Modern cyber-attacks are increasingly leveraging evasive behaviours, while collaboration between IT and security teams is seen as a top priority to help mitigate growing tensions and staff concerns.
These are among the findings from VMware Carbon Black “2020 Cybersecurity Outlook” report, which offers a holistic view at how attackers have evolved, what defenders are doing to keep pace and how security and IT teams can work together in 2020 and beyond.
Using the Mitre Att&ck framework for Section 1 on the report, it uncovers the top attack tactics, techniques, and procedures (TTPs) seen over the last year and provides specific guidance on ransomware, commodity malware, wipers, access mining and destructive attacks.
In Section II of the report, VMware Carbon Black collaborated with Forrester Consulting on a 624-person survey of IT/security managers and above – including CIOs and CISOs – to explore the current state of IT and security relationship dynamics from the C-level to the practitioner level, and how these will evolve.
Some of the key findings from the report include:
* Attacker behaviour continues to become more evasive, a clear sign that attackers are increasingly attempting to circumvent legacy security solutions. Defence evasion behaviour was seen in more than 90% of the 2 000 attack samples analysed.
* Defence evasion behaviours continue to play a key role with ransomware (95% of analysed samples). These ransomware attacks are heavily targeting organisations in energy, government and manufacturing sectors.
* Wipers (attacks that can overwrite data and clear hard drives) continue to trend upward as adversaries (including Iran) began to realize the utility of purely destructive attacks.
* IT and security teams appear to be aligned on goals (preventing breaches, efficiency, incident resolution) but 77,4% of survey respondents said IT and security currently have a negative relationship, according to our study conducted with Forrester Consulting.
* 55% of survey respondents said driving collaboration across IT and security teams should be the organization’s top priority over the next 12 months, according to the study.
* More than 50% of survey respondents said that both security and IT will share responsibility for key areas like endpoint security, security architecture and identity/access management over the next three to five years, according to the study.
“Defenders must stop thinking about how to achieve results on their own. Defenders must continue to build bridges with IT teams,” says Rick McElroy, one of the report’s authors. “The time for cooperation is now. We can no longer afford to go at this problem alone.
“We need IT teams to look toward security solutions that are built in and not bolted on. It’s time for security to become part of our organizational DNA. It’s time security becomes intrinsic to how we build, deploy and maintain technology.”