Accenture: Build a cyber resilient business
The unprecedented global health and humanitarian crisis - triggered by COVID-19 - has opened the door to innovative cybercrime, report Accenture Security.
According to the new paper, 2020 Cyber Threatscape Report, organisations can take steps towards a more flexible and secure future if they follow the mantra think "anytime, anywhere,” suggest Accenture who identify five frontline trends currently in the cyber threat landscape.
According to figures from Accenture, there has been a 60% increase in the average ransom payment (US$178,254) from the first quarter to the second quarter of 2020.
“Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world. CISOs who understand these challenges and can pivot their security approach can help their organisations to emerge stronger,” comment Accenture.
“Sophisticated threat actors are employing new tactics, techniques and procedures (TTPs) to help achieve their long standing objectives of regime survival, economic acceleration, military superiority, information operations and cyber espionage… Criminals will still work to monetise access to data or networks, perhaps more frequently than before as the economy continues to be vulnerable.”
“Since our report in 2019, our cyber threat intelligence and incident response teams have gained first-hand visibility of the TTPs employed by some of the most sophisticated cyber adversaries,” says the report.
Accenture identify the five steps organisations can take to build a cyber resilient future:
- Think “anytime, anywhere”
Secure all users, devices and network traffic with the same degree of effectiveness
- Be transparent
Give users access to what they need when they need it
- Inspire calm and confidence
Make security leaders the catalyst for change, using compassion to deliver an agile response
Consider managed services and automate where it makes sense
- Build for resilience
Make business continuity and crisis management plans fit for purpose
“By putting such measures in place, organisations have an opportunity to out-manoeuvre uncertainty, emerge stronger from crises, and gain greater cyber resilience,” says Accenture who highlight the five frontline trends that are influencing the global landscape this year.
“These insights can enhance the work of security teams and put security technology investments, security processes and the business strategy on a firm footing to help achieve the desired level of cyber resilience.”
The five frontline trends include:
- COVID-19 accelerates the need for adaptive security
COVID-19 led to social engineering opportunities and pressured organisations struggling with business continuity, travel restrictions and remote working.
As data is a high value, sought after commodity, security leaders should consider embracing adaptive security - putting the right controls in place to help create a safe and secure working environment for their enterprise recommends Accenture.
New TTPs target business continuity
Sophisticated threat actors have been observed targeting platforms such as Microsoft Exchange and OWA, to conduct malicious activities.
Such compromises are a breeding ground for malicious activities. Web-facing, data-intense systems and services that communicate externally can make it easier for adversaries to hide their traffic in background noise, while authentication services could open up a credential harvesting opportunity for cybercriminals.
“Such capabilities and detection evasion approaches underline the importance of identifying and tracking priority adversaries and then threat hunting against the specific behaviours employed by the priority adversaries,” said Accenture.
Masked or noisy cyberattacks complicate detection
Cyberthreat actors routinely chain together off-the-shelf tools with living-off-the-land techniques, complicating detection and attribution.
These activities have occurred in Europe, North America and Latin America, and there has been significant activity directed towards emerging economies and India. And threat actors - increasingly, organised cybercriminal groups - continue to try to compromise their victims’ supply chains.
“Organisations should ensure they understand the commonly used tools and techniques, especially those involving malicious use of native systems and penetration test tools and validate they can be detected in their environment,” says the report.
Ransomware feeds profitable, scalable business
Alongside finding new ways to infect businesses with ransomware, threat actors are finding new ways to influence victims to pay.
In November 2019, a new, game-changing strain of ransomware known as Maze infected a large security staffing company, stole company data and notified the media - eventually publicly releasing 700MB of data when the ransom was not paid. “This “name and shame” approach adds pressure on victims to pay up, even though law enforcement and the cybersecurity industry have always advised against paying ransoms,” says the report.
Accenture expects threat actors employing these tactics to continue to evolve and proliferate for the remainder of 2020 and beyond.
Connectedness has consequences
Powerful technologies and the Internet enable greater connectivity and expose critical systems that attackers are finding new ways to exploit.
“Increasingly, businesses are using unpatched and untested devices - which pose a much more realistic and accessible target. Cloud and Internet connected devices are far more widespread. Security leaders are fighting back, using public bug bounty programs and detection frameworks, but Operational Technology (OT) threats still prompt the need for more effective security controls,” comment Accenture.
The pandemic has opened the door to opportunistic threats that put unprecedented pressure on organisations as they struggle with business continuity, travel restrictions and remote working.
“As data continues to be seen as a high value, sought after commodity, security leaders should consider embracing adaptive security - putting the right controls and monitoring in place to help create a safe and secure working environment for their enterprise,” concludes Accenture.