Data breaches and ransomware attacks aren’t just still occurring. They’re also becoming more frequent. According to ZDNet, the number of ransomware attacks detected and blocked by one security firm grew 715% year-over-year in 2020 alone. Another security company calculated the total number of ransomware attacks for the year to be around 65,000, wrote NPR. That’s about seven ransomware incidents every hour.
As a security professional with more than two decades of experience in the industry, these findings are very concerning. To add to my dismay, the public responses by the captains at the helm of most victimized organizations are less than reassuring. I can understand that some comments must be calculated to protect an organization’s public image as well as to deflect various peripheral liabilities. However, it leads me to wonder if there is some greater fault at work here. Specifically, are the “best practices” not working, or worse, are they being ignored? Is there a solution on the horizon for either scenario?
Welcome to the Cost-Avoidance Center
I am optimistic that the problem is not one of ignorance or failed security implementations. Rather, it may just be one of getting security leaders to adopt a more diligent focus when it comes to addressing the problem. Many organizations must carefully choose where to apply their resources towards maximizing profits.
That reality reflects just how much cyberattacks have changed over the past few decades. Years and years ago, a company could place cybersecurity at the lower end of where to spend budget. Cyberattacks were rare back then, and they were cause for little more than embarrassment. Now, cyberattacks are costly and very damaging. They can sometimes even gain the attention of world leaders. Clearly, cybersecurity is no longer merely a “cost center” for many businesses; it is a cost-avoidance center.
Start with Detection
When allocating their spend, it’s important for organizations to remember that there are solutions that do not need to break the bank. One of these is Tripwire Enterprise. It provides all the necessary rules to monitor critical OS files, binaries, directories, and registry keys.
Not only that, but Tripwire Enterprise also includes thousands of security policies that teams can easily set up and configure to marry to their company’s needs.
Tripwire can apply MITRE ATT&CK as one of these policies, for instance. For those of you who don’t know, MITRE ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK framework is widely used as a foundation for developing specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Why It’s Important for Tripwire Clients to Utilize This Framework
If we just look at initial access tactics found in the MITRE ATT&CK framework, we are giving the firm an opportunity to address specific tools and tactics in real time to stop these attacks from taking hold in their systems and on their networks.
Through having a thoughtful well executed cyber program, utilizing Tripwire as a detection mechanism can give the company a level of visibility to not only monitor the integrity of files but also to apply specific measures against attack attempts and to provide clarity not otherwise noted. This is possible because Tripwire covers all aspects of IT and security. These elements include the following:
- Security – Tripwire provides the most foundational controls in industry standard frameworks like NIST, ISO, MITRE, and CIS, and it provides more coverage with automated workflows and integrations.
- Compliance – Tripwire comes with the most extensive policy library in the industry. With over 800 combinations of platforms and regulatory standards, it helps organizations to maintain compliance over time with monitoring, audit evidence, and reports that reduce audit workload.
- IT Ops – Tripwire can help you to maintain your infrastructure and configurations to the state you need. It does this by managing changes to control unauthorized changes that cause downtime OR unplanned work.
These elements come together to reduce Mean Time To Repair (MTTR), something which every organization is after.
Finish With Flare
The most interesting thing to note here is that Tripwire Enterprise is just a detection mechanism. As such, for an organization that is reluctant to allow automated changes in the event of a security incident, this is an excellent tool to enhance any security operation.
A carefully crafted investment in the development of a well-formulated security program that has detective-based controls will not prevent a targeted attack, however. Early detection is the key to reduced impact. From a “return on investment” perspective, the cost to implement is far below the cost of a full-scale security event.