The cybercrime industry is evolving tremendously, and CISOs need to have stringent practices to keep their IT infrastructure secure against sophisticated cyber threats and risks. IT Security Wire interacted with Mike Britton, CISO, Abnormal Security, to understand today’s threats and the best ways to stay secure.
IT Security Wire: The new US cybersecurity strategy focuses on making cloud providers responsible for security. How can cloud providers protect clients’ data effectively?
Mike Britton: Cloud providers must proactively approach security and implement advanced threat detection solutions to protect their client’s data. And one of the biggest threats clients face now is email security.
Email is an attractive target for many cyber criminals because businesses frequently use it to share sensitive information. Once compromised, it can also allow attackers to move laterally across an organization’s network to wreak even more havoc. Cybercriminals’ email attack tactics are becoming more sophisticated by the day – more groups are using highly targeted business email compromise (BEC) attacks that are often indistinguishable from legitimate messages – as they look for new ways to bypass traditional security solutions.
Yet against such as evolving threat, many organizations still depend on traditional methods of email security, primarily secure email gateway (SEG) tools that have failed to keep up with cybercriminals as they have evolved their tactics. While legacy controls are still effective at stopping commodity types of attacks, they simply cannot identify and thwart the sophisticated and modern attacks that we see more of today.
One effective way to manage this risk is by leveraging AI-powered technology to detect and block advanced threats in real time, even if they’ve never been seen before. Because modern attacks use new URLs, new domains, and new variations of messaging, traditional tools – which have relied on looking for known-bad indicators of compromise – are no longer effective. New tools that use behavioral AI to instead understand known-good behavior can better identify and block anomalies that may indicate new types of attacks, especially as cybercriminals continue to shift their tactics.
With the staggering cost of each successful email attack being, on average, $120,000, it is vital to protect client data. Supplementing the native capabilities of existing cloud solutions with third-party security solutions will be key to protecting email systems and securing organizations against sophisticated BEC and phishing attacks.
Also Read: Cybersecurity Budgeting Strategies During an Economic Downturn
IT Security Wire: With the rise in AI-based applications like Open AI’s ChatGPT and Google’s Bard, businesses are exposed to substantial risks and threats. How can businesses modernize their cybersecurity tech stack to mitigate the threats arising from these tools?
Mike Britton: AI is a double-edged sword for enterprise organizations. Its benefits for businesses are immense, but at the same time, it is also creating risk by giving threat actors tools they can use for nefarious purposes. For instance, we’ve seen how criminals can exploit tools like Google Bard and ChatGPT in their attacks, where they’ve used conversational AI to craft believable phishing campaigns and new malicious codes in seconds without requiring any significant resources or knowledge.
At Abnormal, we recently ran a test using ChatGPT. We asked it to “write a persuasive social engineering email demanding a wire transfer a payment to a supplier with a convincing backstory.” The resulting email crafted by ChatGPT was much more sophisticated than many of the BEC emails we see every day.
As cybercriminals use tools like these to level up their attacks, organizations must prepare themselves to step up their defenses. Defenses that depend on static, known indicators of compromise won’t be sufficient, as new, sophisticated variations in social engineering tricks will be able to evade them.
A more defensive approach may include integrating security tools that utilize AI as their key defense. By applying behavioral and relationship analytics throughout the email environment, organizations can start understanding normal behavior and identify when an incoming email differs from the norm – whether it’s a questionable financial request or an impersonated sender – to identify and mitigate these new types of attacks.
IT Security Wire: Despite stringent laws like CCPA / GDPR / PIPEDA / HIPAA, the cybercriminal industry is still flourishing. Simply implementing policies would not be beneficial. What needs to be changed to ensure that cybercrime rates reduce?
Mike Britton: Organizations often feel the implications of regulations like GDPR and others only after a breach has occurred. Organizations that are a victim of a data breach due to a social engineering attack may be fined, scrutinized, and pressured to ramp up their defenses as a result, but by then, the damage will already be done. Organizations need to prevent these attacks from happening in the first place.
Cybersecurity must continuously evolve to keep up with the rapidly changing nature and pace of cyberattacks. In dealing with cybercrime, organizations must remain proactive and flexible to keep ahead of the curve. In order to accomplish this SecOps teams need to have continual audits and evaluations of security postures, policies, and procedures, as well as continued security awareness training and integration of new, automated technologies to detect and remediate advanced threats. Key pieces of the security toolbelt should include:
- Email security technology can catch attacks that slip by traditional email security gateways. Tools that use behavioral AI to understand known-good behavior can better identify and block new types of attacks, even when cybercriminals roll out novel, never-before-seen social engineering attacks.
- A tool that can highlight misconfiguration risks across the cloud environment and inform security leaders when changes occur. Knowing when a new third-party application is installed or when a user receives elevated privileges (and acknowledging the risk) helps you understand your vulnerabilities to make informed security decisions.
- Password management tools and multi-factor authentication. Even the best security tools and most robust training on the market are unlikely to stop every single attack. Credential stuffing and brute force attacks can provide access to email inboxes, underscoring these tools’ importance. For those attackers that gain access, security leaders should have a tool that highlights potentially compromised accounts and immediately takes remediation actions like logging users out of sessions and forcing a password reset.
