‘2020 Cybersecurity Outlook’ Report Reveals Evolving Attacker Behaviours, Relationship Dynamics Between IT and Security Teams.
VMware Carbon Black has released its “2020 Cybersecurity Outlook” report which offers a holistic view at how attackers have evolved, what defenders are doing to keep pace and how security and IT teams can work together in 2020 and beyond.
Key Highlights include:
- Defense evasion behaviour was seen in more than 90 percent of the 2,000 samples we analysed.
- Ransomware has seen a significant resurgence over the past year. Defense evasion behaviours continue to play a key role with ransomware (95 percent of analysed samples).
- The top industries targeted by ransomware over the past year have been: Energy and Utilities, Government and Manufacturing, suggesting that ransomware’s resurgence has been a nefarious byproduct of geopolitical tension.
- Ransomware’s evolution has led to more sophisticated Command and Control (C2) mechanisms and infrastructure for attackers. Cyber criminals continue to leverage standard application protocols in network deployments to operate under the radar and blend in with standard business traffic. They are also deploying secondary C2 methods on sleep cycles, allowing them to wake up a new method of C2 upon discovery or prevention of their primary method.
- Wipers continue to trend upward as adversaries (including Iran) began to realise the utility of purely destructive attacks. Leveraging techniques across the full spectrum of MITRE ATT&CK™, wipers rely heavily upon Defense Evasion techniques to avoid detection (64 percent of analysed samples).
- Classic malware families have spawned the next generation. Throughout our research, we analysed malware (such as NotPetya) that initially appeared to be ransomware, but upon further inspection, found the decryption component removed or ineffective, resulting in purely destructive malware.
- Emotet, once the gold standard for banking Trojans, is being retooled as a Swiss Army knife for modern attackers and is heavily leveraged to perform a myriad of additional attacks due to its modular framework.
- IT and security teams appear to be aligned on goals (preventing breaches, efficiency, incident resolution) but 77.4 percent of survey respondents said IT and security currently have a negative relationship, according to our study conducted with Forrester Consulting.
- 55 percent of survey respondents said driving collaboration across IT and security teams should be the organisation’s top priority over the next 12 months, according to the study.
- Nearly 50 percent of both IT and security respondents reported being understaffed with security respondents noting their teams are currently 48 percent understaffed and IT teams are 26 percent understaffed.
- The study found that, in the majority of cases (45 percent) the CISO is reporting to the CIO. However, when asked who should the CISO report to, most respondents (37 percent) said directly to the CEO. Of note, nearly half (46%) of CIOs said the CISO should report directly to the CEO.
- The talent gap continues to be a theme across the IT and security landscape. According to the study, 79 percent of respondents said finding the right security talent is either “very challenging” or “extremely challenging” and 70 percent reported the same level of challenge for IT talent.
- More than 50 percent of survey respondents said that both security and IT will share responsibility for key areas like endpoint security, security architecture and identity/access management over the next three to five years.
- When it comes to risk, security leaders said brand protection (81 percent of respondents) is the most important issue for company boards.
- Both security and IT have seen increased investments over the last year. Among survey respondents, 77 percent said they purchased new security products, 69 percent reported an increase in security staff and 56 percent reported an increase in IT staff.