View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
In association with Sophos
  1. Partner content
May 22, 2023

The key to good corporate cybersecurity is defence in depth

According to new data from Sophos, companies need to get used to the idea that attackers will worm their way past their defences. But they can still challenge them once they’ve breached the gates.

By Tech Monitor Staff

Some of the most dangerous vulnerabilities facing companies today are the ones that, in any other world, would remain entirely unnoticed. Known as LOLBins – a reference to ‘Living off the Land’ binaries, rather than the practice of maniacally laughing at refuse receptacles – these vulnerabilities are naturally occurring executables found on operating systems; mistakes in the code made long ago that remain overlooked by developers, but eagerly sought after by your average cybercriminal.

Then, of course, comes the cornucopia of other vulnerabilities that provide threat actors with a window into the inner workings of your corporation. According to Sophos’s new ‘Active Adversary Report for Business Leaders,’ an analysis of 152 incident response (IR) investigations across 31 countries, ProxyShell and Log4Shell vulnerabilities loomed particularly large. Compromised credentials are also a particular source of concern, explains John Shier, the cybersecurity firm’s field CTO.

“When today’s attackers aren’t breaking in, they’re logging in,” says Shier. “The reality is that the threat environment has grown in volume and complexity to the point where there are no discernible gaps for defenders to exploit. For most organisations, the days of going at it alone are well behind them.”

Ransomware epidemic

Ransomware, meanwhile, has halted its exponential growth as an attack method. Even so, it remains a plague. Two-thirds of the firms investigated by the Sophos IR team found that this form of digital hostage-taking was deemed a threat – unsurprising, given that ransomware featured in almost three-quarters of their investigations over the past three years. Attacker dwell time is also decreasing. Sophos data reveals that, for all attack types, threat actors are spending an average of ten days inside company systems, down from 15 the previous year. That did not vary across company size.

There are solutions out there – services that can help companies formulate defences-in-depth to better shield themselves from attack. “Organisations that have successfully implemented layered defences with constant monitoring are seeing better outcomes in terms of attack severity,” says Shier. The reason is simple: improved defences mean, in turn, that adversaries speed up their attacks, become more visible to IT security departments, and get dealt with at a much earlier stage than they otherwise would have been. Conversely, adds Shier, “those without proactive monitoring will suffer the greatest consequences”.

In short, therefore, businesses should not lose heart. While the threat environment is continually evolving, Sophos remains ready to blunt the opportunistic adventures of cybercriminals by offering services such as its cloud-based central management console and access to Sophos X-Ops, its cross-domain threat intelligence unit. “It truly is everything, everywhere, all at once,” says Shier of the current threat environment. “However, there are tools and services available to businesses that can alleviate some of the defensive burden, allowing them to focus on their core business priorities.”

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.