Staying on top of cyber threats: The need for visibility in your digital terrain

Perceptions towards cybersecurity have evolved exponentially in recent years. What was once an after-thought for businesses and cybersecurity teams has now been elevated to a mission-critical investment that is increasingly being overseen by C-Suite decision makers.

This trend is catalysed by a confluence of digitalising economies, the growing sophistication of attacks, and expanding attack surfaces accelerated by enterprise adoption of IoT tech. It is no longer sufficient to rely on strategies that solely focus on boundary protection. An always-on, automated approach to cybersecurity that empowers security teams with visibility and control over all connected devices in a firm’s network, is vital to enhance risk posture.

The evolution of cyber threats

Today, Asia Pacific (APAC) is a prime target for cyberattacks, likely due to the region’s leading pace of digitalisation that makes it attractive to cybercriminals. Indeed, according to the 2021 EY Global Information Security Survey, 57% of APAC businesses surveyed were unsure if their cybersecurity defences were strong enough to mitigate present-day cyber threats.

The challenge is compounded by the proliferation of IoT devices which expands a network’s potential attack surface. IDC forecasts IoT spending in APAC alone to reach $436 billion in 2026, with ANZ representing $24bn over the same timeframe. Cybercriminals are well aware of this trend and also the vulnerabilities associated with IoT devices that can be exploited.

Ransomware continues to persist in a renewed form

Forescout’s research team, Vedere Labs, conducted an analysis of the cyber threat landscape and identified several megatrends that are likely to impact APAC’s businesses in the near term. One of these trends includes ransomware, which is currently being spotlighted by high profile attacks on firms such as Colonial Pipeline, Singtel, and recently, Medibank and Optus.

With this in mind, ransomware threats are evolving in complexity as cybercriminals continue to improve and change their techniques. Vedere Labs’ research highlights that two of the largest threats over recent years are converging, namely Ransomware and IoT attacks.

This has resulted in attacks moving beyond IT workstations and servers, with threat actors looking for vulnerabilities in connected IoT devices to exploit for initial access into a firm’s network. Additional studies conducted by Vedere Labs have identified IP cameras, VoIP, and video conferencing systems as IoT devices that pose the highest levels of risks for companies, usually compromised as a result of weak credentials or unpatched vulnerabilities.

From an industry perspective, financial organisations that Forescout spoke to also confirmed that their IP cameras posed outsized cyber risks according to internal assessments.

New extortion techniques emerge

This proliferation of IoT devices expands a network’s potential attack surface, opening new doors for cybercriminals. Major ransomware threat actors are testing new extortion techniques alongside the tried-and-tested data exfiltration and encryption. An alarming trend involves the multiple extortion methods utilised by ransomware groups like DeadBolt and ALPHV, where data is exfiltrated in addition to being encrypted to maximise their impact.

And where as double extortion became mainstream in 2021, we are now observing ransomware groups also targeting internet-exposed Network Attached Storage (NAS) devices in 2022 to obtain master keys that provide them with leverage to set a much higher ransom, with malware being created or adapted specifically for these environments.

Moving ahead, we are expecting more device types to become ransomware targets, either for initial access or impact, as a result of this going proliferation of Internet-of-Things (IoT) devices, convergence of IT and OT networks, and the exploitation of insecure-by-design vulnerabilities. For example, VoIP appliances have become some of the most scanned devices on the internet, indicating that they could become a target of ransomware groups.

Specifically, VOIP applications were reported to contain zero-day remote code execution vulnerabilities that were exploited by the operators behind the Lorenz ransomware.

Recipe for disaster if not addressed properly

IT and cybersecurity teams in Australia have had their workloads and challenges increase in parallel to the ongoing digitisation of their firms. In addition to the aforementioned threats, the increasing convergence of IT and OT networks also presents significant risks for firms.

Via compromised Internet-of-Things (IoT) devices, attackers can pivot into other connected IT or OT devices, which may impact physical systems. This is particularly dangerous for the healthcare sector due to the widespread adoption of Internet-of-Medical-Things (IoMT) and the potentially severe implications on healthcare delivery and patient safety.

