a broader perspective of enterprise systems and shows a more focused and optimized set of alerts. This provides IT security teams with better context for identifying threats faster and understanding and remediating impact more effectively.
Meanwhile, Trend Micro Managed XDR provides expert threat monitoring, correlation, and analysis from skilled and seasoned Managed Detection and Response analysts. Managed XDR is a flexible 24/7 service that provides organizations with one single source of detection, analysis, and response. These three are necessary steps that fit into the playbook and frameworks discussed above. Analyst expertise is also enhanced by Trend Micro solutions that are optimized by AI and enriched by global threat intelligence. The Managed XDR service allows organizations to expand with the cloud without sacrificing security or overburdening IT teams.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale