RSA Roundup Day 3: VMware Carbon Black Cybercrime Outlook, Secureworks
Day three of this week’s massive RSA Conference 2020 in San Francisco brought the release of VMware Carbon Black’s 2020 Cybersecurity Outlook and Secureworks’ new cloud configuration assessment.
The report uncovers the top attack tactics, techniques and procedures seen over the last year. VMware Carbon Black also collaborated with Forrester Consulting on a survey of more than 600 IT/security managers and above, including CIOs and CISOs.
Among the top findings:
- Attacker behavior continues to become more evasive, a clear sign that attackers are increasingly attempting to circumvent legacy security solutions. Defense evasion behavior was seen in more than 90% of the 2,000 attack samples analyzed.
- Defense evasion behaviors continue to play a key role with ransomware. These ransomware attacks are heavily targeting organizations in energy, government and manufacturing sectors.
- Wipers (attacks that can overwrite data and clear hard drives) continue to trend upward as adversaries (including Iran) began to realize the utility of purely destructive attacks.
- IT and security teams appear to be aligned on goals — preventing breaches, efficiency and incident resolution — but more than 77% of survey respondents said IT and security have a negative relationship.
- Fifty-five percent of respondents said driving collaboration across IT and security teams should be the organization’s top priority over the next 12 months.
- More than 5% of respondents said both security and IT will share responsibility for key areas like endpoint security, security architecture and identity/access management over the next three to five years.
Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, tells us the high number of respondents claiming that IT and security have a negative relationship within their organization is both surprising and concerning.
“This shows that despite vastly increased awareness around cybersecurity and the continued conversation around increased collaboration, there is still a lot of work to be done,” he said. “Security should be a team sport; however oftentimes it can feel like the two sides are at odds, given the constant evolution of the attacker and the large number of IT footprints that attackers can target. It’s common to find that some organizations have misaligned priorities between IT and security teams (often driven by process and organizational challenges including discrepancies among reporting structures, budgets, processes or skill sets), and for things to function like a well-oiled machine the right hand needs to be talking to the left.”
This issue is further magnified by the C-suite’s perception of IT and security staffing, as only 31% of C-suite respondents said their IT and security teams are understaffed, while 61% of VP-and-below respondents said these teams are understaffed, Kellermann said.
“This 30-point delta suggests that the C-suite may be out of touch with the day-to-day IT and security resourcing needs for the organization,” he said. “In light of the security talent shortage, organizations must play as a team to best defend against cyberattacks. Executing a consolidated IT management and security strategy will help break down silos and empower respective teams to tackle security.”
The ability to drive collaboration and share decision making are key functions security and IT teams need to master in order to work cohesively to defend against new attacker behaviors, Kellermann said.
“As hackers continue to evolve, IT teams need to …