Most organizations are unaware of daily malicious activity

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

A new DomainTools survey of more than 550 security analysts, IT managers, and executives revealed that the majority of organizations are struggling to monitor and prevent cyberattacks on their network. More than one in four organizations have been breached in the past 12 months, while 23 percent aren’t sure if they have been breached or not.

daily malicious activity

When asked to grade their organization’s cybersecurity program, 43 percent gave themselves a “C”, “D”, “F”, or “non-existent”, and only 15 percent gave themselves an “A”. While there isn’t a one-size-fits-all solution to network security, the “A” grade companies have several attributes in common, including a high level of automation, a threat intelligence framework, and a robust training program for security staff.

Security teams admit they can’t detect or prevent all cyberattacks

One-third of security pros are savvy enough to detect daily attacks, but the looming majority (66 percent) are unaware of the daily onslaught of malicious activity.

While malware (76 percent) and spearphishing (56 percent) are the most common types of threat vectors, business email compromise (25 percent) and DDoS attacks (24 percent) are on the rise. Finally, nearly one-third of respondents were the recipients ransomware, which cost businesses more than $1 billion in 2016.

Success Ingredients: Automation, training, and threat intelligence

Of the 15 percent of companies that gave themselves an “A” grade, the vast majority (82 percent) boast a formalized training program for security staff, virtually all (99 percent) utilize some degree or a high level of automation within their security programs, and 78 percent use threat intelligence to follow up on forensic clues of an attack to protect the company.

These attributes compare starkly to lower-graded companies. For example, only 37 percent of the “C” companies and none of the “F” companies have a formalized training program, 63 percent of “D” companies use manual processes and are more likely to think they do not need automated processes.

What’s more, when asked if they have experienced a network breach in the past 12 months, only 15 percent of “A” companies have, compared to 27 percent of “C” companies, 38 percent of “D” companies, and 63 percent of “F” companies.

In addition to more budget (50 percent) and more staff (49 percent), 42 percent of companies that did not grade themselves an “A” said that they need more time to evaluate and install technologies in order to be successful.

daily malicious activity

Threat hunting emerges as a top tactic

The overwhelming number of ways to attack a network naturally begets the need for a variety of protections. Almost all companies use more than one cybersecurity system, including firewalls (63 percent), anti-phishing or other messaging security software (57 percent), Security Information and Event Management (SIEM) systems (52 percent), and threat intelligence platforms (42 percent).

More than one quarter (26 percent) spend 26 hours or more per week hunting threats in the network, and the vast majority (78 percent) find value in threat hunting – specifically in drilling down on forensic clues from phishing emails, such as domain name, IP address, or email address, and disclose that it leads to information that makes the organization more secure. Interestingly, “A” and “B” companies were more likely to follow up on clues and evidence compared to “D” and “F” companies.

“With devious hackers leveraging various tactics and threat vectors, it’s clear there is no one-size-fits-all approach to protecting the network,” said Tim Helming, director of product management at DomainTools. “What’s interesting about our new global survey data is to see the actual connection between hunting threats and secure networks, as the ‘A’ companies that are more likely to drill down on forensic clues were less likely to be breached compared to the other companies, pointing to some of the necessary components of a more secure network.”