An insight into some of the Cyber Security Industry's key facts and figures
In a recent KPMG survey of 500 CEOs, 18% said that cybersecurity risk would be the biggest threat to their organization’s growth through 2024, while the annual Risk Barometer survey from Allianz which details the opinions of over 2,650 C-suite executives and experts across 89 countries, puts Cyber incidents at the top with 44% of respondents agreeing it was their primary concern.
Further to this, Chuck Robbins, Cisco's CEO, announced in his keynote at the RSA conference recently that if the Cyber Security Industry was measured as a country, then cybercrime — which was predicted to exceed $6 trillion USD globally last year — would be the world’s third-largest economy behind the U.S. and China.
And if this wasn’t enough to keep CISOs and CIOs wide eyed and awake at 2.13am on a Wednesday, then this might:
On average, a typical threat actor resides inside your environment for 100 days before pulling the trigger and launching their attack. And to further exacerbate the problem, 69% of all cyber security incidents are reported by an external third party and not the organisation under attack.
While at the same time, the total average cost of a threat increased by 31%: from USD $8.76M in 2017 to USD $11.45 million in 2021.
And yet with all this awareness of the problem, the skills shortage mean that cyber security jobs are left unfilled each year with vacancies growing by 350% between 2013 and 2021.
So how do we remain vigilant and proactive in the face of all this turmoil?
Threat hunting.
As more and more organisations move towards cloud native, multi-cloud and hybrid-cloud deployments, the complexity of digital estates is rising. Remaining proactive and vigilant is a constant challenge.
However security leaders who want reduce the risk that cyber incidents present, don’t need to know everything about cybersecurity (and honestly, with the rate of change today, its nigh on impossible to keep pace). Ensuring that CIOs and CISOs have effective strategies in place that dictate a healthy balance of the right talent, technology and information is imperative to winning the war.
Analyst research shows that threat actors operate for an average of 101 days inside and organisations environment before being detected. By utilizing threat intelligence, organisations can identify breaches and pre-attacks much earlier and take action to remediate the risk.
On December 23rd last year, we setup a honeypot subscription in Azure to test the waters. What we uncovered was a little confronting. Two development internet facing virtual machines were deployed without any hardening or protection other than locking down the ports, excluding RDP (port 3389), which is a common tactic employed by administrators to access the machines remotely.
Within hours, we were under attack. Yes, hours.
Microsoft Defender for cloud and 365.
The image below shows our Microsoft Defender for cloud deployment against the honeypot subscription. You will notice the first attack was launched on December 24th. Merry Christmas to us.
Microsoft have put an enormous amount of research and development and cold hard cash, into becoming the worlds largest security vendor. The critical benefit we can all take advantage of, is that Azure has been built form the ground up with Security at the forefront. No longer do we need to rely solely on bolt-on cyber security tooling.
The information available at the click of a mouse from within Defender is nothing short of compelling.
Microsoft utilise the Mitre Att&ck framework to help identify threats and build attack campaign profiles. They then pass this information on to cloud consumers, to educate us all on the threat complexity and challenges we face, supported by built in automated remediation options at the click of a mouse. In under 15 minutes you can have Defender for cloud deployed, monitoring and providing threat intelligence and advice to instantly improve your security posture.
Note in the Mitre Att&ck column from the below image, these attempts to brute force our honeypot machines are defined as the "pre-attack" stage. When we drill into the Mitre policy that is matched to the attack, we gain further understanding of the entire kill chain, including the attacks intent, the length of the campaign and how the threat actor intends to exfiltrate data from our network. This highly useful information provides at a glance data on how we can secure against the very real and present danger of cyber security incidents and links to further detailed reading on the security bulletins from Mitre.
Mitre Att&ck - kill chain
Additionally, Microsoft Defender for Office 365 provides further protection for Email, files and cloud apps with a huge array of detailed information to assist with detection, prevention, mitigation and education against threats. Defender for cloud is licenced on a per device/node model and you have complete control over what subscriptions you apply it to. If you’ve followed the Cloud Adoption Framework controls for subscription management, this will provide you very granular control. Defender for 365 are available under an E3, E5 licence - which covers most of corporate Australia and means its available to you right now!
Defender for 365 provides at a glance information that helps identify the risk profile and the potential actions we can take to swiftly remediate and prevent future attacks, improving our overall security posture and baselining our posture against similar organisations…..As you can see in this tenant, we've got some work to do.
These are just some of the tools, services and information available to CISOs and CIOs right now, that can help in the fight against cyber-crime. A better understanding of your security posture and the threats you face, is but a few clicks away.
To work with our team to improve your security posture and get you up and running with Defender for Cloud and 365 in under 15 minutes, register for your free 30 day security assessment.