Evolving threat landscape a concern for cybersecurity analysts
Gartner’s Security and IAM Solution Adoption Trend Survey has revealed that the evolving threat landscape will be the top driver affecting information security during the next three to five years. The survey was conducted online during March and April 2020, with 405 respondents from North America, Western Europe and the Asia/Pacific (APAC) region.
Jonathan Care, Senior Research Director at Gartner, said that external risk is top of mind for security and risk management leaders in 2020, despite COVID-19 proving how rapidly such risks can change. “Bad actors are always looking to take advantage of worldwide events, such as the pandemic, to exploit new vulnerabilities and circumvent even the most advanced security controls,” Care said.
As organisations worldwide shifted to remote work due to COVID-19, the number of exposed remote desktop protocol (RDP) and virtual private network (VPN) services increased, and the reliance on digital meeting solutions created new threat vectors. Security teams had to develop new protocols for remote endpoint management and patching. Care acknowledged that before the pandemic, most enterprises designed their risk appetites around the assumption that remote working was the exception, rather than the norm.
“When that scenario was flipped, risks such as always-on VPNs and bring-your-own-device, which were previously a lower priority for security leaders, suddenly became top of mind. This forced security teams to rapidly reassess their enterprise’s risk landscape and deploy new solutions and policies accordingly,” Care said.
Threat actors took advantage of the chaotic nature of the changes in working environments to leverage new tactics, with Gartner observing an increase in reports of coronavirus-related business email compromise (BEC) and phishing scams, including SMS phishing and credential theft attacks. COVID-19 also led to an increased nation-state activity from advanced persistent threat (APT) groups targeting health care and essential services. These groups used scan and exploit techniques, as well as password spraying that attempts to take advantage of unpatched vulnerabilities, to acquire bulk personal information, intellectual property and national intelligence.
In response to the dynamic nature of the current threat landscape, Gartner recommends investing in security solutions that are agile enough to evolve alongside it, with Care noting that many organisations waste time on security technologies that have lost efficacy or continue to needlessly tune effective controls.
“Rather than trying to anticipate and block all possible threats, invest in solutions with detect and respond capabilities, which can assist with unknown threats and improve response efficacy when prevention fails,” Care said.
Gartner predicts that by the end of 2023, more than 50% of enterprises will have replaced older antivirus products with combined endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions that supplement prevention with detect and response capabilities. Extended detection and response (XDR) capabilities can also help improve detection accuracy and security productivity.
Security and risk leaders can use a continuous and adaptive risk and trust assessment (CARTA) strategic mindset to evaluate vendor products and determine how they can build more adaptive defences by applying the concepts of prediction, prevention, detection and response.
New Zealand has added a new privacy principle to the Privacy Act 2020, which adds new...
Australian Cyber Week 2020 has commenced, kicking off a series of events that will showcase the...
The US Department of Justice has won an indictment against six Russian military intelligence...