IT Security Wire: Vendor email compromise has become a million-dollar problem. What proactive cybersecurity measures can businesses implement to detect vendor email compromise attacks in their initial stages?
Mike Britton: VEC attacks are one of the most dangerous types of BEC attacks because they exploit the trust existing in relationships between vendors and customers. And because discussions with vendors often involve issues around invoices and payments, it becomes harder to catch attacks that mimic these conversations.
Because modern supply chain attacks use deceptively genuine messages, traditional email security tools which look for known-bad indicators like malicious attachments are becoming less effective. With behavioral AI, tools can take a reverse approach by understanding known-good behavior. This approach allows easier identification of new attack types, which is especially useful in this rapidly evolving attack method. With behavioral AI, organizations can stay better protected from these costly attacks and focus on other priorities as they learn to safeguard against evolving threats.
IT Security Wire: What are the best strategies for vendor email compromise mitigation that CISOs can implement to minimize the impact?
Mike Britton: CISOs and security teams must move away from legacy email security tools and invest in AI-driven solutions that can proactively detect threats based on behavioral parameters.
Enterprises need this because modern supply chain attackers leverage seemingly genuine messages, and traditional tools that look for indicators such as malicious attachments are becoming obsolete.
New tools that take a reverse approach and use behavioral AI instead of understanding known-good behavior can better identify and block new types of attacks, especially as cybercriminals evolve their tactics. Hence, enterprises stay secure from these increasingly expensive attacks, and security leaders can concentrate on other priorities as they work to safeguard their business network against evolving threats.
Security and risk management leaders can be responsible for their email security by supplementing the native capabilities of their existing cloud email solutions with third-party security solutions. This strategy will provide phishing protection for collaboration tools and address mobile and BEC-type phishing scenarios.
IT Security Wire: How can businesses ensure efficient data Governance and Privacy while partnering with all the suppliers, vendors, and partners in the supply chain?
Mike Britton: When partnering with vendors, businesses should emphasize integrating email security with other security tools, such as endpoint solutions. This approach will allow for better monitoring of the vendor’s extended network and enable improved detection and response capabilities across the entire threat landscape.
It’s also advisable for businesses to seek vendor consolidation. Having multiple vendors or suppliers makes your network infrastructure more complex and creates more potential endpoints for threat actors to target. It increases a company’s attack surface, making it difficult to track and monitor every single third-party asset across the IT environment. So, having a single vendor that can provide multiple services or seamlessly integrates with other security solutions simplifies security responsibilities and limits a business’s potential attack surface.
At the same time, businesses should conduct thorough risk assessments of all third-party organizations in order to establish clear data handling policies, including privacy and security clauses in contracts, monitor engagements with third-party organizations, and provide security awareness training for employees. They can also leverage technology solutions like data loss prevention and identity and access management (IAM) which will help to protect sensitive data and enforce access controls.
By following these best practices, enterprises can effectively secure their sensitive data and minimize the risk of data breaches or other security incidents.
IT Security Wire: What modern attack vectors do cybercriminals leverage for a successful supply chain compromise?
Mike Britton: Supply chain attacks are coordinated by compromising an organization and targeting its trusted partners. Many of the attack vectors they use are extremely difficult to detect due to the multitude of third-party vendors that make up a supply chain within an organization and the implicit levels of trust that criminals exploit during data sharing.
A primary vector used by cybercriminals enacting SCC attacks is organizational relationships exploited via social engineering tactics. These consist of Vendor Email Compromise (VEC) attacks where criminals gain unauthorized access to an email account and then use it to target partners. The malicious emails from vendors that employees trust make it difficult for organizations to spot, as criminals use a known email address to make fraudulent requests.
The most recognizable supply chain attack which utilized social engineering in an increasingly mainstream VEC attack format was that of SolarWinds. Attackers were able to exploit trusted communications between vendors and customers through personalization and social engineering, creating a far-reaching impact, including fraud and financial loss.
Also Read: Strategies to Minimize the Instance and Impact of Credential Theft
IT Security Wire: What Regulatory Compliance policies must be set industry-wide to minimize the supply chain attacks resulting from third-party risk?
Mike Britton: The challenge with most regulatory policies, including GDPR, is that they are punitive. Organizations may be penalized if their security defenses fall short, but usually only after a breach and damage are done.
There seems to be a tremendous opportunity for the industry to rethink the regulatory status quo and design policies in a way that encourages organizations to be more proactive – including, for instance, stipulating that they implement specific types of security solutions. Especially as security technology becomes more advanced, organizations should perhaps be obligated to integrate the most sophisticated and proven technology as part of their stack. By developing policies from a more proactive lens, we may see that more organizations are in a better position to stop attacks from happening in the first place.
David MacKinnon is the Chief Security Officer at N-able. Prior to joining N-able, Dave was an IT security leader for AT&T/Warner Media, where he implemented an extensive security program managing complex incident response events. Dave MacKinnon has over 20 years of experience leading global security teams focused on cybersecurity, incident response, forensics, and threat intelligence across various industries.
Mike Britton is the CISO of Abnormal Security, where he leads information security and privacy programs. Prior to Abnormal, Mike spent six years as the CSO and Chief Privacy Office for Alliance Data. He brings 25 years of information security, privacy, compliance, and IT experience from a variety of Fortune 500 global companies. He holds an M.B.A. with a concentration in Information Assurance from the University of Dallas.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.