Internetwork Engineering Blog

In an era of intensified cybercrime, organizations can improve business outcomes with advanced malware protection

Written by Internetwork Engineering | July 9, 2018

 

Cybercrime cost organizations an average of $11.7 million annually in 2017, a 22.7 percent rise over the previous year, according to a recent Ponemon Institute report.[1] And to pay for cybercrime recovery efforts, many businesses must make difficult choices concerning the reallocation of resources from other areas. 

The increase in cybercrime includes ransomware, which is estimated to have escalated from $850 million in 2016 to $5 billion in 2017[2] and identify theft against businesses, which the IRS says has grown 250 percent between 2016 and 2017.[3] These levels of increased cybercrime demonstrate that traditional network security tools are inadequate to offer protection against hackers today.

Despite the increased costs and risks, it is unlikely that organizations will take a Luddite approach to security by disconnecting themselves from the Internet. Instead businesses must change their strategy to enhance cybersecurity, enabling them to allocate more resources to profitable activities rather than paying more for cybercrime remediation costs.

 

The rise of the cybercrime industry

Hackers have evolved from lone individuals focused on pranks to organized groups whose motivation is monetary gain or political action or both. There has also been a trend towards specialization and new business models, such as ransomware-as-a-service, which enables criminals with limited skills to mount cyberattacks on a global scale.

Coinciding with the shift in hacking from solo practitioners to organized, well-funded criminal enterprises is the development of advanced malware techniques that take advantage of flaws in traditional Antivirus (AV) and Intrusion Prevention System (IPS) tools. These new forms of malware mask their true intentions, allowing them to appear benign to gain entry into the network. Once inside they can go dormant or spring into action and remain undetected for long periods of time. The Industry average for time to detection is 100 days for organizations using traditional AV and IPS tools, providing cybercriminals with an enormous advantage.

 

Responding to advanced malware cyberattacks

Cybersecurity developers seeking to defend against current and future cyberattacks are taking a very different approach than those found in traditional AV and IPS tools. Rather than examine files attached to email and text messages at only the point of entry, these new advanced malware protection solutions continue to monitor files for as long as they are in the network.

This new approach to cybersecurity solutions uses retrospective techniques and other tools that include breach hunting, attack chain correlation, trajectory and behavioral indications of compromise (IOCs).  Taken together, these new solutions offer IT greater visibility to detect polymorphic and environmentally aware viruses and other advanced malware attacks on the network.

 

The business benefits of advanced malware cybersecurity solutions

Organizations that deploy advanced cybersecurity malware solutions, which use retrospective and other techniques, are able to detect cyber threats in as little as 13 hours. By tracking the trajectory, IT can determine where the malware came from, how it entered the network and what actions it has been taking. Such solutions also enable IT to search across all endpoints for indicators of compromise (IoCs), which speeds investigations while decreasing management complexity.

Advanced malware cybersecurity solutions also reduce costs related to remediation spending. In the event of a breach, an organization that employs such a solution has quick access to all of the data they need to investigate the breech and solve the problem, and without the need to hire an outside security consulting firm.

Additional benefits include methodically analyzing what took place during a breach and collecting information to help prevent similar attacks in the future.

Lastly, by using an advanced malware solution with retrospective security, organizations can better direct their resources to profitable activities instead of paying for the costs of cybercrime remediation.

 

 

To learn more about how we’re working with Cisco to provide our customers enterprise-grade AMP retrospective security solutions, download:

eBook: Prevent Cybercrime with Cisco Advanced Malware Protection (AMP) for Endpoints - Defend your organization with the power of retrospective security 

 

Infographic: Real Security Calls for Advanced Malware Protection (AMP)

 

 

 

 

Sources

[1] https://www.accenture.com/us-en/insight-cost-of-cybercrime-2017

[2] https://www.lexology.com/library/detail.aspx?g=a43f94f4-6cde-4e4b-acf9-8b56944cbd01

[3] https://www.bizjournals.com/kansascity/news/2017/07/31/irs-business-identity-theft-cases-jump-250-so-far.html