Data has become an essential resource for businesses, so protecting it is critical. Security is a paramount concern for every organization. However, an expanding threat landscape and evolving attack tactics continue to threaten the security of data.
According to EY’s Global Information Security Survey, “More than three in four (77 percent) respondents to this year’s GISS warn that they have seen an increase in the number of disruptive attacks, such as ransomware, over the last 12 months. By contrast, just 59 percent saw an increase in the prior 12 months.”
Brendan Appelman, manager of corporate services at CrowdStrike, joined CDW’s Tech Talk webcast to discuss how cyberthreats are evolving and what IT teams can do to defend against them.
The Threat Landscape Continues to Shift
Appelman noted the striking rise in cyberattacks. “Especially in the last couple of years, threat actors are becoming increasingly sophisticated, and CrowdStrike's intelligence division alone tracks more than 150 different nation-state, e-crime and geopolitical threat actors that are incredibly fast in performing their attacks.”
He said CrowdStrike has witnessed the effects of the pandemic and widespread remote work on cybersecurity networks, which have changed the ways attackers target organizations. “We’ve seen a lot of these threat actors learning new tricks. Oftentimes, ransomware actors, for example, aren't content with just encrypting data for extortion, but e-crime actors are really increasingly destroying and or threatening to leak data as they target even larger ransom payments and folks who are leaving smaller footprints.”
“In the last year,” Appelman said, “we saw an average breakout time of just an hour and 32 minutes. We’re defining that breakout time as how long it takes for a threat actor to initially act as a machine, establish persistence on which they can laterally move and then reach some malicious end objective.”
Register below for an upcoming CDW Tech Talk, held Tuesdays at 1 p.m., to hear from IT experts live.
How to Defend Against Ever-Changing Threat Tactics
As bad actors alter their methods continually, organization may find it challenging to keep up. Preventing an attack is a Herculean task, one which many organizations aren’t prepared to handle.
However, defense tactics have continued to evolve, as well, and Appelman offered suggestions on how organizations can detect and eliminate threats. “On average, we see organizations take 162 hours to detect, understand and fully eradicate a threat from an endpoint in their environment. So, we recommend that organizations strive to follow what we call the 1-10-60 rule, or one minute to detect something, 10 minutes to understand it and 60 minutes to fully eradicate a threat from an endpoint in their environment.”
Appelman also said organizations should have recovery plans in place. “Knowing your adversary can greatly assist in not only proactive threat hunting but also in effective remediation efforts. Because if you’re aware of those tactics, techniques and procedures of a threat actor, you know where to look.”
Sometimes, the Best Cyber Defense Is a Good Offense
Appelman stressed the importance of thinking proactively when developing a cybersecurity strategy. “I think the first thing that comes to mind always is threat hunting. The adoption of an endpoint detection and response tool, making sure that the patches are updated and passwords are reset. I think that’s one of the first ways in which you actually become proactive.”
“Especially from a threat hunting perspective, it goes back to knowing your adversary and adopting an intelligence suite or product or partnership there, and really knowing what to look for and having that data repository in which you can actually parse that data,” Appelman continued. “I think a lot of organizations today should always be performing strategic and technical advisory services as well. I think every organization should be performing pen tests annually, both internally and externally.”
Appelman also said security tools are evolving just as quickly as the threat tactics bad actors employ. EDR tools are a good starting point for organizations to improve their threat hunting efforts, and some security tools have started to use AI solutions for threat prevention and detection purposes.
Cybersecurity Takes On Great Importance in a Healthcare Setting
While all industries must protect valuable and sensitive data, some factors heighten that importance for healthcare providers. Drex DeFord, executive healthcare strategist at CrowdStrike, and CDW healthcare CTO Tom Stafford joined the conversation to take a closer look at how security issues are playing out in the healthcare industry.
“If we go back 10 years, I’d say it wasn't a big issue. The reason is that we weren’t electronic,” Stafford explained. “Obviously, through meaningful use, every healthcare system across the United States has become very electronic. And with that, our caregivers are really reliant on that healthcare record.”
To combat bad actors, DeFord stressed how critical it is to minimize the time from an initial compromise to full eradication of the threat. “In healthcare, in trauma centers and emergency rooms, that first hour is the ‘golden hour.’ If you can get to a patient in the first hour, from the point of the injury or the time they start to demonstrate symptoms, then you’re way more likely to be able to save them. It turns out the same thing is true in healthcare cybersecurity. Our research shows that it takes about an hour and a half or so for an adversary to break out of that first device and move laterally. You’ve got to be ready for that. You’ve got to have the tools and the capabilities and the standards that let you resolve the issue in less than an hour.”
“It's still a struggle for hospitals to do this,” Stafford added. “the reason is that they’re challenged by resources and then they have competing priorities. What I’ve seen that’s probably the most valuable for our healthcare customers is that they focus on the existing threats, because you don’t have endless resources.” Stafford said it’s important to build a program that has the right deterrent chains and processes in place, so you can react to an incident quickly.
Follow BizTech’s full coverage of the CDW Tech Talk series here. Insiders can register for the event series here.
