As a cybersecurity advisor, you must constantly evaluate the current threat environment while finetuning your strategies to safeguard your clients’ data. We sat down with Jim Richberg, Fortinet’s public sector field CISO, to get his take on cyber criminals’ next moves and what you can do to thwart their new and evolving attacks.
Lack of cyber threat intelligence is a key risk to your client’s environments
According to Jim, the biggest risk is not looking at the threat environment holistically. Having access to the right cyber threat intelligence is key to understanding where there are vulnerabilities in their environments.
“When talking about the threat environment comes a recurrent topic of conversation with an organization’s leaders, it makes me wonder whether our discussion is actually a symptom of a bigger problem that the organization has in terms of cyber threat intelligence,” Jim notes. “Either they don't get enough of the intelligence they need, or they don't know what to do with it. Visibility and context are key.”
Cybercriminals are teaming up to deploy more sophisticated ransomware attacks
“Revenues have been relatively constant from ransomware,” Jim observes. “This means the criminals who normally would go off and join other groups when the malicious cyber exploits they were engaged in became less productive now tend to remain together. This persistence allows these groups to become more specialized and sophisticated. Some of these criminal groups are starting to take on the degrees of sophistication and speed we used to only associate with nation-state activity.
Today’s malware attacks are more destructive
“This is a nastier cyber environment than we were facing on the threat side a year ago,” says Jim. “Some ransomware deletes data—it acts as wiperware—either intentionally or due to bad design or coding error. Plus, when it comes to ransomware today, sometimes cybercriminals are not only just looking for ransom, but they’ll also take some or all an organization’s data and publish it to cause reputational damage, share it with competitors, or sell it on the dark web.”
3 Proactive strategies IT teams can deploy now
While Jim doesn’t advocate that organizations “hack back,” there are actions you and your clients can take on to adopt a stronger, more proactive stance against cyber threats.
1. Implement planning exercises
“You don't want the first time you think about a problem to be when you're dealing with a real threat and the clock is ticking,” Jim advises. While some companies envision sophisticated simulations involving computers and complex scenarios, Jim believes that simple discussions about cybersecurity can be invaluable. For example, having a structured discussion with your clients about the most likely threat they face, and a worse case one can help you realize what key stakeholders and resources you need to have in place.
2. Network with local authorities and cybersecurity experts
Seek out and build relationships with key agencies that can help you in the event of a cyberattack. For example, private sector companies can consider joining the local FBI InfraGard chapter; a nationwide network that focuses on providing practical advice and on helping organizations learn about local resources, including the local FBI Field Office. As Jim notes, “You don't want the first time you have a conversation with someone to be when you tell them about a problem you have or ask them for help.”
3. Consider using deception technology
If your clients are well-resourced, consider implementing deception technology.
“In cyberspace, intruders who think they may be facing deception technology start doubting what they are doing and even avoid the part of the network you forgot to fully protect,” John explains. “They assume that low-hanging fruit is a honeypot. There's a placebo effect that kicks in if an adversary knows an organization has deception tools, even when they’re not using it.”