The technology industry can move at dizzying speed. But in a space where change is the only constant, one trend has persisted over the years: a cyber arms race between attackers and defenders. While one side has the combined weight of numbers, the other has been historically more successful due to its agility, persistence and willingness to collaborate to achieve its goals. Malicious actors continue to innovate with gusto, as witnessed in several new reports highlighting the threat landscape in 2022.
In response, network defenders must realize that perimeter security alone is not enough to protect their corporate Crown Jewels. They must go further, by applying strong protection to the data itself.
Innovation at speed
Threat actors have a readymade ecosystem in which to collaborate with like-minded individuals, and buy and sell attack tools, knowledge and services. It’s a cybercrime economy said to be worth trillions annually. With these resources, they’re finding more effective ways to gain initial access, including by buying it from third party threat actors. And they’re worker harder and smarter to stay hidden and achieve their goals once inside networks.
Here's a snapshot of what happened in 2022, according to several new threat reports:
- Malware-free activity accounted for 71% of detections last year, while hands on keyboard activity surged 50% year-on-year (YoY), indicating that malicious actors are going to greater lengths to stay hidden and outwit automated anti-malware defenses
- Breakout time (time taken to pivot from initial access to lateral movement) accelerated by 14% YoY to just 84 minutes, giving incident responders even less time to spot and contain breaches
- The number of ads for initial access brokers surged by 112%, highlighting the strong cyber-attack supply chain
- Exploitation of cloud workloads increased 95% as attackers targeted public-facing apps for initial access and then hijacked privileged accounts for lateral movement
- New malware variants increased 5% YoY, highlighting the continued efforts threat actors went to in order to outwit defenders
- Recorded intrusion attempts stood at 6.3 trillion
- Hybrid workers continue to be a security risk: 78% use work devices for personal tasks, while 28% reuse passwords across multiple work accounts
- Threat actors are increasingly using vishing attacks, or phone-based tactics, to trick users into handing over credentials. One study recorded 600,000 such attacks daily
- Several reports also pointed to an increase in MFA bypass attacks such as “MFA fatigue” and SIM swapping, in order to circumvent best practice multi-factor authentication (MFA) for account protection
Beyond perimeter defense
What should concern security teams most is that the tools and techniques once the preserve of a select group of highly skilled threat actors are increasingly being made available to the cybercrime masses. Whether it’s through “as-a-service” offerings or direct sale of initial access on the cybercrime underground, the risk is that the bad guys are pulling ahead in the cyber arms race.
Given that today’s threat actors can often hijack corporate assets and move laterally with speed and ease, network defenders who focus too myopically on perimeter defense risk exposing their organization to unnecessary extra risk. This is where data-centric security comes into its own. By continuously discovering, classifying and then protecting data, wherever it resides, organizations can mitigate the risk of theft or even accidental leakage. That in turn will help to minimize associated financial and reputational damage and boost compliance efforts.
The comforte Data Security Platform provides a unified set of capabilities from data discovery to protection which:
- Uses AI and repository scans to continuously discover all data assets, including data organizations didn’t know existed
- Classifies and then protects that data in line with policy – at rest, in motion and in use
- Features a choice of protection methods including tokenization and format-preserving encryption (FPE)
- Integrates seamlessly with developer environments and applications for added value
Threat actors will never stop innovating. But by protecting corporate data wherever it resides, network defenders have a powerful means to minimize the damage they can do.
