The reality of the cyber threats posed today is that many threat actors are not rogue operators acting on their own but are, instead, working as part of sophisticated and organised groups, collaborating with other groups within a wider ecosystem of specialists.
These groups build significant financial resources over time, derived from the proceeds of commercially-driven attacks, or gathered as payment from states sponsoring or directly commissioning their activities.
This is according to Yaroslav Rosomakho, field chief technology officer of Netskope, who explains: “Threat actors use these resources to improve their subsequent attacks, paying for infrastructure or even bribing their targets’ employees to help gain initial entry.
“Knowing how these attack groups work is not only interesting but it also provides invaluable intelligence that can help organisations strengthen their security posture. Knowing what motivates the attackers, how they think and work, and what they are ultimately looking to achieve provides an advantage in front-line defence, strategy planning, and – when the worst happens – incident handling.”
Stefan van de Giessen, country manager: SA & SADC at Exclusive Networks Africa, adds: “Netskope takes a data-centric approach to cloud security, protecting data and users everywhere. Our partnership allows us to jointly bring a leader in the SASE space to the local market. SASE is a network architecture that combines software-defined wide area networking (SD-WAN) with edge security (SSE) into a set of services delivered via the cloud.
“As advocated by Netskope, a best practice approach for those responsible for an organisation’s security strategy is to look at what is known about the attackers’ preferred operating methods and strategies, and proactively apply methodologies that will counteract these strategies, in order to strengthen the security posture appropriately.”
In this regard, Rosomakho clarifies the following points:
* Cybercriminals work collaboratively, which enables them to become specialists: He notes: “Aside from the importance of threat intelligence to keep abreast of trends and live threats, we can learn that collaboration is powerful. If security teams network and information share – and are prepared to work with the competition in the best interests of everyone – then we too can be nimble, well informed, and prepared.” He advises that this same collaboration must also be applied within the organisation: “Too often security tools are disconnected from one another and fail to provide the security team with the holistic view necessary to detect a multi-vectored attack kill chain. In order to disrupt highly organised attacks, security teams need to ensure their security tools are tightly integrated and can share relevant intelligence, such as indicators of compromise, in real-time.”
* Malicious actors use cloud infrastructure for their attacks: Rosomakho explains: “Cloud infrastructure is inherently agile; attackers can spin up their infrastructure quickly and inexpensively – then dismantle and start again if their operation is compromised. They are also drawn to the fact that – by using the very same cloud services as the organisations they are targeting – they can disguise themselves to older security technologies. Embrace cloud security both for its scalability and cost advantage, and because that way your security is much better placed to spot an attack. Apply a Zero Trust approach not only to network access, but also to cloud security and data protection.”
* Threat actors innovate: “Bad actors are always changing their approach and business model,” notes Rosomakho. “In the face of this innovation, we cannot stand still in defence. Keep up to date on trends in attack methodology, and try to think ahead and identify the opportunity before your attacker does so you can cut it off. In addition, replace your aging on-premise security appliances (with their lengthy update and upgrade cycles) with modern cloud security services that constantly evolve attack detection and mitigation techniques using modern technologies, such as ML-driven AI.”
* Attackers are well funded: Cyber-attacks are big business, says Rosomakho, and spending money on security can reap significant gains in other cost centres: “Make a case for your security budget by demonstrating to your organisation the cost of scrimping on security.”
* Most attackers are opportunistic: “The learning here is: don’t be the easy hit,” he says. “Keep your windows and doors shut and in all probability, the attackers will find an easier target to go after. The vast majority are not after your organisation but after your money.”
“A simple place to start is by applying good security hygiene to avoid being the easiest target,” advises Van de Giessen. “In addition, C-suite executives today must realise that the stock image of the ‘hooded attacker working alone in a secluded environment’ does not truly reflect today’s primary threat environment.
“The new overlords of organised crime today operate globally and without physical borders, with attackers working in collaboration to strengthen individual offerings. Therefore, learning from your attackers’ methodologies and operations is essential to strengthen your organisation’s own security posture to maximum effect,” he concludes.