Reversing the Adversarial Advantage: How the Offensive Mindset May Be the Best Cyber Defence

Cybercrime will be part of the new normal. Over the past couple of years, cyber attacks have become much more common, with a staggering 76% of small to medium-sized businesses (SMBs) in the region, in particular, getting attacked multiple times. Even in Singapore, Southeast Asia’s undisputed tech hub, half of the country’s SMBs were hit by cybercrime in 2020, underscoring yet again why cybersecurity is one of the great challenges today.

Then again, the cybersecurity problem has been around for quite a while now, and it is only getting worse. A case in point is ransomware, which has gained unprecedented notoriety as somewhat of a “favourite” among today’s cybercriminals.

Ransomware: Popular, Potent, Profitable

“Ransomware has been around for a very long time. It’s nothing new but it certainly has evolved,” notes Eric Nagel, APAC General Manager at Cybereason, in an exclusive virtual interview with Cybersecurity Asean. “Ransomware attacks are here to stay, and it has become the go-to method to create what we call ‘digital compromise’. It is a problem that is continuing to get bigger. It is prevalent, it is multi-stage and it has consequences.”


According to Nagel, the wide availability of ransomware kits is among the main reasons why cyber adversaries seem to prefer ransomware. With exploit packs easily accessible, the barrier to entry is significantly lowered as malicious actors can just buy these kits on the dark web and deploy them just as easily. Lowering the barrier even further is the rise of Ransomware-as-a-Service, which “enables even low-level criminals to start their activities.”


The fact that ransomware is multi-stage only exacerbates matters, as it can spawn “variants” that can hide in virtual machines and even elude traditional cybersecurity defence techniques most companies are employing nowadays. Newer technologies, Nagel explains, are certainly available and more effective in dealing with ransomware but they require tremendous computing power that can “negatively affect performance and user experience within the company.” This significantly lowers the adoption of tools that can better deal with ransomware, and this likely explains why so many organisations globally keep getting victimised.


When businesses do get hit with ransomware, the costs are exponentially high. According to the Cybereason report “Ransomware: The True Cost to Business,” 66% of organisations reported a considerable loss in revenue following a ransomware attack, while 26% closed shop because of an attack. Tellingly, quite a few organisations are actually paying up, with 35% of those surveyed by Cybereason paying a ransom between USD $350,000 and $1.4 million and 7% paying a ransom exceeding USD $1.4 million.

As Nagel points out: “It’s really good business for the cybercriminals. Companies have not adopted the latest technologies to help with this and they’re paying. The fact that companies are paying and are not implementing the technologies to solve this issue, they get hit a second time and sometimes a third time. From a criminal’s point of view, this model is working, so why stop?”

Taking Away the Adversarial Advantage

Malicious actors have what Nagel calls “adversarial advantage,” where cybercriminals have the right tools to attack and are on the offensive and dictating the terms of engagement. Organisations, on the other hand, are on their heels—on defence and mostly reacting to an attack.

Taking away this adversarial advantage then is the key not only in remediating the ransomware problem but also in preventing all other kinds of cyber attacks. A step in the right direction would be to shift the cybersecurity approach from defence to offence, which is something Cybereason can do given its roots.

“We as a company come from the offensive side of cyber,” Nagel points out “Our founders [Lior Div, Yossi Naar, Yonatan Striem-Amit] when they were working for nation-states, they had a hundred per cent success rate in penetrating any target. That’s the cyber landscape today where adversaries have that [offensive] advantage, and that’s exactly what companies like Cybereason want to reverse. In order to win, we need to empower the defenders so they can reverse the adversarial advantage.”

Leveraging various technologies is critical in reversing this adversarial advantage, and among these are automation, Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), for which Cybereason received Contender recognition from Forrester New Wave: Extended Detection and Response (XDR) Providers Q4 2021.

These technologies come in handy given the ever-expanding attack surface and the ever-growing amounts of data that makes it easier for malicious actors to hide behind what Nagel refers to as “data noise,” where cybercriminals “create noise in one place of the network while attacking another part.” 

“In order to solve this problem, it’s really a game of time, a game of knowledge and a game of data on the defender side,” Nagel explains. “It’s not only about detecting the attack but it’s also about reducing the time it takes to detect and contextualize the analysis in the network. And that gives defenders the ability to respond.”

Nagel emphasises, in particular, the importance of data in cybersecurity, noting how “the one who controls the data controls the battlefield.”

Controlling the data, in this case, is possible only with the use of “a highly automated and natively integrated platform that collects all of this data and processes it.” Cybereason’s massive data processing engine, which can process 1.4 petabytes of data daily, accomplishes precisely that, enabling end-users to collect, process and analyse data in real-time—incidentally, the pillars to beating cyber attackers.   

The Human Capital

Given the primordial role of modern technologies, it comes as no surprise that the human element of cybersecurity is often being overlooked. And there is a major problem here as well: a 3–4 million gap in cyber practitioners that, according to Nagel, is only getting worse.

“It [human capital] is really important, but it often gets lost because vendors love to talk about tech,” Nagel points out. “But humans are the brains behind the machinery, the Artificial Intelligence and machine-learning, because that machine needs to learn.”

Cybereason’s Nocturnus Research Team, composed of the world’s foremost cyber practitioners coming from the offensive side of cyber, has this aspect of cybersecurity covered. This team, according to Nagel, researches a lot of the threat actors and threats that are out there, and even reverse-engineers most of them to provide machines with the input they need to “learn” all about these threats.    

But between the aforesaid talent gap and companies being unwilling to invest in it, many organisations worldwide are lacking the requisite human capital to fully leverage whatever tech they may have deployed already. Cybereason, with its three security operating centres worldwide, has this covered as well by sending out “instant responders” to remediate an ongoing attack using Cybereason’s proprietary cybersecurity technologies, including DFIR (or Digital Forensics and Incidence Response).  

Plan Ahead

Organisations, though, cannot afford to get complacent when it comes to security. As Nagel notes, “There’s no point doing this [protecting the company’s network] when the house is already on fire.”  

So, to keep the house from burning (or getting attacked) to begin with, Nagel enjoins CISOs and company executives to plan ahead and be proactive about cybersecurity. The first building block, in this case, says Nagel, is to observe “hygiene best practices,” which include making data backups, providing employee security training and doing patch management consistently.

The second building block to cybersecurity is to deploy multilayer prevention capabilities, like antivirus and anti-malware to “create a wall that keeps the bad guys out.” But, as Nagel points out, the bad guys will almost always breach through that wall, which leads to the third building block to a robust security architecture: leverage next-generation tools, such as Cybereason’s EDR and XDR.

But, again, technology is no panacea. Organisations will need to invest in human capital as well if they want the best protection possible. 

You might also like
Most comment
share us your thought

0 Comment Log in or register to post comments