Presented by Elastic
The global threat landscape has continued to evolve over the last few years, though truth be told, cybercriminals have not steered far from their age-old techniques. Why would they, when they’re still swimming in money every year?
What has changed, however, is that newer technologies, more resources and a scattered perimeter have given threat actors the ability to execute their attacks even more effectively and at even higher frequencies. Recent high-profile breaches at government agencies and enterprises paint a clear picture of the stakes: highly confidential and sensitive information about critical infrastructure falling into the wrong hands and commercial operations grinding to a halt. There are devastating security implications in the former scenario and punishing financial blows in the latter. And unfortunately, all it takes is one small security misstep for bad actors to exploit a vulnerability.
Take the example of the 2023 cyberattacks at MGM Resorts. We know that combining simple tactics and sophisticated techniques allowed cybercriminals to get past the company’s defenses. Once they were inside the corporate network, they could laterally move and escalate permissions, allowing them to access increasingly sensitive information. And yet a time-tested best practice — building in compartmentalization and separation of duties — would have helped blunt the impact of exactly this sort of breach.
What this example makes clear is that to navigate this threat landscape, organizations need to get back to security basics if they hope to stay secure against the threats that surround them.
A peek inside a cybercriminal’s toolbox
Before going back to basics, it pays to take a closer look at what exactly organizations are up against today.
Innovations in cybercriminal technology and business models have made fraudulent activity easier, cheaper and more scalable, without sacrificing sophistication. For example, commercial off-the-shelf (COTS) capabilities like Metasploit and Cobalt Strike as well as malware-as-a-service (MaaS) offerings give amateurs the ability to punch above their weight class with pre-built, ready-to-go tools.
Meanwhile, the rise of generative AI enables threat actors to further scale, automate and optimize their efforts for even greater impact and accuracy.
In addition, hackers are also fully aware that enterprises are deploying more advanced threat detection techniques — and they are adapting accordingly, using defense evasion as a tactic.
Threats are also going beyond endpoints and edge devices to actual cloud infrastructures. Misconfigurations, lax access controls (including a lack of principle of least privilege models) and unsecured credentials all provide a potential entry point for bad actors.
The internationalization of cyberattacks means that adversaries don’t have to be based in the same country or continent to target a specific company or public infrastructure — they can attack your environment from anywhere in the globe. They can even localize attacks depending on the specific region, highlighting the fact that the nature of today’s cyber threats is truly global.
Basic brilliance
Organizations need to revisit cybersecurity basics as their first line of defense against this increasingly sophisticated threat environment.
For starters, don’t let your cybersecurity and data teams try to be a jack of all trades. Instead, focus strategy and efforts on what is impacting your specific vertical, tech stack and region — and then emphasize investments in the technologies and approaches that will protect against the biggest threats to your business.
Another basic that should be top of mind is limiting impact by controlling permissions. Once a threat actor is in an IT environment, they will want to escalate privileges by targeting administrators who have deeper levels of access. To limit this impact, minimize account privileges across the domain.
Enterprises and government agencies should also shift away from human-managed passwords as the primary mode of authentication. Machines can keep encrypted passwords that remain unknown to any human, eliminating each employee as a unique entry point to your organization’s IT infrastructure. Multifactor authentication (MFA) can further reduce the risk of credentials access threats.
Finally, it’s essential to embrace a “secure by design” approach. As the old saying tells us, an ounce of prevention is worth a pound of cure — so, setting up IT tools and processes that are automatically secure, without requiring additional effort or steps for users, can help head off any potential security missteps.
These cybersecurity fundamentals might not be fun and they might not be sexy, but they are the foundation that every organization needs to put in place if they hope to navigate an ever-evolving global threat landscape. This is one situation where it pays to be basic.
Jake King is head of global threat intelligence and director of engineering at Elastic, a leading platform for search-powered solutions.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.
