View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 5, 2019updated 06 Mar 2019 9:45am

CISOs Turn to Threat Hunting as Destructive Raids Soar

CISOs should report to CEOs, not CIOs, report warns

By CBR Staff Writer

Financial services CISOs are increasingly turning to active threat hunting, a new survey from Carbon Black shows.

A notable 47 percent of CISOs surveyed said their organizations are operating threat hunting teams, an increase of 27 percent.

The shift was highlighted in a financial services-focussed threat report from the Massachusetts-based endpoint security specialist today.

It comes as respondents reported a 160 percent surge in cyberattacks on FS companies that appear to have purely destructive, rather than financial intent. (The survey included CISOs from four of the top 10 banks in the world, Carbon Black said).

(The report comes after US-based independent email provider VFEmail said a hacker had destroyed the company by formatting all the disks on ever server on both its primary and backup systems in an as-yet unexplained incident…)

What is Threat Hunting?

Threat hunting is manual (albeit often “machine”-assisted) interrogation of a network based on the assumption of breach. Its rise comes as Carbon Black reports a surge in attacks that are aimed at destroying data or holding financial services entities to ransom, rather than “old-fashioned” theft.

“Financial institutions are grappling with some of the most sophisticated cyber crime syndicates. Perhaps the most concerning indication from this report is the stark increase in destructive attacks, which are rarely conducted for financial gain,” said Tom Kellermann, the report’s author and Chief Cybersecurity Officer at Carbon Black.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

He added: “Rather, these attacks are launched to be punitive by destroying data. Cybercriminals have formed sophisticated approaches to gain access to confidential banking and financial information and organisations need to be aware of the impending threats.”

Among other findings in the report, Carbon Black said attackers are increasingly using highly reputable domain resources, such as content delivery networks (AWS, Akamai, Cloudflare, Google Cloud, etc), to open covert channels, allowing them to bypass content filters as those locations are generally trusted.

“This is referred to as Domain Fronting, and the traffic is often encrypted using HTTPS making it difficult to detect and prevent.”

The survey also found that 62 percent of surveyed financial services CISOs report to the CIO, a fact that Kellermann said should raise eyebrows.

“This represents a potential governance crisis. CISOs must be empowered with greater authorities and separate budgets in order to preserve safety and soundness in the financial sector. CISOs should report to CEOs or CROs as their defensive mindset often conflicts with the uptime, availability, and content driven goals of CIOs”.

The report’s release comes a day after Carbon Black announced that it was teaming up with Alphabet’s new entrant to the cybersecurity market, Chronicle. The partnership will see Carbon Black’s endpoint detection and response (EDR) data shared with Backstory, Chronicle’s recently announced security analytics product.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.