According to Fortinet’s 2022 Cloud Security Report, 58 percent of respondents indicated that they plan to run more than 50 percent of their workloads in the cloud within the next 12-18 months. This is music to cybercriminals' ears as many organizations fail to adequately secure their cloud and network environments.
Unfortunately, many organizations mistakenly assume that if they put enough defenses in place, hackers will move on to another target. However, knowing how lucrative ransomware has become, cybercriminals are investing in reconnaissance to identify vulnerabilities in your clients’ attack surfaces.
What is Reconnaissance?
Besides being a security team’s worst nightmare, reconnaissance is one of the first phases of an attack. The steps involved in an attack are often a progression, starting on the left and moving to the right. Check out the MITRE ATT&CK framework to see the tactics cybercriminals utilize in a campaign. The left-hand side includes pre-attack strategies, such as reconnaissance, planning and development. On the right side are the execution phases that include launching malware and stealing data.
Most organizations don't focus as much on the left side of the attack framework, which gives cybercriminals a big advantage. With better reconnaissance, cyberattacks are likely to be more effective and more destructive.
Getting Smarter About Reconnaissance
A recent global ransomware survey conducted by Fortinet indicates that ransomware is routinely successful with 67 percent of organizations reporting having been a ransomware target. Nearly half said they'd been targeted more than once. While those stats are enough to keep any security leader up at night, there are ways in which you can help clients strengthen their security postures while addressing the impact of reconnaissance.
For your clients to combat increasingly sophisticated attacks, they need a holistic and scalable security approach that provides IT and security teams with visibility and communication across the entire network. Following are key elements that should be included in their security stack:
- Anti-malware that includes AI detection signatures
- Endpoint detection and response (EDR)
- Advanced intrusion prevention system (IPS) detection
- Sandbox solutions augmented with MITRE ATT&CK mappings
- Next generation firewalls (NGFWs)
- Digital risk protection service (DRPS) designed to counter attacks at the reconnaissance phase
As a Fortinet partner, you can deploy these tools consistently across a distributed network, including data centers, campuses, branches, multi-cloud, home offices and endpoints using an integrated security platform such as the Fortinet Security Fabric. The Security Fabric can detect, share, correlate and respond to threats as a unified solution. It integrates crucial security and networking solutions, including third-party components, while supporting your clients’ in-house resources.
Fortinet’s multi-phase approach to cybersecurity can prevent the early-stage delivery of threat components while monitoring and detecting malicious activity. It provides a fast, coordinated response across the distributed cybersecurity mesh to contain and mitigate attacks—regardless of cybercriminals’ reconnaissance efforts.
Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.