Turning The Tables On Tomorrow's Threat Agent 

Long gone are the days of every worker being a nine-to-five commuter. While some employees retain a preference of working in the office all the time, many are embracing the willingness of employers to offer flexible alternatives such as remote and hybrid models. 

Research shows that UK staff went to the office 3.8 days per week on average pre-pandemic, this having dropped to 1.4 days per week in 2022.  

While the new normal is undoubtedly improving workplace cultures and driving forward a new frontier that centres around enhancing the employee experience, in the case of security, it has had dramatic implications. No longer are staff members all accessing the internet behind a security perimeter – where applications were all controlled, and VPNs could be used on a remote basis where necessary to replicate safe sessions.  

Today, employees can readily use the internet to access corporate networks housing sensitive and personal data within key applications and SaaS platforms from a range of devices in a variety of locations. As a result, the web browser has now become the biggest attack surface and target for threat actors, many of whom are leveraging and exploiting it successfully.  

These changes in working patterns have undermined the methods that security practitioners traditionally relied upon to secure their organisations. Indeed, firms have been forced to re-evaluate their business needs and develop entirely new strategic roadmaps, leaving CISOs scrambling to find ways in which to bake in security best practices. 

Understanding Of Modern Security Requirements Is Improving 

During the past three years, the picture has thankfully become somewhat clearer.  Today, organisations typically require a consistent set of security policies for all users - be it an employee in the office, or an engineer commuting and using a cellular network. Regardless of the device they are using and app they need to use, there needs to be a clear security framework that guides universal best practice across the board.  

Unfortunately, firewalls and VPNs simply aren’t designed to deliver that. Instead, organisations are now tapping into cloud services that can effectively manage comprehensive security permissions and deliver key insights, detailing exactly who each user is, and what they can respectively access on the corporate network.  

This has become a highly intelligent process. More advanced security setups can manage privileges and assess the security posture on an ongoing basis, adapting permissions based on the type of user, location of that user, what systems they’re trying to access, and when they’re trying to access them.  

It is critical that companies adapt in this way. Not only has security become a more complex undertaking with many different moving parts, but the threat landscape has also changed dramatically. 

According to Statista’s Cybersecurity Outlook, the global cost of cybercrime was estimated to be $8.44 trillion in 2022 – over seven times the $1.16 trillion reported in 2019. Resultantly, security has fundamentally become a boardroom issue. It cannot be an afterthought. Instead, the CISO now needs to be a major part of business decision making. 

CISOs are there to add value, applying security as an integral part of the technology stack. To achieve this effectively, they must have an ongoing understanding of each new product, how customers will consume them, and the inner workings of the architecture underpinning each solution.  

Responsibility isn’t solely on the CISO, however. A culture in which security becomes a leading priority needs to be instilled throughout the organisation – every enterprise will have different models and workforce structures, and there are many roles that need to be thinking about security more actively. 

Interestingly, a Gartner study found that 88% of boards regard cybersecurity as a business risk rather than solely an IT problem. The threat of ransomware and nation-state-backed threat outfits has changed cyber perceptions, with those at the top table becoming increasingly aware of the challenges.  

Bolstering Defences In The Face Of Evasive & Complex Threats 

This growing appreciation provides CISOs with the opportunity to bridge the gap between technical professionals and the broader C-suite.  They are now enjoying greater influence over boardroom discussion to ensure best practices are instilled more readily. However, given the continual advance of new threats, this is the bare minimum that is required. 

Today, the browser is the new office. Where previously you’d have had to have gone into a conference room to have a meeting, employees are now typically spending 75% of their working days on a web browser or using web conferencing applications.  Unfortunately, as we have mentioned, threat actors are aware of this and the opportunities it presents, adapting their techniques accordingly.  

There has been a significant uptick in the use of evasive attack methods leveraged by nefarious actors, enabling them to bypass traditional security tools such as secure web gateways (SWGs), firewalls, phishing detection tools and malware analysis engines.  

Known as Highly Evasive Adaptive Threats (HEAT), these attacks are actively exploiting the web browser as the attack vector, rendering a decade or so of security investments focused on network perimeter protection almost obsolete. 

It’s a frustrating reality that has left many security departments having to completely rebuild their defences from scratch. Yet the dangers of HEAT simply cannot be ignored. Research conducted by the Menlo Labs team revealed that there had been a 224% increase in HEAT attacks in H2 2021 - a trajectory that only seems to have continued through 2022.  Menlo Security also surveyed 505 IT decision makers at firms with at least 1,000 employees across the US and UK last year found more than half (55%) of organisations encountered advanced web threats at least once a month, with one in five facing them on a weekly basis. 

