Many Companies Are Still Failing at the Basics of Cyber Security, Analysis of More Than 1,000 Incidents Finds
While adversaries continuously refine their attack methodologies -- primarily towards greater efficiency, simpler operation and more effective outcomes -- security analysts are struck by the static nature of their recommendations to business. "The same issues and security gaps are blighting organizations' ability to identify and respond to threats," they say.
Secureworks has analyzed the findings of more than 1,000 incident response engagements undertaken during 2018. These include both 'emergency' services involving live response to an ongoing incident, and 'proactive' services to help organizations plan for incidents and hunt for threats.
What they found was evolutionary rather than revolutionary progress by the aggressor, versus the same continuing security failures among the victims. It is the basics of security that continue to fail: poor visibility, lack of MFA, and insufficient care over third party suppliers.
Three areas of aggressor activity from Secureworks' Incident Response Insights Report 2019 illustrate the evolutionary nature of cybercrime: ransomware, convergence of techniques between criminal gangs and state-sponsored groups, and business email fraud.
Ransomware is shifting from spray and pray against individual systems, to post-intrusion whole-business network compromise. The latter is far more effective. Spray and pray impacts an average of 1.8 hosts per incident, while the post intrusion method impacts an average of 114.3 hosts per incident -- and businesses can afford much higher ransoms for release (River Beach City in Florida recently paid a $600,000 ransom for the release of its systems).
Although the use of SamSam has effectively stopped with the November 2018 indictment of two Iranian citizens, the methodology continues with failures cybersecurity fundamentals still primary cause compromise report
