Going on offense: Combatting cybercrime with offensive cybersecurity
Unfortunately for modern businesses, especially those in healthcare, not only are cyberattacks getting more frequent, they’re also becoming more sophisticated and complex. And despite an increase in spending on cybersecurity, many organizations have yet to see improved results. Clearly, it’s time for us to rethink how we approach cybersecurity. Traditional cybersecurity solutions such as antivirus and intrusion detection systems are inherently reactive. They take time to create signatures of attacks, and to find (or not find) malicious signatures in the massive amount of network traffic flowing in and out of an organization. In fact, current research shows that it takes an estimated fifteen hours for an attacker to gain unauthorized access to sensitive information, but it can take an estimated 200 days for that access to be detected. The answer to this problem? Flipping the script from mainly defensive security measures to offensive cybersecurity. A specialization underneath the cybersecurity umbrella, this underutilized technique shows promise to bridge the gap between attacks and response times while helping organizations take back control of their cybersecurity.
What is offensive cybersecurity?
Offensive cybersecurity is when an organization actively seeks out their own cybersecurity vulnerabilities before a bad actor can exploit them. This type of activity is virtually the same as what malicious attackers would be doing if they were trying to compromise the organization.
There are many ways for this to be done, but here are some of the most common techniques:
Vulnerability assessments: Offensive cybersecurity tests that involve the use of vulnerability scanning software/services that analyze organizational assets against a database of known security vulnerabilities. This practice is meant to efficiently and thoroughly examine potential points of weakness that could be leveraged in a cyberattack.
Penetration testing: This takes vulnerability assessments a step further by attempting to demonstrate exploitability of discovered vulnerabilities. Penetration testing reports often frame findings in the perspective of the adversary and can provide useful insights to network defenders on where the most critical vulnerabilities exist.
Red Teaming: Often considered the most involved form of offensive cybersecurity testing, “Red Teams” are generally considered to be internal teams of offensive cybersecurity professionals. The primary focus of these teams is to act as an adversary by launching attacks against organizational networks and systems as realistic to a real-world attacker as possible. This includes attempting to avoid detection, which tests the security readiness of not just the networks, but also the security personnel of the organization.
By employing offensive cybersecurity, organizations no longer have to be attacked to begin the process of understanding risk, remediating vulnerabilities and determining response plans.
By employing offensive cybersecurity, organizations no longer have to be attacked to begin the process of understanding risk, remediating vulnerabilities and determining response plans. Nor do organizations have to rely on paid services of third-party vendors to develop signatures and issue updates that can lag far behind popular use of attacks in the wild. Overall, this shifts the cybersecurity paradigm from the traditional reactive nature to one of proactivity and preparation.
Offensive cybersecurity programs can help organizations speed up their adaptability and even outrun the competition in the cyber arms race. So then why is it often missing from current cybersecurity plans? In my next blog, I’ll take a deeper look into why organizations tend to overlook the offensive side of security, offer tips for implementing offensive strategies and more.