The frequency of cyber attacks is on the rise—again. But the sheer regularity of these incidents is not the only cause for alarm. The growing sophistication of cyber threats should rightfully worry organisations of all shapes and sizes anywhere in the world as well, as should the ease by which cybercriminals can penetrate any and all network perimeters.
A recent report by Cybereason, “RansomOps: Inside Complex Ransomware Operations and the Ransomware Economy,” highlights how big of a problem cyber attacks have become, with ransomware among the most worrisome of them all. But ransomware is just one thing that is sure to keep an organisation’s IT teams and CISOs on their heels. There are actually five according to Angel Redoble, FVP and Group Chief Information Security Officer at PLDT and Smart Communications, and they can all potentially cripple an organisation. These are:
Distributed Denial of Service attack (DDoS).
Web application layer attack, which can compromise the organisation’s database.
Ransomware on the infrastructure side.
Ransomware on the user side.
Successful data breach.
Add to those five the elaborate cyber espionage campaigns now being run by either state actors or politically motivated groups acting on behalf of malevolent factions. And given how the Lapsus$ group successfully hacked major tech companies, like Microsoft and NVIDIA, with seeming ease, it is safe to say that no organisation is safe—not now, not moving forward.
That is unless organisations can reverse the adversarial advantage, where cybercriminals are seemingly always a step ahead with all the right tools to attack, however, whoever and whenever they want.
Moving Forward With Defend Forward
It will take a leap forward in technology and approach to at least level with threat actors. It will take an even greater leap forward if organisations are to take the upper hand away from cybercriminals. That is what Defend Forward by Cybereason has set out to do: To reverse the adversarial advantage and give the good guys a better chance to beat the bad guys.
“Defend Forward is a cyber strategy to proactively stop malicious cyber activity before it reaches its target… This is a concept that came out from the U.S. Department of Defense, and we are embracing it in Cybereason,” explained Eric Nagel, General Manager, APAC, at Cybereason. “One of the first things we did this year as part of this push for Defend Forward is to collaborate with leading CISOs in every country in numerous different verticals. If we can connect the dots, then we’ll be more effective at stopping what’s going on.”
This Defend Forward cyber strategy leverages five aspects to reverse the adversarial advantage. These are intelligence, resiliency, collaboration, capability and analytics. Intelligence means collecting intelligence on the tactics, techniques and procedures that advanced groups are using. Resiliency, on the other hand, is “strengthening the security systems and networks to make them harder and more expensive for these adversaries to reach their objectives [to deter them from even trying].”
The third aspect, collaboration, means working with law enforcement across industry verticals and combining the public and private sectors to bolster this more informed defence, while capability refers to “scalable, adaptive, lawful and diverse capabilities for countering adversaries.” The last aspect is analytics, and organisations, according to Nagel, “need enterprise cybersecurity solutions to operate at machine speed, combined with large-scale data analytics, to identify malicious activity as early as possible.”
A Collaboration of Cybersecurity Experts
Collaboration is a crucial aspect of Defend Forward, and that is exactly what the Cyber Defenders Council is all about. The council, formed by Cybereason, is an independent group of preeminent global cybersecurity leaders focused on enhancing cyber deterrence, particularly with the help of Defend Forward. This collaboration aims to provide private sector enterprises concrete guidance in cybersecurity, and it is something that the community needs according to Redoble.
“[The Council] is something that the community needs. For the longest time, we have been working in silos. While our enemies are banding together, getting stronger and better, we the good guys are doing things on our own," Redoble said. "We have reached the part where we not only collaborate but work together on a tactical and operational perspective.”
This meeting of the minds is, indeed, long overdue, and it may very well be the impetus that will take the upper hand away from malicious actors. And, in a roundabout way, the success of the council and the Defend Forward strategy is promoting circles back to a most understated aspect of cybersecurity: The human capital.
Humans: The Engine That Powers Cybersecurity
Much of the conversation on cybersecurity revolves around the fancy technologies purposely built to deter cyberattacks. These technologies include, among other things, threat Intelligence, endpoint detection and response and managed detection and response, and each helps immensely in the never-ending fight against cyber adversaries.
But for all the good these technologies can do, it would be imprudent and unfair not to give credit to cybersecurity professionals—the people doing the behind-the-scenes work to fend off malicious actors.
“You can have all the technologies in the world but the human capital element is still a fundamental aspect. So, the need to constantly bring in new talent to the industry is crucial for the [cybersecurity] industry to thrive,” Nagel emphasised. “But technology can make the lives of those in the industry more effective and more efficient.”
And cybersecurity professionals need all the help they can get as the industry can be ultra-demanding. Besides, contrary to how the media depicts it, cybersecurity is actually an unglamorous job. Yet it is laborious and time-consuming, and it demands a steely resolve, unyielding work ethic, truckloads of dedication and a healthy dose of paranoia (if there is nothing going on, something is probably brewing).
“The job requires a lot of dedication and sacrifice. It goes beyond a love for the organisation and the job,” noted Redoble, who also pointed out that there is no shortage of people who want to be in cybersecurity because it is a “sexy” industry. But Redoble is also the first to admit that only a few actually get in.
“Cybersecurity is biblical: ‘Many are called but few are chosen,’” explained Redoble. “When they find out what really happens in the operations, they start thinking about their holidays, their weekends, and their free time. Very few individuals are willing to make that sacrifice. Those who commit are the people you really need to win the fight.”
Redoble of PLDT and Nagel of Cybereason are among the chosen few. And they are fighting the good fight together with other cybersecurity professionals around the world and the rest of the Cyber Defenders Council. Redoble, Nagel and company could sure use the help of a few more “Chosen Ones”; but, between advancing technologies and initiatives like Defend Forward, it seems they have just enough—at least for now.
Another leap forward wouldn’t hurt, though, given how fast the bad guys are getting better.