The continued digitalisation and technological transformation of our economy and society means that there are increasingly more operations susceptible to a host of new and rapidly evolving cybersecurity threats. It’s for this reason that protecting against cyber criminals is high on the agenda for private sector businesses and the public sector. The need to combat such cyber attacks and preserve valuable data by using comprehensive advanced solutions is now more critical than ever.
Despite increasing awareness and technical innovations, malicious attacks are still proving successful thanks to increasingly sophisticated methods of attack. In the last year and especially in the midst of Covid-19, the move to working from home increased the organisational vulnerabilities as well. Other attacks, however, are less sophisticated and easier for employees to fall victim to, such as ransomware delivered through phishing. We’ve seen this happen more than once, an employee clicks one wrong link that can then open the door to an attacker to exploit that system. This risk is as high today as it has ever been with work forces becoming more dispersed due to mass homeworking.
Threat actors have often relied on phishing emails and malicious links as a strong attack vector for compromising organisations through individual employees. However, the scale is growing. In fact, as of February 2021 there are more than 2,168,066 websites marked as phishing sites, according to Google Safe Browsing. Furthermore, ESET’s Threat Report reveals that there has been a 9% rise in malicious email detections between the Q2/Q3 periods when compared to Q1 and Q2 in 2020.
With rising numbers throughout 2020, it is easy to see why organisations have become focused on avoiding falling victim to these damaging attacks. Although security teams can offer protection when it comes to emails entering a corporate inbox, cyber criminals have continued to find ways around security defences and protocols. Highly specialised attacks can be planned through spear phishing and social engineering, which focus on targeted individuals and make emails containing malicious links as legitimate as possible.
You can see the problem: It is a constant game of cat and mouse between security teams and cyber criminals. So, what can be done to fight back and turn the tide against attacks that involve malicious links? Outside of the tried and tested methods, data collection tools are proving to be a new weapon in the armory of security teams.
Protection through data collection
Using public online data allows security teams to build multiple layers of data when checking for malware being distributed via links within emails. Most importantly, this allows the teams to provoke the fraudster to deploy the fraud and detonate the links in a secure sandbox environment. So, if there is cause for concern, it is contained and dealt with – posing no threat to the wider IT environment.
However, data doesn’t just aid in exposing malicious links. It also allows teams to test their infrastructure when going through ‘red teaming’ or user emulation procedures. Red teaming allows organisations to perform comprehensive tests to expose potential vulnerabilities on every attack level. It also allows them to better understand how to respond to potential cyber attacks.
Testing networks using automated real-life techniques, tactics, and scenarios allows teams to get a better picture of the current content delivery networks and cybersecurity setup and point it towards areas that need improving. The role of data really comes into play when members of the team are looking to proactively identify and defend against the latest threats. The extra level of intelligence-led security assessment that data enables allows teams to thoroughly test organisations’ cyber resilience as well as threat detection and incident response capabilities.
Highlight security threats and vulnerabilities
Data collection can be deployed to reveal potential vulnerabilities and risks within hardware and software-based systems like networks, applications, routers, switches, and appliances. By collecting publicly available data, red teams have a better picture of the current security landscape. They are therefore much more informed and are able to perform focused and realistic exercises that wouldn’t be possible without the added benefit of data. This further allows them to review and analyse log data, utilise security information and event management (SIEM) platforms for visibility and detection of live intrusions, and to triage alarms in real time.
Regardless of size or sector, all organisations are prime targets when it comes to cyber attacks, and it’s important that security teams are always one step ahead of those looking to break into their systems. To achieve this, they need to be using the latest technologies to keep cyber criminals at bay, and this is where data collection is giving teams the upper hand. Now is the time for security teams to seize the initiative to test and increase defences with the latest data collection technologies. Doing so will truly protect their networks.
Omri Orgad is the Regional Managing Director of Bright Data (formerly Luminati Networks).