There are a lot of cybersecurity trends to reflect on as we kick off the new year — the growth of ransomware and extortion, the emergence IoT-powered botnets, the evolving cybercriminal landscape — but I believe the biggest risk trend to watch in 2017 may revolve around how organizations react to dealing with those new threats as their attack surface continues to expand.
The digital presence of many companies has extended on a variety of fronts, including social media, customer engagement, marketing, payment transactions, partners, suppliers and more. That increased exposure clearly has benefits for organizations. However, it also makes it difficult for organizations to track, evaluate and take action against the constant barrage of the growing threats — many of which are at least one step removed from the direct control of internal security teams.
That theme was evident in SurfWatch Labs’ new report, Rise of IoT Botnets Showcases Cybercriminals’ Ability to Find New Avenues of Attack. Our threat intelligence analysts have observed and evaluated data connected to hundreds of incidents that emanated from outside of organizations’ walls over the past year, including:
- accidental exposure of sensitive data by third-party vendors
- shoddy cybersecurity practices causing breaches at vendors that house organizations’ data
- vulnerabilities in software libraries or other business tools being exploited to gain access to an organization
- vendor access being compromised to steal sensitive data
- credentials exposed in third-party breaches causing new data breaches due to password reuse
It’s clear that organizations are struggling with these expanding threats. Not only are organizations at risk from threats trying to break down their front door, those threats are increasingly coming through side doors, back doors, windows — any opening that provides the path of least resistance. For example, a 2016 survey of more than 600 decision makers found that an average of 89 vendors accessed a company’s network each week and that more than three-quarters of the respondents believed their company will experience a serious information breach within the next two years due to those third parties.
SurfWatch Labs’ annual cyber threat report echoed that concern, finding that the percentage of targets publicly associated with third-party cybercrime nearly doubled from the second half of 2015 to the second half of 2016.
“Cybercrime is increasingly interconnected, and issues at one organization quickly moved through the supply chain to impact connected organizations in 2016,” the report noted. “That interconnectedness is evident in the growing pool of already compromised information being leveraged by threat actors, the expanding number of compromised devices and avenues to exploit compromised data, and the way in which data breaches and discovered vulnerabilities ripple outwards – sometimes several layers deep through multiple vendors – to touch unexpecting organizations.”
That interconnectedness is pushing organizations to try to gain more context around the growing number of threats so they can better prioritize actions. As I wrote in a previous blog, organizations are spending more money than ever around cybersecurity, yet they are not necessarily becoming more secure.
Cyber threat intelligence can help to peel back that layer of uncertainty and guide those tough cybersecurity decisions by answering questions such as:
- What is the biggest cyber threat facing my organization and what steps can be taken to mitigate that risk?
- Which threats are active within my industry and impacting similar organizations?
- Have any vendors or suppliers suffered a data breach that may impact my organization in the future?
- Is any information related to my organization being sold on the dark web?
- Is my organization at risk from employee credentials exposed via third-party breaches?
- What new and old vulnerabilities are currently being exploited by threat actors?
- And other questions unique to your organization …
That context is what many decision makers say is lacking within their own organizations. Going back to that 2016 survey of key decision makers — more than half of them believed that threats around vendor access were not taken seriously and almost three quarters believed that the process of selecting a third-party vendor may overlook key risks.
A smart and thoughtful approach to cybersecurity that provides the necessary context can help to both shine a light on those new risks and filter out the excess chatter so your organization can focus on practical and relevant solutions that have an immediate impact on your cyber risk.
Cyber threat intelligence came a long way in 2016, but many organizations remain overwhelmed by the number of cyber threats and are continuing to experience data breaches. Expect the use of relevant and practical cyber threat intelligence to see continued growth in 2017 as organizations more to address their blind spots and more effectively manage their cyber risk.