Council Post: Why Every Cybersecurity Leader Should ‘Assume Breach’ (2024)

Co-Founder and CEO of Varonis, responsible for leading the management, strategic direction and execution of the company.

In February, information about the highly successful Conti ransomware group leaked after it declared its full support of the Russian government—vowing to respond to any attack, cyber or otherwise, against Russia with "all possible resources to strike back at the critical infrastructures of an enemy."

Radical circ*mstances create radical change. Think about how the world and our behaviors changed almost overnight with Covid-19.

I'd like to highlight a few points from the leaked Conti chats.

What the Leaked Hacker Group Chats Reveal

You'd be hard-pressed to find an incident responder who hasn't had multiple encounters with the Conti ransomware group over the past two years.

The leaked conversations reveal an organizational structure and payroll that resembles a legitimate business. An organization with between about 65 to 100 hackers, its payroll appears to be $6 million annually. Conti has been very successful at stealing data and extorting a lot of money—the group reportedly extorted $180 million in 2021.

The chats show the group purchased databases to research their victims, craft convincing phishing attacks against employees and business partners, and deduce how much their victims would be willing to pay. It purchases security products to lab test their malware's ability to silently slip past them. Conversations show that the group considers buying exploits and back doors from third parties — all while keeping a careful watch on their balance sheet.

Conti takes a disciplined approach, with safety rules for its members that include everything from good password hygiene to best practices that preserve anonymity on and offline. Its documentation and instructions include video tutorials to help less experienced and less technical attackers become dangerous quickly. And like any business, gang members discuss their techniques with others in the group.

Conti is just one example of a cybercriminal group. Now, after the invasion of Ukraine, we must consider how radical circ*mstances will affect Conti and other groups.

Cyberwarfare is upon us, and state actors will become more sophisticated. Their techniques will quickly spill into the commercial space as they have before. The progress we've seen in general programming with development frameworks, automation and no-code programming is already translating to the cybercrime realm, making it easier for attackers to learn, develop and scale.

Now that Russia decreed that intellectual property rights are no longer protected for "unfriendly" nations, what consequences would dissuade someone from taking up cybercrime? With many cyber-savvy people in Russia suddenly losing their jobs or suffering under sanctions, how many security professionals will join cybercrime groups or form new ones? Ransomware gangs could become recognized businesses or adjunct R&D departments. Either way, their target is your data.

Why You Should 'Assume Breach'

As the leaked chats from Conti show—any system, account or person at any time can be a potential attack vector. With such a vast attack surface, you need to assume attackers will breach at least one vector—if they haven't done so already.

Once you "assume breach," think about where an attacker would most likely go if they wanted to maximize their profits. If your organization is like most, that's straight toward your biggest critical data stores.

That logic bears out in our observations: Once inside your systems, attackers establish remote control, exploit any weaknesses they can find, go after accounts with high-level access and use these accounts to steal data. Unfortunately, they rarely counter much resistance once they're inside.

If you want to know how hard an attacker would need to work to access your critical data, pick a mid-level employee and examine their blast radius—all the data that an attacker could steal if one employee were compromised. Can the employee or attacker access critical data, or will they need to work harder by compromising other systems?

Attackers may not even need to work very hard—they may only need to compromise one user. In most organizations, most employees have needless access to thousands or even millions of files.

How would you know if an attacker or rogue insider accessed an unusual amount of critical data? We see very few organizations that can spot attackers early enough to avoid data loss.

Speaking of insiders, your employees are your organization. Although most employees are honest, remember that one rogue insider can have a lot of access and do massive damage. If you needed another reason to worry, ransomware gangs are actively seeking employees willing to give them insider access.

How You Can Make an Attacker's Job Harder

Your job is to make your blast radius as small as possible (users can access only what they need ), and you can detect unusual access that could indicate an attack is underway. Every extra step you force an attacker or insider to take slows them down and gives defenders an opportunity to detect and thwart an attack.

