When we think of data breaches and major security events, media headlines often gravitate towards household names: airlines, hotels, and banks. This fosters the misconception that only those types of F500 organizations are lucrative targets for security attacks – but that’s simply not the case.
Most breaches occur in small to medium-sized businesses, with companies with around 5000 employees taking the brunt of attacks. And, unlike their larger peers, these companies often have the most challenging time defending themselves.
Many of these organizations, for instance, would not consider that they’d be a target for state-sponsored organized crime. They might think, ‘Why would China be interested in my company?’ But they fail to recognize that security breaches such as this are often the aftershocks of tectonic events happening on the other side of the globe.
Perhaps it’s a trade war; maybe it’s a physical war. While states can’t go head-to-head on the battlefield, they are more than willing to inflict collateral damage on non-combatant organizations. They can steal information to either resell, disrupt critical services like healthcare or pipelines, and over time effectively destabilize the economy. Sewing doubt and causing confusion is precisely the kind of mischief they want because it ultimately provides them with economic advantage.
Then there are organized criminals, often attacking companies as part of a cartel. These are branded ransomware gangs. They’re well versed in using sophisticated nation-state-like tactics and tools, infiltrating organizations from numerous entry points and multiple vectors, and weaponizing stolen credentials.
An economy has also developed with some of the leading Malware companies, such as Gootloader, which have viral forms of ransomware that they now sell via a revenue sharing or leasing model.
Mitigating security threats with MDR and EDR
While the criminals are well-armed and experienced, their tactics can be stopped. Much like the misleading headlines about attacks on F500 businesses, these stories foster a sense of fatalism amongst companies. If sophisticated bad guys come calling, there is nothing they can do to protect themselves.
One day it’s business as usual, and the next, it’s game over. That’s simply not true. Even the best criminals leave telltale signs that can identify an attack in early stages, and gives the target a chance to defend themselves – either stopping the event or at least minimizing the impact.
And that’s what MDR and EDR can do for your organization.
Gartner coined the term Managed Detection and Response (MDR), which at its essence is delivering a ‘turnkey threat detection via modern, remotely delivered, 24/7 security operations center capabilities and technology.’
MDR monitors the entire environment, not just core networks on-premises. It looks for signs of suspicious activity, carries out triage, and immediately investigates malicious activity. Attacks are then contained and interrupted before they become business disrupting events. This solution is ideal for organizations that do not have in-house cybersecurity teams.
Endpoint Detection and Response (EDR), a term also coined by Gartner, detects and remediates threats, but it involves installing sensors on endpoints (devices) and uses analytic tools to automate the detection and response for further detection investigation.
Although MDR and EDR may be a good fit for many businesses, in-house teams often suffering from attacks are increasingly unable to defend against them as they simply lack sufficient time and resources to implement the required technology.
They lack the staff required to monitor, hunt, and investigate the sheer volume of data, and they may also not have the internal expertise and advanced detection and forensic capabilities.
This is compounded further by the widely acknowledged cybersecurity skills gap, which has resulted in many organizations finding it increasingly challenging to recruit talent.
However, failure to act results in blind spots across mobile, physical, and virtual endpoints, alert fatigue, where existing staff are chasing too many false positives, and ultimately, prolonged incident dwell times.
The average cost of a successful attack now stands at $8.94m, primarily due to the impact caused by loss of IT services, end-user productivity, and the theft of information assets.
And, without a way to break the cycle, the risk of loss is only set to grow.
A better way forward with Teneo
Forward-thinking security and risk leaders have found a way to achieve more efficient, effective, and affordable security protection by joining forces with expert security partners like Teneo, that has teamed up with eSentire – the largest pure-play Managed Detection and Response provider.
WFA: Secured, Teneo’s Endpoint Security service – powered by eSentire – provides a single agent that combines next-generation antivirus with elite human and AI threat hunting, and endpoint detection and response (EDR) capabilities to eliminate blind spots that traditional prevention would miss.
Simple to use and cost-effective, WFA: Secured delivers the outcomes businesses need to stop cyber attackers in their tracks. The service enables the detection and response to threats in minutes, not hours or days, which saves businesses time and is critical to the health of a business’s operation.
Teneo’s team of experts uses predictive threat modeling and proprietary machine learning to continuously tune the latest detection measures to prevent known attacks and identify potential unknown and zero-day threats.
For the most elusive of threats, an elite team of threat hunters rapidly investigates and neutralizes compromised endpoints on behalf of customers, preventing lateral spread. Supporting the full incident response lifecycle, the Teneo team works alongside in-house security teams to determine root cause and corrective actions, ensuring your environment is hardened against future business disruption.
For more information about Teneo’s WFA: Secures service, visit www.teneo.net/endpoint-security/
Author: Mark Sangster, Cybersecurity Author and eSentire’s Principal Evangelist and VP of Industry Security Strategies.