The scale and complexity of cyber threats have evolved significantly over the years. At the same time, businesses have updated their security infrastructure to counter new threats and vulnerabilities. In the 1980s the first-generation attacks targeted standalone PCs, and security vendors offered several antivirus software to counter these attacks. Post the internet era, the second-generation attack came in the picture when individual hackers started communicating and sharing their skills as they saw financial benefits in targeting businesses. In the third -generation application attacks, cyberbullies began exploiting security flaws or backdoors in the corporate security frameworks and applications.
Since 2010, we have seen the fourth generation of cyberattacks, which have resulted in high-profile data breaches, internet outages, and the theft of personal information from users, among other things. For distributed denial of service, these attacks employ a variety of evasive, polymorphic tactics as well as bots (DDoS). However, various security communities and analysts have now identified the fifth generation of cyber-attacks, for which businesses require new defence mechanisms.
What are the 5th Gen Cyber Attacks?
The fifth generation or Gen V cyber-attacks are large-scale, multi-vector attacks that are designed to target multiple components of IT infrastructure, including several endpoints, mobile devices, enterprise servers, applications, cloud, and more.
Apart from the technical sophistication, there are many other factors that make Gen V attacks more dangerous than ever. The tool kits for such attacks are often distributed over the darknet by state-sponsored clandestine agencies or other organized criminal groups. These groups operate exclusive social networks and offer escrow account services, malware licenses, and even tech support to cybercriminals.
For example, the WannaCry ransomware attack of 2017, was based on a tool called EternalBlue, which was unintentionally leaked to the cyber world by the USA’s National Security Agency. According to estimates, the attack spread to 100 countries and cost $8 Bn in losses globally.
Why are Businesses Unprepared for 5th Gen Cyber Threats?
While most businesses admit their unpreparedness for the new generation of cyber-attacks, there are also some perception-reality gaps. It is seen that CISOs usually overestimate the capabilities of their security infrastructure. Many have only 2nd and 3rd Gen security infrastructure in place, which makes them highly vulnerable to emerging cyber threats that target cloud, data centers, IoT, and mobile networks. On the other hand, the security community is also unable to coordinate response against threat actors, as businesses fail to disclose and share breach data in time. As a result, there are delays in gathering threat intelligence, and more organizations are hit before patches and signatures are available for threat mitigation.
How can SOCs Prepare for 5th Gen Cyber Threats?
Though high-profile data breaches and ransomware attacks gain headlines, most businesses are still unable to make cybersecurity a strategic business requirement. Security is often an afterthought, which undermines SOC’s capabilities to deal with emerging threats effectively. The security teams are understaffed and overworked, and they lack proper tools to detect, analyse, and secure the expanding IT environment. That's why SOCs need executive buy-in to prioritize security investments.
Unify Security Infrastructure
In addition to security information and event management (SIEM), SOCs need advanced technologies that can help them integrate and analyse data from their endpoint detection and response (EDR) systems, next-gen firewalls, intrusion prevention systems (IPS), web application firewalls (WAF), Identity and Access Management (IAM) tools, and more. As insider threats arising from mobile devices and remote users are a major concern these days, organizations need better tools for User And Entity Behaviour Analytics (UEBA). Further, for implementing a layered approach to security, organizations must consider setting up sandboxes in DMZ or at the CPU level and explore modern anti-phishing and anti-ransomware solutions.
Enable Cyber Resiliency
A robust cyber resilience strategy identifies and protects data while reducing the risk of a security breach. Cyber resiliency shortens exposure time and reduces the impact of the attacks, ensuring business security and continued sustainability. It involves cybersecurity integration across the enterprise lifecycle through three stages – protecting the system, applications, and data; detection of the changing risk surface; and evolving the security framework to stay ahead of the vulnerabilities.
Improve SOC Automation
SOCs share a wide range of responsibilities including network and security architecture planning, general administration, and regulatory compliance and audits. They need to maintain and analyze various logs and metrics and must instrument various infrastructure and application components for end-to-end traceability. At the same time, they must identify, investigate, and respond to known threats and zero-day vulnerabilities, gather and share threat intelligence, and more. However, they have only partial automation across their various processes and tools. With end-to-end automation, SOCs can efficiently carry out all their routine activities, get intelligent alerts, expedite incident response and compliance reporting, and get more time for complex troubleshooting and analytics.
Invest in Intelligent Real-Time Response
Many modern attacks rely on gaining privileged access for the proliferation of malware in enterprise environments. By the time a breach is detected, it is often too late. SOCs need advanced AI and machine learning-based technologies to detect threats in real time and restrict access, flag malicious IPs, quarantine infected systems, and take other steps to mitigate threats quickly. With AI/ML-based analytics, SOCs can improve real-time correlation to detect abnormal behaviour.
The need for implementing 5th generation cybersecurity architecture that synchronizes security across endpoints, on-premises servers, cloud, and IoT is more pronounced than ever. It should also leverage modern AI/ML technologies to analyse vast amounts of security data and automate intelligent responses. These technologies can help SOCs in implementing dynamic security policies that respond to threat severity and scale more effectively.
The article is authored by Praveen Patil Kulkarni, Country Manager - Security Risk & Governance at Micro Focus.