This year is proving a challenging one for cybersecurity professionals. The fallout from the COVID-19 pandemic is still having an impact on businesses as they migrate to a more distributed and mobile workforce, a cost of living crisis in the UK fueled by inflation, the Russia-Ukraine conflict is giving rise to a new wave of organized cybercrime and state-sponsored attacks, and economic uncertainty in major nations is stretching budgets and increasing risk across the board. Corporations and government infrastructure are being heavily targeted, but all organizations – large or small – are getting caught in the crossfire.
In collaboration with the CyberRisk Alliance (CRA), Infoblox has published its 2023 Global State of Cybersecurity report. The report revealed that more than 56% of organizations in the UK had suffered one more data breach in the past 12 months. One UK-based respondent in the report commented that “Global conflicts between different countries, especially the Ukrainian war, have greatly increased the likelihood of cyberattacks, and have made our organization more vulnerable”.
Part of that vulnerability is the result of businesses adopting hybrid and multi-cloud environments to stay competitive, creating additional networking complexity while expanding their attack surface area. According to the report, nearly half (46%) of UK organizations have accelerated their digital transformation and leveraged cloud computing to support remote workers and remote customer engagement. Many have moved their application to third-party cloud providers or added new resources to networks and databases, and more than a quarter of organizations surveyed have closed their physical offices.
The pace of digital change has been so fast, catalysed by the pandemic and the pressure to meet staff and customer expectations, that there’s a real risk security teams and security strategies more generally will be left behind, finding themselves in need of better performance and protection. Around 50% of UK businesses are concerned about data leakage and ransomware attacks, with a third expressing concern about the security of their remote worker endpoints.
Head of Western European channels, Infoblox.
The growing cyber threat
Rough economic waters, hybrid working, and geopolitical tensions are creating an ideal environment for threat actors. Organizations around the world are also contending with tech labor shortages and financial pressures driven by inflation, forcing security teams to handle more incidents with fewer resources.
As the CRA report reveals, phishing was the most common attack method used against organizations that were breached in the UK, accounting for two-thirds of all breaches. Ransomware and advanced persistent threats (APTs) followed closely behind. Gone are the days of amateurish, easily detectable phishing attacks. In 2023, we’re seeing phishing scams blend seamlessly into online experiences, with criminals meticulously crafting emails, social media messages and websites that can persuade unsuspecting employees to part with sensitive company information or log-in credentials.
APTs are stealthy and patient, employing long-term strategies to infiltrate targeted systems and networks, often with state-sponsored backing. These sophisticated attackers meticulously gather intelligence, exploiting vulnerabilities and using custom-built malware to evade detection. Once inside, they establish a persistent presence, quietly exfiltrating data or manipulating systems for their advantage. Ransomware attacks also remain a key concern for UK businesses, with 44% of all businesses experiencing a ransomware attack in 2022.
Attackers employ tactics such as phishing emails to deliver malicious code that encrypts vital files before demanding a ransom for their release. Ransomware methods include leveraging encryption algorithms, using anonymous cryptocurrencies for payment, and even engaging in double extortion tactics, where stolen data is threatened with public exposure.
So, what can businesses do to protect themselves in the current threat landscape?
Uniting networking and security
Security teams need to be able to leverage network information and external resources, such as real-time threat intelligence, in order to secure their endpoints and block threats earlier. This intelligence can be easily integrated through APIs as part of a security “stack” of technologies, offering greater reach and effectiveness with the least possible burden on internal resources.
In other words, bringing network teams (NetOps) and security teams (SecOps) together is the best way of achieving network-wide security, putting data in context, and offering true end-to-end visibility.
Real-time visibility and control are key here. You cannot defend against what you cannot see. By gaining 360-degree visibility, network administrators can increase performance by planning for network availability, evaluating bandwidth usage, and anticipating potential capacity issues in real-time. Security teams will also benefit from end-to-end network visibility, allowing them to detect abnormal traffic patterns that may indicate a threat and identify unauthorized devices attempting to access the network.
The application, user, and device context provided by end-to-end network visibility significantly reduces the time spent on reactive firefighting, allowing security teams to focus on proactive remediation instead of manually scouting the network for threats. This accelerated process of detecting and isolating threats shortens the threat lifecycle, minimizes dwell time, and enhances the overall resilience of the network.
The current threat landscape is difficult for security teams to navigate, but rather than hiring more talent or purchasing more tools, one of the most effective courses of action businesses can take is to unify their security and network operations and elevate what their current teams are capable of in order to build for a world that never stops.
