The year 2020 has been life-changing for all - from businesses to the common man. Everyone and everything went virtual, increasing the perimeters and opportunities for cyber incursions. The threat landscape not only expanded, but it also evolved at a monstrous level – compared to 2019, ransomware attacks rose by 435 percent and used advanced evasive tactics such as double extortion. No company or individual felt safe. The year 2021 is no less different. IT threat watchers predict that cybercrimes would inflict damages of USD 6 trillion in 2021 and could reach USD 10.5 trillion in 2025.
With such high stakes, businesses cannot rely on the reactive approach to mitigate cybersecurity risks anymore. The ever-evolving threat landscape today necessitates preventive actions to keep the expensive cures at bay. And the only way to do it is by understanding the nemesis and implementing security protocols to stop their actions. It is less wonder then that leveraging threat intelligence and enabling digital risk protection is gaining momentum among security-focused enterprises. Gartner expects the need for such digital risk protection services to increase to 10 percent in 2025, rising by 1 percent in 2020.
Demystifying Threat Actors and Actions
The concept of threat intelligence emerged as the attacks became more sophisticated and difficult to detect. Post-pandemic, businesses have witnessed a spike in social engineering phishing activities, account takeovers, data breaches into public-facing services that lack multi-factor authentication, and access to network infrastructure with low barriers. With threat operations scaling up, careful monitoring and analysis of the existing and emerging cybercrime activities for effective risk management have become critical. Also, the current threat environment calls for business-focused intelligence rather than studying just the general attack feeds and indicators. It entails gathering evidence-based knowledge of existing and emerging threat actors, including their context, attack mechanisms, unique indicators, and implications.
A closer look into the cybercrimes indicates a variety of threat actors – from those who break in and sell access (initial access brokers), to those who are not aware that their actions opened the door to hackers (accidental exposures). The threat actors use multiple means to achieve their ends, including stealing data, extortion (ransomware), server access (third-party risk), impersonating domains, and zero-day exploits. In most cases, threat actors come across as modularized and commercially focused groups with a pre-defined target and foolproof escape strategy. For instance, the attackers of SolarWinds’ software in 2020, which affected multiple Fortune 500 organizations, government branches, and global institutions, kept their malware footprint low and used temporary file replacement techniques to modify system configurations.
Detection and Analysis: The Digital Risk Protection Mantra
In this new era of cybersecurity risks, businesses are grappling to gain visibility into the threat actors. IT teams are seeking tools and solutions that can detect and combat emerging risks. However, given the severity and unpredictability of the cyberattacks, teams will need to consistently analyze and identify the threat activities in their business IT infrastructure. To assist with these activities, the World Wide Web offers several free online tools and software, such as for detecting:
- Impersonating domains – DNS twist
- Exposed credentials – haveibeenpwned.com
- Exposed data – Google hacking
- Infrastructure weakness – Shodan.io
- Exposed access keys – sshgit, Trufflehog, and Talisman
While the tools are free for use and provide accurate results, continuous monitoring of each of the business sites and apps, and comprehensively checking for all kinds of threats can be an operational burden. It may seem like receiving a pet for free. There will still be lots of work to put in to keep the pet alive and well. Similarly, operationalizing digital risk protection and threat intelligence for the organization at scale would require a dedicated team of threat intelligence experts, along with the right platform.
Limited availability of such talents and the continuously evolving threat landscape has prompted enterprises to seek external help. Owing to the cyber-pandemic, there is an increased requirement for enhancing existing cyber defenses, pushing the demand for external threat intelligence services further. Forrester reported that the number of threat intelligence services leveraged by enterprises has increased by 75 percent from 2019 to 2020, indicating the demand for comprehensive security solutions by global enterprises.
Combining Intelligence with Risk Management: The HCL Approach
HCL brings to the table more than digital risk protection. The comprehensive knowledge of tackling cybersecurity risks begins with the right mix of intelligence and a proactive approach. With this in mind, HCL in collaboration with Digital Shadow offers the Digital Threat Intelligence solution, enriched with the right context and business-focused threat intelligence for today’s enterprise IT risk protection needs. The offering takes a customized approach, providing businesses with cost-efficient and holistic protection. The focus of HCL’s Digital Threat Intelligence (DTI) solution powered by Digital Shadow is based on three critical capabilities.
The first is to detect the data exposure. HCL integrates Digital Shadows’ capabilities of conducting in-depth research and analysis of the threats with its CSFC (CyberSecurity Fusion Center) Platform. This allows the enterprise to detect and analyze exposed credentials, sensitive marked documents, intellectual property, and third parties in a single dashboard. It also helps operationalize the triage of asset context, organizational environment expertise, and added data analysis. Additionally, it helps determine the best practices for managing the incidents by leveraging the National Institute of Standards and Technology (NIST)-based playbooks and matured processes.
Once the vulnerabilities are identified and incident management approaches are determined, the HCL team proactively secures online brands from domain infringements, malicious mobile apps, spoof social media profiles, and VIP exposures. In the final step, the team identifies potential attack surfaces in the business infrastructure for closing all the gaps – be it in misconfigured devices, certificate issues, or open ports. The entire process is executed in a Swift Asset Onboarding manner that helps drive faster value.
With all workloads and applications moving to the cloud, the need for threat intelligence and risk management is more vital than ever. In this scenario, the partnership between HCL and Digital Shadows combines the best of product technology and services experience to deliver advanced and scalable digital risk management for the future-ready enterprise.