Heard the news about Americans suddenly hoarding oil? You would probably be surprised to learn that the reason for that is a cyberattack. The most recent disruption in American oil supply is not the result of low oil production but the forced shutdown of the Colonial Pipeline following a ransomware attack.
After the SolarWinds and Codecov attacks, it is alarming that another high-profile cybercrime has managed to penetrate the defenses of a supposedly technologically advanced country. To make matters worse, it turns out the perpetrators of the attack are saying they didn’t mean to cause problems.
DarkSide, the group that claims responsibility for the attack on the pipeline that supplies 45 percent of the East Coast’s oil requirements, released a statement that somewhat mocks the severity of the problem. “Our goal is to make money and not create [sic] problems for society,” wrote a post on DarkSide’s website.
These attacks add more reasons to the need to make security validation a compulsory part of a security posture. It is no longer enough to have security controls no matter how reliable they supposedly are. Organizations also need to make sure that their security solutions are consistently working and capable enough to detect and prevent successful attacks.
More aggressive attacks
In its SOCTA 2021 report, the European Union Agency for Law Enforcement Cooperation or Europol rang the alarm on the surge of cybercrimes including attacks on critical infrastructure. Edvardas Sileris, Europol’s European Cybercrime Centre chief, even warned that “cyber-attacks are likely still significantly under-reported” at the launch of SOCTA 2021.
The same situation can be observed in the United States. Cybercrimes have been increasing and are locking in on critical infrastructure including government offices, hospitals, and manufacturing facilities. This has led to the introduction of a bill to boost cybersecurity in the country. The bill seeks to establish an early warning system for cyberattacks on critical organizations.
According to a study reported on Cybercrime Magazine, global cybercrime damages are set to breach the $6 trillion level in 2021. These damages are largely driven by the radical increase in state-sponsored attacks as well as organized crime hacking activities.
If organizations were to secure their assets from the increasing volume and sophistication of cyber attacks, they need to ascertain that they have enough security controls and that these work as intended. In particular, it is important to implement automated breach and attack simulation (BAS).
The automated BAS security penetration testing system is considered as one of the most effective solutions for the growing cyber threats brought about by increased complexities of threat management, internal vulnerabilities, and lack of skilled security experts.
Weak sense of urgency
Simply put, people and organizations never learn from previous cyber attacks. This is evidenced by something as basic as the refusal to use stronger passwords. A study by NordPass found that the use of shockingly weak passwords was one of the reasons why organizations were successfully attacked.
The study examined over 15 million breaches and looked into the top 10 passwords used by the breached organizations. Companies in the retail and e-commerce industry particularly have easy-to-guess passwords. These include password, Company Name*, Company Name1*, 123456, abc123, unknown, ABC123, and default. The only passwords in the top 10 that may not be that easy to guess right off the bat are aaron431 and shumon, but these are likely familiar to insiders.
Vulnerabilities that are as simple as the use of weak passwords could be addressed easily by running a security validation procedure. A good automated security validation platform can detect this weakness along with other oft-ignored vulnerabilities and provide a high-priority security alert, so this problem is corrected as soon as possible.
Unsustainable costs of cybersecurity
Cybersecurity spending keeps growing in response to the relentless attacks from cybercriminals. Accenture’s State of Cybersecurity Report 2020 characterizes it as “unsustainable cost increases.”
The report says that 60 percent of businesses saw cost increases in various components of cybersecurity over the past two years, particularly when it comes to network security, security monitoring, and threat detection. Notably, 69 percent of the respondents say that “staying ahead of attackers is a constant battle and the cost is unsustainable.”
To reduce these costs, it is important to make sure that the installed security controls are working and are in line with the latest cyber threat intelligence. Organizations can greatly benefit from incorporating the MITRE ATT&CK framework in their security posture to make sure they can detect attacks before they manage to penetrate. In case they do manage to get past the cyber defenses, having access to up-to-date cyber threat information makes it easier to detect the problem, mitigate its impact, remediate, and fend off similar assaults in the future.
Falling cybersecurity investments
Ironically, while the costs of cybersecurity keep rising, organizations tend to reduce their investments to put up defenses. Accent’s State of Cybersecurity Report 2020 reveals that the decrease in security investments has resulted in low detection rates, longer breach impact, lower protection coverage, and greater amounts of customer data exposure.
With dropping resource allocations for cybersecurity, the best organizations can do is to make sure that what they have works as intended. They cannot afford to be running security solutions that do not only underdeliver on their promises but also become sources of vulnerabilities themselves.
This is not to say that it is acceptable to be stingy on cybersecurity. However, when businesses are in a pinch, it is understandable that many companies are doing their best to make the most out of the scarce resources available to them. They can use security validation to test cheaper or even free solutions that can sufficiently provide the protection they need.
Focus on supply chains
Another compelling reason to pay attention to security validation is the growing focus of bad actors on supply chains. Third-party providers are becoming the new cybercriminal favorites as they tend to have the trust of their customers. Many feel reassured that whatever their third-party providers do is above board since they are dealing with products or services within their field of expertise and extensive levels of experience. Unfortunately, this trust in third-party providers has been proven to be inexpedient.
The SolarWinds and Codecov incidents were all supply chain attacks. By now, the attack mechanisms have already been integrated into security validation platforms and the global adversarial attack knowledge base of MITRE ATT&CK. Similar hacks or variants thereof would already be detected by thorough security validation processes. Organizations just need to consider running automated BAS or advanced continuous automated penetration testing in conjunction with the MITRE ATT&CK framework.