Two Thirds Of Organisations Are Not Equipped To Deal With Cyber Threats

Uploaded on 2022-03-22 in TECHNOLOGY--Resilience, FREE TO VIEW

Web malware (47 per cent) and ransomware (42 per cent) top the list of security threats that organisations are most concerned about. Yet ,despite the growing risks, less than a third (27 per cent) have advanced threat protection in place on every endpoint device that can access corporate applications and resources. 

This is according to new research ‘The state of threat prevention: evasive threats take centre stage’, published by  cloud security specialst firm Menlo Security, who questioned 505 IT decision makers in the US and Britain in February.

The Menlo Labs research team have been analysing Highly Evasive Adaptive Threats (HEAT) which bypass traditional security defences including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. The Menlo Labs team have seen a 224% increase in HEAT attacks in the second half of 2021.

Used to deliver malware or to compromise credentials, which in many cases leads to ransomware payloads, HEAT attacks include at least one of four evasion techniques:   

  • Evades Both Static and Dynamic Content Inspection 
  • Evades Malicious Link Analysis 
  • Evades Offline Categorisation and Threat Detection 
  • Evades HTTP Traffic Inspection 

As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. 

The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45 per cent failing to add strength to their network security stack over the past year. 

There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43 per cent citing the network, and 37 per cent the cloud. “Threat actors seek to exploit gaps in traditional security defences and the fact that security capabilities haven’t really changed over the past decade.

One of the areas of focus for attackers is using web threats and we’re seeing more and more of them successfully deployed using HEAT techniques. “Last year we saw Nobelium use HTML smuggling, a HEAT tactic to avoid static and dynamic content analysis, to deliver malware and ransomware attacks. The fact that these are successful means their usage will increase, which could have devastating consequences for companies of all sizes,” explains Mark Guntrip, Director of Cybersecurity Strategy, Menlo Security.  “Working practices have changed and companies must stop relying on traditional tools and strategies that just don’t cut it anymore... Adopting a prevention-driven approach to security is the only way to achieve this and using isolation-powered security to do so stops the browser from having any direct interaction with the website and content and ensures that HEAT attacks don’t stand a chance.” Guntrip said.

Competing Security Priorities 

According to the research among 500+ IT decision makers in the UK and US, hybrid/remote working (28 per cent) is the biggest challenge organisations expect to face this year when it comes to protecting their corporate network from advanced threats. This is followed by budget restrictions (15 per cent), the presence of unmanaged devices (14 per cent), and outdated security solutions (13 per cent). 

There are also a number of competing priorities for IT professionals when it comes to improving their security posture in 2022. Training staff tops the list (61 per cent), followed by technology investment to protect the corporate network (60 per cent), adapting to new ways of working (50 per cent), and investing in skilled security members at 45 per cent. 

Additional Research Findings 

  •  Although 55 per cent of respondents have invested in their security stack over the past year and 27 per cent have advanced threat protection in place, it is not having the desired effect as attacks are still successfully penetrating their defence lines.  
  • Half of respondents believe that firewalls are an effective way of mitigating HEAT attacks and 31 per cent favour VPNs.   
  • Organisations believe that the threat of a cyber attack is a case of ‘when’ not ‘if’, regardless of size, consequently IT decision makers are most concerned about the reputational damage (62 per cent) and financial loss (57 per cent) that a security breach could have on their business.  

According to Guntrip: “Organisations need to prioritise a review of their network security solution stack. HEAT attacks target web browsers as the attack vector and employ techniques to evade detection by multiple layers in current security stacks, including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection, so clearly a new strategy is needed.” 

Menlo Security

You Might Also Read: 

Credentials Phishing Attacks:

 

« Georgia Must Bolster Resilience To Information Warfare
US Moves Cyber Defences To High Alert »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

ITC Secure Networking

ITC Secure Networking

ITC are a leading cloud-based MSSP delivering service innovation in cyber security analytics & cloud technology.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

TunnelBear

TunnelBear

TunnelBear is a Virtual Private Network services provider offering secure encrypted access to the internet.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

Altaro Software

Altaro Software

Altaro provide backup solutions that are intuitive, easy to use, well-priced and backed by outstanding 24/7 support as part of the package.

Guidehouse

Guidehouse

Guidehouse is a leading global provider of consulting services to the public and commercial markets with broad capabilities in management, technology, and risk consulting.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

Luxembourg House of Financial Technology (LHoFT)

Luxembourg House of Financial Technology (LHoFT)

Offering start-up incubation, co-working spaces including a soft-landing platform, the LHoFT connects and creates value for the entire Luxembourg FinTech ecosystem.

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions (ICSS)

Indian Cyber Security Solutions is an Enterprise Cyber Security Platforms company offering Cyber Security & Technical Education and Compliance & Penetration Testing Services.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

S2W

S2W

S2W is a data intelligence company specialized in cyber threat intelligence, brand/digital abuse, and blockchain.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.