Many organizations continue to be caught off guard by cyber threats, despite experts pointing out that most incidents are preventable. During the IRISSCON 2024 conference in Dublin, it was highlighted that the majority of cyber incidents involve human error, social engineering, and ransomware, according to Phillip Larbey, Associate Director for EMEA at Verizon.
Ransomware and extortion were found to be the main components of attacks in the Verizon Data Breach Investigations Report (DBIR) 2024, making up 32% of incidents. Attackers often exploit vulnerabilities and steal credentials to gain access to sensitive systems undetected. Shockingly, data from the DBIR showed that 47% of vulnerabilities remain unremediated after 60 days of discovery, with 8% still unremediated after 365 days.
To combat these threats, organizations need to be more proactive with their vulnerability management strategies. Larbey emphasized the importance of addressing excessive user privileges, which can make it easier for attackers to move within networks. By utilizing services that monitor dark web activity for compromised credentials, businesses can stay ahead of potential threats.
Dave Lewis from 1Password and Rich Mogull from FireMon discussed the need to prepare for ‘Black Swan’ cyber events, unforeseen incidents such as the NotPetya malware attack in 2017. According to Mogull, while these events cannot be predicted, organizations can still plan for them. By adopting incident response processes similar to those used by emergency services, companies can effectively respond to unexpected cyber incidents.
Incident response frameworks like the US National Incident Management System (NIMS) provide clear steps and procedures for communication and command and control infrastructure in times of crisis. Mogull stressed the importance of having a system in place to account for the unknown and prioritize actions for a swift recovery.
Overall, the key takeaway from the IRISSCON 2024 conference is the necessity for organizations to be proactive in their approach to cybersecurity. By addressing vulnerabilities, limiting user privileges, and preparing for unforeseen events, businesses can strengthen their defenses against evolving cyber threats. Experts urge organizations to take action now to prevent future cyber incidents and protect sensitive data from malicious actors.