The cybersecurity industry is unsustainable. The field is intense, staff having to rapidly shift gears from ransomware threats to zero-day attacks with increasing urgency and little time to breathe.
This anxiety is reflected in the companies that are so dependent on cybersecurity professionals for day-to-day operations. Malware attacks are growing in numbers, scale, and complexity. This erodes away the bottom line, as attacks swallow millions of dollars’ worth of business a minute.
The problem can be split into two major segments: internal to your company, and external. You’re at the complete mercy of the latter, but the other – you can do something about.
Here’s how compassion, realism, and a pinch of RASP security can help you shift the balance back in your favor.
Problem 1: The World Wide Web
Interconnectivity is a blessing and a curse. It allows your teams to collaborate even when separated by thousands of miles; it means customers can learn about, purchase and review products without even stepping past their welcome mat.
But it’s not all Github and giggles: despite Google’s impressive attempt at sanitizing the world wide web, there’s still swarms of malicious actors lurking on Tor sites, Telegram groups and Discord servers. Their motive is money – and sometimes the infamy of getting their cringe-worthy hacker name on the news.
In Mimecast’s 2021 Security Report, 61% of organizations experienced a ransomware attack that led to disruption in business operations. This is a 10% increase from 2020, with a particularly high attack rate in the healthcare sector – that sector alone lost $20 billion.
Another consistent and high-level threat has been software vulnerabilities. These manifest as zero-day attacks, where piles of Javascript – precariously balanced on a few strands of open-source code – come crashing down.
The log4j attack was one particularly brutal example from 2021. This saw any Java app with Apache logging become a ticking time bomb, where criminals could simply re-route a secure app to their own malicious server.
These extortions and threats are driven by money. The 16-year-old LAPSUS$ ringleader amassed a $14-million fortune in only two years; REvil gained at least $6 million.
Problem 2: Staff Shortage
Given the external threat landscape, cybersecurity employees should be as vibrant, hard-working and (almost) as well-compensated as their illegal counterparts.
However, the 2022 State of Cyber Assets report has dropped a major reality check on the industry. Most security staff are underpaid, undertrained and overworked.
The average security team is responsible for managing over 165,000 company assets. This runs the gamut from cloud workloads and network assets, to applications and data assets. Overall, it amounts to 500 cyber assets for every human employee, managed by a too-small team.
It’s no surprise that 61% of respondents indicate that their cybersecurity teams are understaffed.
The tight labor market has seen more enterprises turn to third-party security solutions, but this is merely outsourcing a problem. It is becoming increasingly common to see security events managed via time limits, with vanishing regard to the complexity or severity of an event.
In the 2022 CriticalStart survey, 40% of security analysts in the survey said they spent just 10 to 15 minutes on each security alert. Even worse – over half of those surveyed said their companies made it a point to hide security threats from customers or users.
57% of businesses reported that they offer very little to completely absent communication with their clients. In this case, enterprises that are paying for managed security services only see information relevant to them if an event is escalated.
This means that you risk losing visibility on potentially major issues.
Problem 2.5: You(r company)
The very companies employing and contracting cybersecurity professionals are contributing to their aggressive workload: on average, 91% of code running in modern businesses is developed by external third parties.
This follows an intensely cloud-focused software architecture; though fantastic for tailored storage solutions and rapid update deployment, the quantities of apps, clouds, and APIs start to pile up alarmingly quickly.
This further reduces risk visibility to almost nothing, as cyber attacks continue to wield exploits against unknown and unmanaged lines of code.
Finally, the way in which companies support their cybersecurity professionals can leave a lot to be desired. Alongside high turnover rates of 20% displayed in the CriticalStart survey, only 19% of Mimecast’s respondents stated their companies provide resources for managing the stress associated with the specific issues of IT security.
RASP to the Rescue
The quantity and complexity of security risks have human employees pushed to their breaking point. Automated systems are urgently required to help decrease the pressure.
Runtime Application Self-Protection (RASP) is a cybersecurity solution that monitors an app’s behaviors while it’s running, by comparing its behavior with its runtime instrumentation. Running automatically at every execution, RASP scans constantly for malicious activity.
The major benefit of RASP is its ability to automatically block perceived attacks: it builds these behavior blacklists from a mix of known attack threats; previously learnt app behaviors; and new input from threat intelligence.
RASP is a more comprehensive solution than firewalls: whereas firewalls protect an app’s perimeter, RASP monitors the whole runtime environment within which the device operates.
One example of its capabilities is against an SQL injection attack; where an attacker passes malicious code into strings that the SQL server will execute. As the attacker reaches the app and makes a request, the RASP tracks their movements. If it looks like an attack, but doesn’t go all the way to a SQL query, then RASP reports this as a probe.
If the attacker does then execute a SQL query – and modifies the query during the process – RASP blocks the attack. This is why RASP requires little configuration before being deployed, as it essentially matches the definition of SQL injection, then blocks only that query.
This makes it more precise than a firewall, and gives you deeper visibility into who these attackers are; where the attacks are originating from, and what the attacks look like – down to the exact lines of code. This way, RASP can loosen the load on cybersecurity teams, and keep them alert for more major vulnerabilities.
