By Rick McElroy, Head of Security Strategy for Carbon Black
Few numbers can claim more fame than Pi. Infinite and irrational, Pi represents a mathematical constant – the ratio of a circle’s circumference to its diameter. When it comes to cybersecurity, industry pros, especially the math-minded and data scientists among us, can surely relate to the concepts of infinity and irrationality, while acknowledging that, today, the only constant is change.
Change: Cybersecurity’s Constant
Take, for example, the forces of digital transformation that are causing major upheavals in traditional industries, marked by exploding data volumes paired with cloud and hybrid IT models. As a result, there’s a whole new world of possibility, but also of risk. The digital workspace ecosystem of IoT devices, endpoints, and networks continues to grow, evolve and create massive opportunity for attackers.
Infinite and Irrational Factors
Across this new attack surface, cyberthreats are as endless as Pi. So too is the vigilance required to support cybersecurity readiness, resilience and compliance with regulatory requirements. While cybersecurity market size is projected to hit $170 billion by 2022, “Security leaders exist in a universe where seemingly infinite external factors can derail the most disciplined budgets,” says a recent Forrester report on 2019 security budgets.
Further complicating the issue are factors like the irrational nature of employee behaviors that, although possibly well-intentioned, represent a damaging and difficult-to-identify attack vector. Organizations’ intuitions toward risk also tend to lean toward irrational as “evidenced by how drastically one company, or team, will approach risk from the next, even within the same competitive sector,” according to this essay, which calls for the industry to “unify and direct these efforts into a rational approach to the security problem.”
Cyber Math That Matters
In a nod to important numbers, here are five eye-opening data points derived from recent threat research reports:
160%—The increase in destructive attacks targeting surveyed financial institutions over the past year. Financial institutions are grappling with some of the most sophisticated cybercrime syndicates. Rarely conducted for financial gain, these attacks are launched to be punitive by destroying data. Cybercriminals have formed sophisticated approaches to gain access to confidential banking and financial information and organizations need to be aware of the impending threats.
$1.8 Billion—The amount of cryptocurrency-related thefts that occurred in 2018. Cryptocurrency and its use in and out of the dark web is not going away anytime soon. Attackers have discovered that mining cryptocurrency can prove to be a very profitable endeavor if they can leverage someone else's computing resources.
50%—The percentage of incident response investigations China and Russia were responsible for in 2018. Whether it’s for political manipulation or to gain an economic edge on their adversaries, nation state actors in today’s pressurized geopolitical landscape feel more emboldened and empowered than ever. Not to be outdone, North Korea made a splash toward the end of 2018. Fileless attacks against global governments in Q4 2018 included indicators of compromise reported as nation state attributable to North Korea, commonly referred to as HARDRAIN by U.S. government partners, Department of Homeland Security and the FBI.
+8.4 Billion—The number of IoT devices in the world today, ranging from consumer devices like Fitbits and smart watches to enterprise devices such as security cameras, alarm systems, and thermostats. Of late, those things, which often have no built-in ability to be patched remotely, have become the target of cyberattacks. In 2016, for instance, a Russian botnet called Mirai gained access to a veritable army of closed-circuit TV cameras, which led to a denial of service attack that left huge swaths of the internet inaccessible to many on the East Coast of the U.S.
60%—The percentage of attacks that now involve lateral movement, which is a method used by cyber attackers to move through a network, as they search for the essential data that is the eventual target of the breach. Continuing to hide in plain sight, cybercriminals are leveraging non-malware / fileless attack methods to do this, which is the biggest indicator that attackers aren’t just focused on one component of an organization, but are seeking additional targets as they infiltrate the network.
These stats spotlight attacker behaviors that capitalize on the common denominators cybersecurity shares with Pi. Whether it’s infinity, irrationality, or the constant (state of change), by raising awareness of key threats, in turn, organizations can use this knowledge to help inform their cybersecurity strategies.
