• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

In Breaches, as in Life, Time Is Money

July 23, 2019 By Stephen Helm

In 2017, Ransomware wreaked havoc around the globe, bringing business, hospitals, and government organization alike to a grinding halt. Thousands were greeted by ominous messages demanding ransom payment to decrypt their files, and news of the attacks spread nearly as fast as the attacks themselves. But, in my opinion, one of the broader consequences of those dark days of ransomware is that many people came to expect if a breach is bad, they will know about it right away.

Now, I am not saying that ransomware is no longer a threat, far from it. However, it’s important to understand why ransomware was appealing to attackers in the first place: Bitcoin. Bitcoin gave cyber criminals an easy way to monetize their attack, while anonymizing the financial exchange. This meant they could attack and cash out while leaving as small of a financial paper trail as possible. For this reason alone, the risk of announcing your presence on an infected machine was worth it. But this is counter to how hackers, who want to reduce exposure and reduce the risk of being caught, normally operate.

Responding to threats in a timely fashion can be the difference between a quick fix, and a major security incident. The longer the threat goes undetected, the more harm it can cause. Cryptojacking malware, for example, uses an average of 25% of an endpoints CPU while running, and generating a single bitcoin can cost nearly $10,000 in power alone. While an increased power bill, and slowed machines might set off alarm bells, many organizations would struggle to identify and remediate the threat on that information alone.

In fact, it takes an average of 197 days1 for a business to detect a breach, a credit to the skilled nature of attackers able to hide their attack in plain sight. For smaller organizations, the problem is even worse, with average time to detection taking nearly 800 days2.

In the face of increasingly evasive threats, here are a few axioms that can help accelerate detection and remediation.

  • Know what you don’t know. Zero day malware comprises a startling proportion of malware. Relying on antivirus from an OS vendor, and simple packet-filtering? Believe me when I tell you – what you don’t know CAN hurt you. In network security, knowing what you don’t know is all about sourcing the best threat intelligence, correlating as much as possible, making security information actionable, and deploying artificial intelligence that learns with each new threat.
  • Correlation IS Causation. Well-implemented security systems serve up a huge amount of data. With correlation, you can look at security inputs from multiple sources in tandem – so if your network device detects your user attempting to connect with a bad site, and the user’s endpoint flags a sudden change to the host file, you’ll have a good idea that a botnet is present.
  • Bring light to the darkness. Threats can hide in the shadows of encrypted connections. Upwards of 90% of network traffic is encrypted. Attackers issue orders and even deliver payloads via HTTPS. Being able to inspect this traffic isn’t just a nice feature to have, it’s a best practice that every business should implement.
  • Keep your head in the Clouds. The Cloud is a powerful platform for security. Through the Cloud we can process more threat data, faster. We can bring once disconnected technologies together for a more complete picture of your security posture. And, we can scale rapidly and seamlessly extend protections beyond the traditional perimeter.
  • Focus on the Phish. Cyber-criminals are exploiting the naiveté of users as their initial attack vector. In fact, 90% of cyber attacks today begin with a successful phishing attempt, delivered via email that tricks one of your users. Blocking connections to malicious infrastructure and being able to kill the processes that attempted the connection can keep risky-clicks from becoming major security incidents. Training your employees to spot these attacks can prevent the clicks altogether.

Want to learn more about how WatchGuard can help accelerate breach detection? Download our whitepaper Defending Against Known, Unknown, and Evasive Threats with WatchGuard Threat Detection and Response.

1https://securityboulevard.com/2018/07/survey-finds-breach-discovery-takes-an-average-197-days/

2https://www.techrepublic.com/article/cybersecurity-malware-lingers-in-smbs-for-an-average-of-800-days-before-discovery/

Share This:

Related

Filed Under: WatchGuard Articles Tagged With: Breach Detection, Hacking, Malware, ransomware, Security breach, TDR, ThreatSync

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use