How to achieve next-generation cybersecurity

By Matt High
The cybersecurity landscape for digital enterprises is shifting, making the use of effective technologies and security strategies essential...

According to Rapid7’s Tod Beardsley, “March 2020 will be the point that we look back and see a fundamental change in how the internet functions, as well as how people and enterprises interact with the internet.”

FinTech magazine recently spoke with Beardsley to discuss the rapidly evolving threat landscape for enterprises and how Rapid7 can assist.

The precursor to this conversation was Rapid7’s release of its 2020 Threat Report.

This extensive piece of work details the shifting cyber threat landscape in more detail, and outlines those major risks that enterprises will have to counter looking ahead.

In the article, which can be read in its entirety here, Beardsley explains that the most significant change over the last decade has been the moving of information to the cloud.

He states: “It’s so much better than running your own racks of servers, but it also alters the potential threats for your organisation, and has everyone now concerned about a host of technologies and risk factors that didn’t even exist 10 years ago.”

Key findings of the report are that phishing remains the most popular form of attack for businesses.

So much so, says Beardsley, that “if you can solve phishing, you solve 90% of your problems - it’s that simple.”

Network segmentation, he adds, is one way of tackling the problem. “The problem with the enterprise is that everything is a big flat network, and it’s still very hard to get people to change that.

“The concern is that with the sudden shift to remote working as a result of COVID-19, you’ve gone from a home workforce of 5-10% to 100% and a whole new bunch of VPN traffic that lets anyone have a straight shot to an internal network. It’s a recipe for security failure.”

Typically, Rapid7 analyses risk across four key areas: threat telemetry, detection telemetry, recommendations and security programmes.

Beardsley elaborates on how enterprises still host vulnerable internet-exposed systems, and how malware and malicious documents are used to attack networks.

“A lot of what we found, we predicted,” he explains. “For example, that companies continue to build and deploy straight up, vulnerable systems and then put them on the internet.

“So, things like Windows machines with SMBs - Windows’ ‘everything’ protocol for file sharing, administration, authorisation, printing… everything - just exposed to the internet. That’s pretty shocking, it was probably the most visceral reaction I had to the data.”

2020 threat landscape

According to Rapid7 there are several key areas of focus that como as a result of its latest report:

  • There exists a need for focusing on external footprint.
  • Attackers most commonly exploit a public-facing application or valid accounts. This can be countered by patching, network segmentation and UBA.
  • Organisations should use multiple threat detection methodologies and augment detections and technology with skilled individuals.
  • Close to 80% of breaches detected by Rapid7’s MDR service are malware-related, phishing-related or malicious documents.
  • Earlier focus on detecting threats in the initial access and execution tactics of the attack lifecycle can reduce the cost and impact of breaches.
  • Investing in collecting and reusing threat indicators improves security programme efficiency.
  • Proactively deploying mitigating controls based on trends in the threat landscape can reduce the risk of a breach. 

Read the full article in the latest edition of FinTech magazine


Featured Articles

Pay Later: Does Apple's latest offering threaten BNPL?

We ask several industry insiders whether Apple Pay Later, the tech firm's foray into BNPL, threatens the market and risks marginalising smaller players.

Is Launching a Fintech Unicorn Easier than Ever Before?

With new unicorns in the fintech space emerging every week, we take a look at the traits that enable companies to scale at pace

Why BaaS is transforming the financial services space

We look at the latest changes in the BaaS space, taking into consideration new technologies, marketplace demands and changes in the financial landscape

Wealth management trends and the ‘new normal’

Financial Services (FinServ)

Innovation is driving fintech, Shuki Licht, Finastra CEO

Financial Services (FinServ)

SIX SME Banking Trends that are Disrupting the Space