The first step is to take an inventory of your most critical data—what attackers will go after. Where are your intellectual property, source code, customer and employee records?

The next step is to take an inventory of the controls that surround your critical data. Do the right people have access—both inside and outside the company? Are you able to spot unusual activity on this critical data? If a critical configuration was changed for the worse, what would spot it and roll it back?

Once you've inventoried your critical data and the controls that are closest to them, you can focus on concrete steps to optimize and maintain those controls. With so many possible attack vectors, it makes more sense to think about the attacker's origins after you've secured their destination—your critical data.

And always remember: After your employees, your data is your most valuable asset.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Council Post: Why Every Cybersecurity Leader Should ‘Assume Breach’ (2024)
Top Articles
Raleigh Lawn Mowing Tips to Live By | Eastern Turf Maintenance
Bacio D'italia Food Truck Menu
Yale College Confidential 2027
Lesson 10 Homework 5.3
Parc Soleil Drowning
M3Gan Showtimes Near Lodi Stadium 12 Cinemas
Autozone Locations Near Me
Lkq Pull-A-Part
Butte County Court Oroville Ca
Grand Rapids Herald-Review Obituaries
What retirement account is tax-free?
How Much Is Cvs Sports Physical
Uw Oshkosh Wrestling
Do people over 65 pay federal income tax?
888-490-1703
Metalico Sharon Pa
Zees Soles
Carly Carrigan Family Feud Instagram - Carly Carrigan Home Facebook : The best gifs for carly family feud.
Nissan Rogue Tire Size
Hannah Nichole Kast Twitter
Rainbird E4C Manual
Wwba Baseball
6 Fun Things to Do in Bodega Bay - Sonoma County Tourism
MySDMC SSO: Manatee County’s Digital Educational Access
Amex Platinum Cardholders: Get Up to 10¢ Off Each Gallon of Gas via Walmart Plus Gas Discount
G4 Vore
Mapa i lokalizacja NPC w Graveyard Keeper - Graveyard Keeper - poradnik do gry | GRYOnline.pl
Kidcheck Login
Unveiling AnonIB: The Controversial Online Haven for Explicit Images - The Technology For The Next Generation.
Herdis Eriksson Obituary
VMware accompagne ses partenaires et soutient leur transformation en faisant évoluer son programme « VMware Partner Connect » - Broadcom News & Stories - Français
Western Lake Erie - Lake Erie and Lake Ontario
What Is The Solution To The Equation Below Mc010-1.Jpg
Solarmovies Rick And Morty
Boise Craigslist Cars And Trucks - By Owner
7UP artikelen kopen? Alle artikelen online
Planet Zoo Obstructed
Bdo Obsidian Blackstar
Scholastic to kids: Choose your gender
Tyrone Unblocked Games Bitlife
Enlightenment Egg Calculator
Dumb Money Showtimes Near Cinemark Century Mountain View 16
Make An Appointment Att
Farmers Branch Isd Calendar
Ice Quartz Osrs
Carabao Cup Wiki
Watch Shark Tank TV Show - ABC.com
Thoren Bradley Lpsg
Intervallfasten 5/2: Einfache Anfänger-Anleitung zur 5:2-Diät
Nfl Espn Expert Picks 2023
Munich Bavaria Germany 15 Day Weather Forecast
O2 Fitness West Ashley Photos
Latest Posts
Article information

Author: Manual Maggio

Last Updated:

Views: 5387

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Manual Maggio

Birthday: 1998-01-20

Address: 359 Kelvin Stream, Lake Eldonview, MT 33517-1242

Phone: +577037762465

Job: Product Hospitality Supervisor

Hobby: Gardening, Web surfing, Video gaming, Amateur radio, Flag Football, Reading, Table tennis

Introduction: My name is Manual Maggio, I am a thankful, tender, adventurous, delightful, fantastic, proud, graceful person who loves writing and wants to share my knowledge and understanding with you.