A spate of high-profile ransomware attacks in recent months has raised the profile of this kind of cyber event to new levels. Though ransomware attacks increased 485% in 2020 globally, accounting for nearly one-quarter of all cyber incidents, according to Bitdefender, the techniques adopted by hackers are not new. But the heightened awareness has exposed the lack of visibility many of the world’s leading organisations have in being able to detect malicious activity.
While companies may think cybercriminals are more sophisticated than ever, and in some ways they are, the reality is the other path attackers typically take is an old and painfully basic method with many of the same techniques as ransomware: business email compromise. As the two most prominent ways that cybercriminals make money, both ransomware and business email compromise almost always involve a hacker gaining administrative rights after entry before then doing what they need to do to either monetise the breach or harvest data from the organisation.
“We are seeing bigger and more ferocious attacks, but it’s just more of the same stuff as before and people are only noticing it now that it’s affecting them or their supply chains,” says Jason Crabtree, CEO and co-founder of risk technology firm QOMPLX. “It’s not fun to get harvested. If you don’t want to participate in the harvest, you need enough visibility, and after visibility then detection, and after detection then response, and after response then recovery. Detection and response are critical but companies can’t do either without really understanding authentication.”
Companies have long thought that if they had good policies and procedures, and built a strong perimeter around the network, they could prevent cyberattacks from happening. This has proved fatal for the growing number of organisations that have suffered damaging breaches.
Enterprise systems are large, with multiple moving parts, and in every organisation there are things connected to the internet that the IT team doesn’t realise. In the case of business email compromise, meanwhile, no business can realistically stop HR from opening CV attachments, which could be weaponised, or the finance department from opening Excel files in emails.
“Don’t delude yourselves into thinking that you don’t have anything touching the internet that’s not supposed to, or that you’re not going to have a user click on a phishing link,” Crabtree adds. “We need to get people out of this mindset that you’re never going to make a mistake. The reality is it doesn’t matter if you have a great team, you’re going to have errors, things get through. You can do terrible things with Microsoft Excel or Office macros, but you can’t stop people opening these files. Assume that you have a breach, detect it really quickly and then monitor the hell out of your outside and inside so you can actually get ahead of this stuff.”
QOMPLX is the global leader in making sure authentication is real, with its technology validating the core authentication protocols used by modern networks for cloud and on-premise, ensuring they are not forged. The company has one of the largest breach databases in the world, which it uses to look for the kinds of illicit activity that enabled access to a Virtual Private Network (VPN), ultimately resulting in the downing of Colonial Pipeline, the American oil pipeline system, last month, as just one example. Validating authentication protocols is foundational to defending a zero trust architecture.
“Without it, you have no visibility into your core line of defence: authentication,” says Crabtree. “Everything relies on that being true. All your other controls and investments depend on authentication not being a lie. Most corporate networks still look like a raw egg: a hard shell with a gooey middle and nothing protecting somebody from moving wherever they want to go inside. The entire shell then goes away if authentication is forged. We help companies ensure the inside is hard too.”
For more information, visit QOMPLX.com
Sponsored by