David Ratner Discusses the Current State of Security in Cybernews Interview
According to David Ratner, the CEO at HYAS, despite how strong the security solutions monitoring real-time activity are, numbers show that an average intrusion can last for up to 99 days before even initial detection, much less remediation. During that time, cybercriminals collect enormous amounts of sensitive information and other business-related data, explore the organization, and prepare themselves for next steps (such as encryption).
So in order to improve the detection rates, businesses need to closely monitor their outbound communications. Dr. Ratner recently discussed these advanced cyber threats and ways how enterprises can gain better control of the information exiting their networks with CyberNews.
Have you noticed any new tactics cybercriminals started using during the pandemic?
Cybercriminals love to use recent events and news as content for attacks, and the pandemic has provided many opportunities here. Phishing attacks and other intrusions have tried to utilize everything — from government loan information to COVID-19 testing and changing regulations — to trick unsuspecting users. The pandemic fundamentally changed the notion of what it means to attack the enterprise, as breaking into a user’s home machine now provided an easy entry point into the enterprise that may not have existed pre-pandemic.
Additionally, the changing work models and use of the Cloud for a variety of services dramatically increased the overall attack surface, and in many cases decreased an enterprise’s visibility over that attack surface. Cybercriminals definitely took advantage of it, and it highlighted just how important overall visibility and control is to an enterprise.
What cybersecurity threats do you think can become prominent in 2022?
I believe we will see increased numbers of double-threat ransomware attacks that both exfiltrate data and encrypt enterprise operations, holding them hostage for ransom. I also believe we’ll see a dramatic increase in indirect attacks, whether that is by breaking into a library or file used by an enterprise’s service, an intricate supply-chain attack, or utilizing new IoT devices that users connect into their systems and create new exposure points. All of these examples share one common characteristic — the entry-point itself is incredibly difficult to monitor. That's why having visibility and control of what communication is exiting the enterprise is so vital and key to moving forward.
Read the Full Article at Cybernews