Fileless Attacks are Driving Up Security Complexity & Costs

2
[ This article was originally published here ]

If you feel like it’s getting harder and more expensive to protect your company from cyber attacks, you’re not alone. From streamlined startups to global enterprises, organizations in every industry are feeling the crunch as the threats they’re facing rapidly evolve.

The Ponemon Institute’s 2017 State of Endpoint Security Risk report provides a thorough and enlightening overview of what’s happening. Now in its fifth consecutive year, this highly regarded report analyzes survey responses from more than 600 IT and security practitioners located in the United States. This year’s edition highlighted a few startling stats as well as some unsettling trends.  

What won’t surprise most IT professionals is that the threat of endpoint security risk has increased, due to both the rising number of attacks and the evolution of attack techniques. Also on the rise is the cost of attacks. Based on data collected for the report, the average total hard cost of a successful attack is more than $5 million, including IT and end-user productivity loss, system downtime, theft of information assets, and a variety of other damages.

What may be overlooked, however, is that the complexity and day-to-day cost of defending against these attacks is becoming increasingly prohibitive.

Evolving Attack Techniques Drive Higher Day-to-Day Prevention Costs

Attackers are changing their approach based on what’s working. Looking at data for the past 12 months, the Ponemon report found that 54 percent of respondent organizations experienced one or more endpoint attacks that successfully compromised data assets and/or IT infrastructure. Of those successful attacks, 77 percent involved fileless techniques  designed to evade detection by abusing legitimate system tools or launching malicious code from memory.

Fileless techniques have long been used by sophisticated hacking groups, who typically aim their attacks at high-level targets like governments and large corporations. It was only a matter of time before these techniques were more widely adopted by cyber criminals. Now, because fileless attack techniques are expressly designed to exploit gaps in traditional security solutions, organizations large and small are finding themselves vulnerable.  

The urgent need to adapt existing protection to address fileless techniques is one of the primary factors driving up prevention costs. To begin with, the rapid proliferation of these types of attacks has caused organizations to lose faith in traditional antivirus (AV) security measures. As a result, companies are either replacing or supplementing their existing AV with new endpoint protection solutions. Unfortunately, because the majority of these options were designed to be used by large enterprise security teams they are typically too expensive and complex for mid-market organizations.

Not only do these products incur up-front implementation costs in the form of professional installation services and other expenses, they also typically increase ongoing management costs because of things like:

Greater expertise requirements: As traditional security solutions struggle to adapt to the new threats, both they and new entrants into the market are rolling out new features and functionality that make management more complex. This in turn can create additional service costs and also higher staffing fees as companies find they need to hire more senior IT security professionals to manage the advanced solutions.

Additional time and resources spent on monitoring: The majority of solutions transitioning towards addressing fileless attacks fall in the endpoint detection and response category. They are primarily built to gather indicators of compromise that security teams then need to analyze and take action on after an attack is already doing damage. For companies without large dedicated security teams, more after-the-fact data from disparate sources can be more burdensome than helpful.

More false positives: When asked to identify the biggest problems with their current endpoint solutions, 45 percent of respondents said it was the high number of false positives and IT security alerts they had to respond to on a regular basis. Because fileless attacks often hijack legitimate tools and processes, many solutions attempting to detect them struggle to properly distinguish between valid and malicious activity. As a result, admins are getting flooded with false positive alerts they have to chase.

Addressing New Threats without Adding Unnecessary Costs & Complexity

As more attackers adopt fileless techniques previously only used by sophisticated hacking groups, businesses of all sizes in all industries need to be prepared and protected — not just enterprises. The good news is mid-market companies aren’t completely on their own. Teams like the ones at AlienVault and Barkly have made it their priority to develop and deliver strong, easy-to-use solutions without adding zeroes to the IT budget or creating massive amounts of complexity and additional work.

There are also concrete steps these organizations can take to harden their networks, and we’ve outlined some of them here. To get more statistics and insights on how endpoint security is evolving and how organizations are reacting to fileless attacks, download the full Ponemon report.