In 2021, Israeli businesses fell victim to some form of a cyberattack: from fashion retailer and supply-chain logistics specialists to healthcare providers including the Machon Mor and Hillel Yaafe medical centers.
The situation is considered to be so serious - and escalating daily - that the U.S. and Israel recently announced a new anti-ransomware coalition to tackle the issue through the sharing of threat intelligence and security guidance.
In a joint statement, representatives of the two nations made clear that businesses must play their part in curbing this rising tide. “As with other cyber threats, the threat of ransomware is complex and global in nature and requires a shared response,” they said. “A nation’s ability to effectively prevent, detect, mitigate, and respond to threats from ransomware will depend, in part, on the capacity, cooperation and resilience of global partners, the private sector, civil society, and the general public.”
So, what should businesses be doing to stay safe from cyberattacks? Businesses face three cybersecurity challenges that are seemingly distinct from one another but deeply interwoven below the surface.
Understand the tech stack
The modern tech stack that underpins digital applications and services often comprises a vast and complex collection of infrastructure elements: operating systems, servers, containers, data storage, application monitoring tools, business intelligence solutions and more. For CISOs and IT teams, keeping a watchful eye over a tech stack and protecting it from increasingly sophisticated forms of attack calls for a new approach to security that acknowledges this complexity.
The challenge here is primarily one of communication. Are the right people helping to understand a problem? And are the right tools communicating with each other?
There is no such thing as a siloed solution. Modern infrastructures consist of thousands of applications, hundreds of containers, and tens of clouds - all running at the same time. Software developers need to first assess and understand the infrastructure they’re dealing with to effectively safeguard it. It’s imperative they understand the tools that have been implemented and how they affect one another in their organization as a first step toward streamlining updates that keep up with your software supply chain, preventing old code, and buggy systems that leave valuable data open to cyberattacks.
Identify ways to manage the deluge of security information
When security alerts and notifications are flooding in, it’s no surprise if some go unobserved or unacknowledged. As a result, many companies aren’t as secure as executives believe they are. We’ve all heard the saying that if everything is an emergency, nothing is.
But the sheer volume of incoming information means that manual monitoring and intervention are no match for the task at hand. Some IT professionals report receiving more than 1 million security alerts daily and separating critical alerts from the noise is a major pain point for the people at the helm of an organization’s security infrastructure.
This calls for automation, removing humans from the frontline of the critical alert path and letting machines shoulder the burden instead - a task they can perform faster and with fewer errors. Where possible, machines should be responding to alerts. Moreover, more attention needs to be given to the risk and severity factors. The fact that a resource is vulnerable is concerning, but the possibility of it being exploited is even more so. To put it another way, an unpatched EC2 instance that is linked to the internet is far riskier than those that are not publicly exposed.
CISOs don’t want to just hear about things that need fixing, they also need their teams to provide recommendations to remediate the issue, and in which order. By automating their tooling, IT teams can ensure that their time is free to focus on the most meaningful alerts.
Create a culture of follow-through
A major cyberattack often begins with a handful of seemingly innocuous alerts. If these are tackled promptly, the whole attack might be shut down before it ever becomes a serious security event.
Again, this calls for communication and cooperation because breaches don’t happen in a vacuum. Employees, whether they’re based in the IT department or not, should be encouraged to report anything that strikes them as unusual or strange, without worrying about the consequences of expressing their concerns.
In conclusion, we need to take a step back, revisit our approach to security, and adapt it to the new normal.
Ransomware attacks are becoming both more frequent and more sophisticated all over the world – and according to the Global Cybersecurity Outlook 2022 report from the World Economic Forum (WEF), they come top of this list for cyber leaders when they are asked about the kind of attack their organization is now most worried about, ahead of social engineering attacks and malicious insider activity.
Transparency is critical. Transparency has the power to pave the way for open communication, which will enable organizations, their customers, and their partners to maintain secure environments.
Written by Amit Kanfer, Director of Engineering, Cloud Security at Elastic, Israel