By Mafi Caringal, Security Delivery Lead, Accenture Advanced Technology Centers in the Philippines
The unprecedented global health crisis has tested the security strategies and practices of companies like never before. The shift to remote work has challenged enterprise security monitoring in numerous ways from the platforms used for communication to the devices and networks that transmit data. The financial pressures brought about by economic and business disruptions have also impacted security operations. Companies that understand these challenges can pivot their security approach and help their organizations emerge stronger from these challenges.
Accenture’s cyber threat intelligence and incident response teams have investigated numerous cases of suspected cyber espionage and financially motivated targeting. These investigations have revealed the tactics, techniques, and procedures (TTPs) employed by some of the most sophisticated cyber adversaries. This year, Accenture Cyber Threat Intelligence, backed by teams from recent acquisitions such as Context and Deja vu Security, aims to offer information that can help organizations stay ahead of these threats. The 2020 Cyber Threatscape Report reveals the changes in the last 12 months and lists five trends that are influencing the landscape amid the pandemic.
1. COVID-19 accelerates the need for adaptive security.
There is no quick fix to the issues presented by the global pandemic. COVID-19 led to social engineering opportunities and pressured organizations struggling with business continuity, travel restrictions, and remote working. As data continues to be seen as a high value, sought after commodity, business leaders should consider embracing adaptive security — putting the right controls and monitoring in place to help create a safe and secure working environment.
2. New, sophisticated TTPS target business continuity.
Sophisticated threat actors have been observed targeting platforms such as Microsoft Exchange and Outlook Web Access (OWA) to conduct malicious activities. Web-facing, data-intense systems, and services that typically communicate externally can make it easier for adversaries to hide their traffic in the background noise, while authentication services could open up a credential harvesting opportunity for cybercriminals. Capabilities and detection evasion approaches underline the importance of identifying and tracking priority adversaries and then threat hunting against the specific behaviors employed by them.
3. Masked or noisy cyber attacks complicate detection.
Cyberthreat actors routinely chain together off-the-shelf tools with living-off-the-land techniques, complicating detection and attribution. Recognized threat groups have targeted government and corporations, leading to the theft of information. These activities have occurred in Europe, North America, and Latin America, and there has been significant activity directed toward emerging economies and India. Organizations should ensure they understand the commonly used tools and techniques, especially those involving the malicious users of native systems and penetration test tools, and validate they can be detected in their environment.
4. Ransomware feeds profitable, scalable business.
In addition to finding new ways to infect businesses with ransomware, threat actors are finding new ways to influence victims to pay. In November 2019, a strain of ransomware known as Maze infected a large security staffing company and publicly released 700MB of data when the ransom was not paid. This “name and shame” approach adds pressure on victims to pay up, even though law enforcement and the cybersecurity industry have always advised against paying ransoms. Accenture expects threat actors employing these tactics to proliferate for the remainder of 2020 and beyond.
5. Connectedness has consequences.
Powerful technologies and the Internet enable greater connectivity and expose critical systems that attackers are findings new ways to exploit. Increasingly, businesses are using unpatched and untested devices, which pose a much more realistic and accessible target. But many of the common classes of vulnerabilities affecting IoT devices have been at least partially solved. Now, the challenge is applying this knowledge wherever applicable. Going forward, security leaders should share this knowledge and develop standardized systems that are simple, easy to integrate and bear close scrutiny.
To address these trends, the report offers five steps that organizations can put in place and these include: 1) Securing all users, devices, and network traffic consistently with the same degree of effectiveness, regardless of where they are based; 2) Being transparent in giving users access to what they need when they need it; 3) Employing adaptive security that creates confidence such as using the cloud or expand access to more remote users; 4) Simplifying managed services and automate where it makes sense; 5) Engaging with business leaders to plan, prepare and practice for greater cybersecurity resilience, backed by the right resources and investments.
As companies navigate challenges brought about by accelerated digital transformation, opportunistic phishing campaigns, discontinuity of information security operations, and financial constraints, it is critical for organizations to put necessary measures in place to gain greater cyber resilience for a more flexible and secure future post-pandemic.