Rapid7 2020 Threat Report: building excellence in security
Organisations continue to host vulnerable, internet-exposed systems that are being targeted by attackers, according to Rapid7’s 2020 Threat Report
Rapid7’s quarterly Threat Report leverages intelligence from its extensive network, which includes Rapid7 Insight Cloud, Rapid7 Managed Services and Rapid7 Incident Response engagements to give insight on the rapidly evolving threat landscape for businesses.
That threat landscape can be different for organisations, depending on industry sector or operations.
However, the Threat Report cuts through the noise using the company’s industry-leading insight, to give a clearer picture of the key threats facing industries, and define how they will change and evolve throughout the year.
What is a threat?
A threat exists when an organisation has an adversary with intent, capability and opportunity. According to Rapid7, when two or more of those elements exist, businesses face an ‘impending threat’.
If the third element comes into play, a ‘true threat’ is possible.
Rapid7 approaches this latest iteration of report with a change mindset spurred, it says, by an evolution from building software to building solutions that have defined and achievable outcomes.
With that in mind, it has changed the narrative to embrace the ‘so what’, with the information set out to answer three questions: “what does this mean for you”; “how can you use it”; and “how can it improve your security programme”.
These questions are answered in four key areas: threat telemetry, detection telemetry, recommendations, security programmes.
Focus on threat telemetry
Rapid7’s threat telemetry data has revealed that organisations continue to host vulnerable, internet-exposed systems.
It also recognised a levelling off of EternalBlue exploit attempts in its Project Heisenberg honeynet. This, it states, indicates that there are “still so many exploitable Microsoft Server Message Block services out on the internet that attackers still find it lucrative to hunt for them.”
The overall population of vulnerable services holds steady, it is revealed, therefore holding the attention of attackers.
In this area, Rapid7 recommends prioritising the measuring and improving of the time to deploy patches, particularly to internet-facing systems.
It also suggests organisations measure and improve how they are viewed by external attackers, particularly in terms of what systems and services are available online.
Focus on detection telemetry
Attackers continue to target valid user accounts as their preferred method for breaching an environment.
In addition, Rapid7 sees attackers favouring malware, phishing, and malicious documents. Indeed, those three categories are revealed to account for close to 80% of how they attack organisations.
The company recommends that organisations focus on improving user account security with two-factor authentication, password complexity requirements and rotation policies, and the monitoring of the dark web for leaked credentials.
It also suggests that organisations make better use of User Behaviour Analytics to increase their ability to detect the unauthorised use of credentials.
Organisations can also employ other approaches, including the development of threat hunting capabilities and the implementation of an effective endpoint detection and response solution.
Focus on recommendations
For the first time in a Threat Report, Rapid7 has addressed the recommendations that its Managed Detection and Response (MDR) team identifies. This team currently identifies and stops 85% of threats within one hour of initiation and more than 90% within one day.
The team noted that:
- 75% of remediation tasks are both high priority and only require a low-to-moderate level of effort.
- Mitigation recommendations run the gamut of priority and level of effort.
Rapid7 explains that, where where it sees a low level of effort and a high priority, automation is a consideration.
The report sets out a series of recommendations and their priority level, which can be used by businesses to justify any particular threat or security action. These can be seen here.
Rapid7 encourages all organisations to adopt the MITRE ATT&CK Enterprise Framework to guide threat prevention and response programmes.
However, key takeaways and recommendations from the report include:
- There is a need for focusing on external footprint.
- Attackers most commonly exploit a public-facing application or valid accounts. This can be countered by patching, network segmentation and UBA.
- Organisations should use multiple threat detection methodologies and augment detections and technology with skilled individuals.
- Close to 80% of breaches detected by Rapid7’s MDR service are malware-related, phishing-related or malicious documents.
- Earlier focus on detecting threats in the initial access and execution tactics of the attack lifecycle can reduce the cost and impact of breaches.
- Investing in collecting and reusing threat indicators improves security programme efficiency
- Proactively deploying mitigating controls based on trends in the threat landscape can reduce the risk of a breach.
Find out more about how Rapid7 can improve your security here.
For more information on all topics for FinTech, please take a look at the latest edition of FinTech magazine.
IT Employees Predict 90% Increase in Cloud Security Spending
As companies get back on their feet post-pandemic, they’re going all-in on cloud applications. In a recent report by Devo Technology titled “Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits”, 81% of the 500 IT and security team members surveyed said that COVID accelerated their cloud timelines. More than half of the top-performing businesses reported gains in visibility. In fact, the cloud now outnumbers on-premise solutions at a 3:1 ratio.
But the benefits are accompanied by significant cybersecurity risks, as cloud infrastructure is more complex than legacy systems. Let’s dive in.
Why Are Cloud Platforms Taking Over?
According to Forrester, the public cloud infrastructure market could grow 28% over the next year, up to US$113.1bn. Companies shifting to remote work and decentralised workplaces find it easy to store and access information, especially as networks start to share more and more supply chain and enterprise information—think risk mitigation platforms and ESG ratings.
Here’s the catch: when you shift to the cloud, you choose a more complex system, which often requires cloud-native platforms for network security. In other words, you can’t stop halfway. ‘Only cloud-native platforms can keep up with [the cloud’s] speed and complexity” and ultimately increase visibility and control’, said Douglas Murray, CEO at cloud security provider Valtix.
Here’s a quick list of the top cloud security companies, as ranked by Software Testing Help:
What are the Security Issues?
Here’s the bad news. According to Accenture, less than 40% of companies have achieved the full value they expected on their cloud investments. All-in greater complexity has forced companies to spend more to hire skilled tech workers, analyse security data, and manage new cybersecurity threats.
The two main issues are (1) a lack of familiarity with cloud systems and (2) challenges with shifting legacy security systems to new platforms. Out of the 500 IT employees from Devo Technology’s cloud report, for example, 80% said they’d sorted 40% more security data, suffered from a lack of cloud security training, and experienced a 60% increase in cybersecurity threats.
How Will Companies React?
They certainly won’t stop investing in cloud platforms. Out of the 500 enterprise-level companies that Devo Technology talked to throughout North America and Western Europe, 90% anticipated a jump in cloud security spending in 2021. They’ll throw money at automating security processes and investing in security upskilling programmes.
After all, company executives will find it incredibly difficult to stick with legacy systems when some cloud-centred companies have found success. Since moving from Security Information and Event Management (SIEM) offerings to the cloud, Accenture has saved up to 70% on its processes; recently, the company announced that it would invest US$3bn to help its clients ‘realise the cloud’s business value, speed, cost, talent, and innovation benefits’.
The company stated: ‘Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator’.