How to achieve next-generation cybersecurity
According to Rapid7’s Tod Beardsley, “March 2020 will be the point that we look back and see a fundamental change in how the internet functions, as well as how people and enterprises interact with the internet.”
FinTech magazine recently spoke with Beardsley to discuss the rapidly evolving threat landscape for enterprises and how Rapid7 can assist.
The precursor to this conversation was Rapid7’s release of its 2020 Threat Report.
This extensive piece of work details the shifting cyber threat landscape in more detail, and outlines those major risks that enterprises will have to counter looking ahead.
In the article, which can be read in its entirety here, Beardsley explains that the most significant change over the last decade has been the moving of information to the cloud.
He states: “It’s so much better than running your own racks of servers, but it also alters the potential threats for your organisation, and has everyone now concerned about a host of technologies and risk factors that didn’t even exist 10 years ago.”
Key findings of the report are that phishing remains the most popular form of attack for businesses.
So much so, says Beardsley, that “if you can solve phishing, you solve 90% of your problems - it’s that simple.”
Network segmentation, he adds, is one way of tackling the problem. “The problem with the enterprise is that everything is a big flat network, and it’s still very hard to get people to change that.
“The concern is that with the sudden shift to remote working as a result of COVID-19, you’ve gone from a home workforce of 5-10% to 100% and a whole new bunch of VPN traffic that lets anyone have a straight shot to an internal network. It’s a recipe for security failure.”
Typically, Rapid7 analyses risk across four key areas: threat telemetry, detection telemetry, recommendations and security programmes.
Beardsley elaborates on how enterprises still host vulnerable internet-exposed systems, and how malware and malicious documents are used to attack networks.
“A lot of what we found, we predicted,” he explains. “For example, that companies continue to build and deploy straight up, vulnerable systems and then put them on the internet.
“So, things like Windows machines with SMBs - Windows’ ‘everything’ protocol for file sharing, administration, authorisation, printing… everything - just exposed to the internet. That’s pretty shocking, it was probably the most visceral reaction I had to the data.”
2020 threat landscape
According to Rapid7 there are several key areas of focus that como as a result of its latest report:
- There exists a need for focusing on external footprint.
- Attackers most commonly exploit a public-facing application or valid accounts. This can be countered by patching, network segmentation and UBA.
- Organisations should use multiple threat detection methodologies and augment detections and technology with skilled individuals.
- Close to 80% of breaches detected by Rapid7’s MDR service are malware-related, phishing-related or malicious documents.
- Earlier focus on detecting threats in the initial access and execution tactics of the attack lifecycle can reduce the cost and impact of breaches.
- Investing in collecting and reusing threat indicators improves security programme efficiency.
- Proactively deploying mitigating controls based on trends in the threat landscape can reduce the risk of a breach.