When it comes to hackers exploiting vulnerabilities in their software, organizations have two choices: They can fight the multi-headed hydra — or they can try to buy them off. And thus was born the bug bounty. Of course the situation is a bit more complicated than that, but ever since Peiter C.
Whether businesses are grappling with rapidly changing market conditions, continued pandemic disruptions, geopolitical conflicts, or shifting workplace arrangements, threat actors are looking to take advantage of the moment to undermine network integrity or compromise data privacy. In many ways, their efforts are bearing fruit. According to a recent industry survey, 66 percent of respondents indicated they experienced a ransomware attack in 2021, a 29 percent year-over-year increase.
The uptick in recent years in cyber attacks by rival state actors, primarily Russia and China but not only, as well as criminal groups, have pushed the US government to step up its effort to defend against these malicious actors. While much of the focus has been on external actors, there has also been an ongoing effort to secure government organizations from internal threat actors. Insiders present a serious risk because they have authorized access to be inside the organization.
In a recent report by the incident response giant Mandiant, which was purchased by Google in March, their researchers found that 2021 was a record year for the total number of 0-day vulnerabilities disclosed and exploited. According to their findings, their team identified some 80 0-days exploited in the wild. At the same time, Google Project Zero researchers reported the detection and disclosure of 58 0-days.
Verizon’s Data Breach Investigation Report for 2022 (DBIR) was recently released and it has some good news and it has some bad news when it comes to the risk of insider attacks. First the good news, sort of. According to the DBIR, the vast majority of breaches continue to come from external actors (80% vs 18% of insiders). Hopefully we can be a little less suspicious of Bob who sits two offices down from you. However when an insider attack happens, it can be really, really destructive.
While the stakes for private sector organizations differ drastically from governments that have to protect state secrets like hacking tools or nuclear technologies, businesses do have their own needs for Data Loss Prevention measures. Organizations can face the threat of data like their intellectual property (IP), source code, customer details, Personally Identifiable Information (PII), financial info, and many other types of information being stolen or corrupted.
Working in a Security Operations Center (SOC) is like working in an emergency room on a weekend shift at 2 AM. The steady stream of new alerts screaming for attention and combined with the lack of enough trained personnel make it a miracle that it all seems to work through on a string and a prayer. The question is though, when will the luck run out?
