Your Cyber Risk Doubled in 2018

Delano Collins
15 Jan 2019

In a recent SANS Survey of IT Professionals who voiced concerns about endpoint security, several alarming patterns emerged, all pointing to continued escalation of risk to organizations of every size.

Conceptual digital image of lock on circuit background

Devices Everywhere

Organizations are increasingly deploying a greater number and wider variety of connected devices.  This list includes:  desktop computers, employer-owned laptops, network devices and servers, mobile devices, even cloud-based systems, Internet of Things (IoT) devices, mobile and network devices, and wearables.

The variety of connected devices is challenging the “standard remediation model.”  In addition, the BYOD or Bring Your Own Device policy, which allows employees to connect their personal devices to corporate networks adds a greater level of uncertainty and lack of control for IT teams.  Leveraging tools such as ‘automatic updates,’   Windows Server Update Services, and even many patching services fails to address the range of devices and the complexity of a hyper-connected environment.

As the number of devices has grown, knowledge about who is using what systems has diminished.  According to this survey, only 34% of respondents could consistently connect users to systems.  This is a key finding since not knowing who is using your systems and when, adds another significant level of complexity to identifying anomalous behavior. 

Detection Methods

Of the infections identified in 2018, 47% were caught by antivirus. Yet detection technologies that look at user and system behavior or provide context awareness were much less involved in detecting breaches. "Only 23% of respondents' compromises were detected through attach behavior modeling and only 11% of compromises with behavior analytics. Because user and machine behaviors are the cause of most endpoint breaches, these technologies are critical for endpoint detection and response."¹

Even more concerning is that 84% of endpoint breaches included more than the endpoints. While the majority of attacks started on the endpoints, the breach then spread to the servers.

The inability for most organizations to detect breaches is complicated by many factors: the number and variety of devices, the legacy solutions and processes used to remediate vulnerabilities, the limited skill sets of IT staffs in general, the lack of information about the user of the network resources and the resulting inability to understand normal versus anomalous behavior. Given these compounding issues, it is not surprising that the number of "those who didn't know whether they'd been breached" doubled, rising from 10% to 20%.

Takeaway

Successful cyber risk management starts with understanding your weaknesses, and offering full coverage of your assets.  Leveraging a team that is certified, experienced and trained on the solutions being deployed and is always monitoring your network is critical to achieving optimal results (effective risk mitigation).

Since most organization operate with a limited IT budget, effective risk mitigation is simply out of reach.  They lack the resources to pay for effective tools, training for those tools, training for effective response and enticing salaries and benefits to attract and retain qualified talent.  Given these challenges, it is no surprise that the number of organizations unable to recognize an active breach has doubled in the past year.

Fiscally prudent organizations have realized that outsourcing security services to a qualified provider is the most financially efficient way to achieve effective cyber risk mitigation.  If you would like to discuss your risk and how to optimize your results, please contact us to schedule a meeting with one of our advisors.

 


¹"Endpoint Protection and Response: A SANS Survey," June 2018


Next Up

Supply chain attacks are on the rise and putting many companies at risk. Microsoft and F-Secure Service Technology have provided statistics that show these types of attacks are on the rise and are causing billions of dollars in losses to global...

Read the Article
Delano Collins
20 March 2019

        Account takeover has skyrocketed in the past year, partially because phishing emails continue to evolve and many organizations simply lack the tools to monitor unusual account behavior with cloud services.  Below is a list of signs your...

Read the Article

Get Your No-Obligation Consultation Today

CONTACT US