The sophistication and innovation seen by cybercriminals in today’s cyberattacks leave cybersecurity officials stunned.
From data thefts to ransomware attacks, credential stuffing and many more, even a simple phone call can put an organization at risk if not attended to carefully.
For example, the MGM case where using social engineering skills, the impersonator on a phone call gained remote access to MGM resources and system admin credentials.
David Bradbury, chief security officer of Okta, told Reuters that five of its clients, including MGM Resorts International and Caesars Entertainment, fell victim to hackers like ALPHV and Scattered Spider since August.
“Data breaches and credential stuffing attacks are followed by credentials being sold on the dark-web marketplaces. These exposed credentials are a major enterprise vulnerability as they can be used to bypass firewalls and Identity & Access Management (IAM) defenses to gain access to an authorized account,” says S Sreekumar, Vice President and Global Practice Head, Infra & Cloud Security, Cybersecurity Services at HCLTech.
“They can also be used [for blackmailing purposes] as a part of a spear-phishing attack to trick users into thinking they’ve been exposed due to a hidden malware exploit on their device,” he adds.
The exploitation of digital information, mostly via ransomware, for significant gain is estimated to reach $10.5 trillion by 2025, up from $3 trillion in 2015, according to a report, originally published by Cybersecurity Ventures. If compared to a country, this figure would be the equivalent to the world’s third largest GDP after the US and China, the report added after the US and China, the report added.
The rise of ransomware and AI threats
Ransomware attacks are a persistent threat to organizations around the world. Cybercriminals have shut down major gas pipelines, banks, hospitals, casinos, supermarkets and more. Ransomware attacks have become a profit-making business pursuit. Even aggressive extortionists have built a complete business model: subscribing to ‘Ransomware-as-a-Service (RaaS)’.
This kind of attack uses artificial intelligence (AI) bots for automation, scale and assumption of similar usernames and passwords across multiple services.
In this evolving AI-powered threat landscape, being cyber-resilient starts with a future-ready posture. Ensuring regular ransomware assessments and robust managed detection and response (MDR) services that enable 24x7 real-time monitoring with instant alerts whenever a suspicion is detected.
For example, a Fortune 500 US company, with industry-leading medical technology services across 190 countries, wanted an improved security posture that would cut down on exceptionally high operational costs for 24x7 remote security management and digitally transform the existing infrastructure to a more monolithic structure. This transformation would include IAM, governance, risk and compliance and SAP GRC under a unified IT security umbrella.
HCLTech furnished five global data centers, which included maintaining network and endpoint security and mitigating threats and risks. With big data security in place, HCLTech laid the ground for analytics and alerts and also implemented network mirroring among other solutions.
With VPN and multi-factor authentication, the client now has complete network access control for maintaining network visibility and assessing its posture.
The advanced password management solution with reduced login requirements increased cohesiveness in the IAM environment and prevented ransomware attacks with next-gen endpoint security and cloud backup. HCLTech also migrated three legacy tools to Azure Cloud.
The solution scans more than 50,000 IPs every quarter and offers integrated functionality for vulnerability management. With automation, HCLTech optimized and reduced the security incident counts by 50%, making it cyber-resilient.
Making an organization cyber-resilient starts with the right strategy to run business operations even under a severe attack — like a RaaS or a DDoS — followed by assessing the business impact of cyberattacks.
With these attacks having grown multiple times, impacts can range from sleepless nights of IT security teams to huge financial losses, which can even translate to deeper business concerns such as employee layoffs, C-level resignations and temporary suspension of business operations.
In Ransomware: The True cost to Business Study 2022, 73% of organizations suffered at least one ransomware attack in 2022, compared to 55% in 2021. The report added that 37% of organizations reported that they were forced to lay off employees after huge losses incurred due to such attacks.
This is why embracing a cyber-resilient framework helps reduce the impact of cyberthreats and maintains agility in business. It enables a state of organization preparedness, which makes organizations accept that attacks can’t be fully eliminated or controlled. It shows how and where things can go wrong even with the right security measures in place and how to run operations even under an attack with minimal damage and to easily recover from its impacts.
Here are some of the key steps to a robust cyber-resilient framework:
- Data location assessment and identification is vital as data sprawl makes a company more vulnerable, widening the attack surface
- A well-identified recovery point objective and a recovery time objective are a must to help an organization get back on track. This includes people, processes, technology and culture
- The next step includes creating a solution design and protection architecture based on the organization’s budget, which can either enhance the existing one or transform it completely
- Once the architecture and solutions are ready, the organization needs to run drills to establish its capabilities and the effectiveness of its teams in such a scenario
A cybersecurity partner
In pursuit of an improved and future-proof cybersecurity strategy, traditional enterprises should engage a cybersecurity partner.
HCLTech offers a wide range of expertise spanning Security of Things or IoT security; data security and privacy; resilience; IAM; GRC; application security and infrastructure and cloud security. This expertise caters to industries like public services; retail and CPG; manufacturing; life science and healthcare, and financial services.
Becoming cyber-resilient calls for the right partner who first understands an organization’s threat scenario, assesses possibilities, has the capabilities of digitally transforming a customer and makes operations, including ongoing and recovery easy during an attack.
At HCLTech, customized cyber-resilient architectures are aligned to unique customer needs that better prepare them for the future. Here are core solution domains:
Cybersecurity Foundation for Digital Trust: These include the full stack of security tools and technology for a digital foundation for enterprises.
Cyber Assurance and Cyber Resilience: The Cyber Assurance services enhance an organization’s ability to protect against and avoid the increasing threat from cybercrime, while the Cyber Resilience services boost a firm’s ability to mitigate damage after an attack.
Governance, Risk and Compliance (GRC): HCLTech GRC services are designed to help an organization better identify, understand and manage the dynamic interrelationships between risk and compliance and incorporate the same.