However, this isn’t the only pressure IT and cybersecurity teams face. Border closures as a result of COVID have affected the flow of talent, contributing to a large tech skills shortage in Australia and the rest of APAC, which the governments are taking action to address.

Cybercriminals understand that many firms are lacking manpower, and are therefore looking to exploit already stretched security teams. For underprepared businesses, it is becoming likely that they could wake up to a cyberattack that has serious consequences for the firm.

Optimise visibility and response speed with automation

Cyberattacks has created an environment where firms can ill afford to take their foot off the pedal, especially with expanding networks due to IoT and remote working. Visibility and asset management are a foundation for network security as you can’t protect what you can’t see.

To remain on the right side of cyber threats, hygiene practices like asset inventory, patching, credential management, and network segmentation must encompass the entirety of a firm’s digital terrain, providing teams with visibility of all connected devices on their networks.

To improve their cybersecurity posture, firms should adopt network visibility solutions capable of asset discovery, assessment, and management. Any solution implemented should also be able to detect new devices connecting to the network, scan them for vulnerabilities, and execute actions to eliminate the threat, reducing visibility gaps that could put the firm at risk.

The increasing sophistication and always-on nature of digital threats mean that cybersecurity and IT teams, likely to also be contending with manpower constraints, do not have the resources to scan, identify, and extinguish threats daily. These are challenges that may be addressed through an automated approach to cybersecurity, which deliver these benefits:

Device Context

    • Automation enables firms to collect and maintain up-to-date information about cyber assets as soon as they join or leave the network, providing them with information such as what the device is, where it is connected to, and where the connection originates.
    • This empowers security teams with the necessary context to differentiate between a Windows 7 PC that is operating a pill dispensing cart, and an unknown Windows device trying to access patient records, allowing the appropriate follow-up actions to be taken.

Orchestrated Workflows

    • The ability to automate workflows allows security teams to enforce policies and trigger responses based on a set of pre-defined rules. One example includes the automatic segmentation of vulnerable devices, mitigating the blast radius of non-compliant assets. Cyberattacks are automated, so responding to incidents at machine speed is critical.

Prioritised Responses

    • Multifactor risk scoring and advanced threat detection can prioritise alerts to security teams according to the risks they pose to the organisation, allowing them to focus on the threats that matter the most. From executing a script, fixing a missing agent, or triggering a patch, the speed and accuracy with which these actions can be executed to proactively remediate identified security gaps is key to staying ahead of threats.

Data-Backed Insights and Analysis

    • The key to effective automation is to leverage in-depth data sourced from your networks so firms can ensure information is accurate and aligned with how things work.
    • The data from connected assets can provide security teams insights that are necessary, not just to address real-time security incidences, but also to support compliance and audit requirements, facilitate incident investigations, and update algorithms to better identify risks and prioritise preventative measures moving ahead.

Firms may be slow to implement automation as they may be concerned about disruptions to operations, resulting in potential setbacks in a mission-critical process. However, those that invest the time to set up automation capabilities will become more efficient in the long run.

Building towards long term success

The digital terrain will continue to evolve. For organisations, this means a constant need for cybersecurity innovation and improvement to defend against new cyber threats that appear.

While current economic uncertainties and talent constraints may introduce challenges to effective cybersecurity, implementing the right solutions can ease internal pressures and improve a firm’s security posture. As the number of connected devices grow and expand attack surfaces, it is important that businesses never remain stagnant in their defences.

Visibility and monitoring solutions can provide rich information into the breadth of a network, helping firms eliminate cybersecurity blind spots. Fully integrated platforms enable firms to employ multiple capabilities, moving into automated action for speed and accuracy. Firms can not only proactively remediate cyber threats but also address the cybersecurity skills shortage by allowing the human workforce to focus on higher-skilled tasks, a win-win for all.

Kevin O’Leary is the Chief Product Officer at Forescout.