There are several increasingly concerning signs.

  • Hackers now looking to overcome two factor authentication through social engineering campaigns to access corporate assets, for example. And it is clear that browser-based attacks are not just becoming more common, but more successful. Indeed, almost two thirds of the respondents (62%) to our survey had seen a device compromised by a browser-based attack in the previous 12 months alone.  
  • Further, it is also clear that some of these attacks could have been avoidable. Indeed, the survey shows that less than three in 10 organisations have advanced threat protection solutions in place on all endpoint devices used to access corporate applications and resources, while almost half (45%) had not added any new capabilities to their network security stack in the previous year.   

Embracing A Security-First Culture 

For many, there continues to be an issue around prioritisation. Given the threat landscape, security now more than ever before needs to be a forethought. Yet approaching things in such a manner is easier said than done in the case of organisations that have always made operational changes first before implementing security adaptations on top.  

It’s about embracing a security-first culture – a shift that can be accelerated via a few simple strategies.  

Specifically, CISOs should focus on building a greater consciousness of security within the workforce, enabling every worker to be more adept at spotting suspicious activities such as social engineering attempts. The good news is that a growing number of roles are coming to the realisation that they have a responsibility to practice good security hygiene. CISOs may operationalise this mentality, but it is becoming everybody’s responsibility to embrace it.  

Further, organisations should ensure security parameters extend to all endpoints capable of accessing the corporate network. This can go a long way in enabling firms to thwart any kind of threat.  Perhaps the most important realisation is that there is no quick fix when it comes to the cyber security of an organisation. Good management principles must apply, centred around hiring well, training well and executing towards a roadmap that is forward looking whilst prioritising security. 

Of course, everyone is looking for the next shiny new widget or silver bullet technology capable of keeping everyone safe, but the reality is that the strongest teams are the ones that are consistently deliberate with their intentions, taking longer to steer the ship whilst doing so in a way that’s secure and safe and executed according to the needs of the business.   

Isolating The End Point 

In the case of browser threats, a good starting point for mitigation is removing user interaction and traffic from the browsers themselves as much as possible. This might sound like an impossibility given the criticality of the browser to modern day working models, but it’s easily achieved with the right supportive solutions. 

Isolation technology can be used to isolate the end point from the Internet browser, re-writing it and then delivering it as a clean stream.   

This prevents any malicious code from ever reaching user endpoints by moving the point of execution to a disposable, cloud-based container that acts as digital air gap between the browser and corporate networks. It also reduces the number of alerts reaching the security operations centre (SOC) which can exacerbate alert fatigue – a major issue facing security professionals as they attempt to navigate the demands of the new normal. 

Addressing Security Alert Fatigue 

We’re confident that this approach will soon become the mainstream model for internet security. It’s not necessarily about eliminating proactive detection and identification. Instead, it’s about creating clean working environments while dramatically reducing the burdens on the SOC from alerts and false positives.  

Threat intelligence teams are already looking at massive amounts of data. They don’t want to have to sift through even more to find one needle in a haystack. The more customers can address alert fatigue whilst upgrading their security posture, the better. 

Nick Edwards is VP Product at Menlo Security

You Might Also Read:

Cyber Security Strategies Need To Evolve Alongside The Enterprise:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

 

 

« Crypto Company Loses $200m To Hackers
WhatsApp Will Not Comply With British Regulations »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

Watch this webinar to see how cloud security posture management (CSPM) tools can fit into your cloud security strategy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

ESTsecurity

ESTsecurity

ESTsecurity is a leading company in cyber security providing intelligent security solutions to make world more secure.

Arab Information & Communication Technologies Organization (AICTO)

Arab Information & Communication Technologies Organization (AICTO)

The Arab ICT Organization (AICTO) is an Arab governmental organization working under the aegis of the league of Arab States.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

CyberSN

CyberSN

CyberSN matches cybersecurity professionals to jobs and removes the pain from job searching and hiring.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Valeo Nertworks

Valeo Nertworks

Valeo Nertworks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Cyderes

Cyderes

Cyderes (Cyber Defense and Response) is a global, pure-play, full life-cycle cyber security services provider formed from the merger of Herjavec Group and Fishtech Group in 2022.