Threat hunts form part of a proactive cybersecurity strategy

Simeon Tassev, MD and QSA at Galix

Ransomware remains one of the top cyber threats facing businesses in South Africa and the world, causing financial, reputational and collateral damage. In addition, there is a growing trend toward cyber extortion, where data encrypted for ransomware purposes is then leaked to the public, or even used against individuals. Backup and recovery, while they remain essential, are no longer sufficient to protect businesses adequately against this threat. A more proactive approach is becoming essential, including threat hunts, which proactively search networks for cyberthreats that may be lurking undetected.  

Lucrative targets 

The threat of cyberattack is real and growing, and the likelihood of businesses being attacked is increasing daily. In fact, South Africa is the second most targeted country in Africa, with ransomware among the top five cyberthreats. Public sector, infrastructure and large organisations are the most attractive targets for a number of reasons, chiefly because they have information that is valuable as well as the means to pay the ransom.  

The cost to benefit ratio for cybercriminals of an attack on large organisations is highest, whereas smaller businesses may be a lot of effort for cybercriminals with little reward. However, realistically any business could potentially fall victim to a cyberattack, and it pays to be prepared.  

Changing angles 

In addition to becoming more frequent and more sophisticated, ransomware attacks have also shifted away from just encrypting the data to hold it to ransom. The entire modus operandi has changed from denying data availability to disclosing data that has been stolen. There are a number of repercussions to this, including extortion of individuals based on stolen data, reputational damage resulting from leaked information, as well as compliance breaches and fines.  

It also means that the approach of having a backup and restoring from a clean copy of data is no longer an effective approach to mitigating risk. Once data has been stolen, there is no way to get it back, even if a business has another copy of the data with which they can attempt to carry on business. A more proactive approach to threat prevention and detection has become critical, and threat hunts have evolved as part of this strategy.  

Seek and find 

Threat hunts are automated tools that proactively search for security risks on the internet, the dark web and within an organisation’s network. Where threat detection systems will identify known threats, threat hunting looks for threats that are unknown, undetected and unpremeditated. When potential threats are identified an alert can be triggered so that they can be investigated further, and the appropriate action taken.  

These technologies make use of intelligent software that combines next-generation technologies like big data processing, artificial intelligence and machine learning, with human intelligence, to complement existing security solutions, add another layer into the security mix, and drive an enhanced security posture.  

Prevention is better than cure 

In today’s world, responding after the fact to a ransomware attack may be too late. While it remains essential to always have backup and the ability to recover from a clean copy of data, this is no longer sufficient to mitigate the threat of ransomware. Increasingly, the data itself is being used for extortion purposes, so the goal post has shifted from reactive recovery to proactive prevention.  

There are many tools available to assist with this, including threat hunting, which offers a proactive solution to preventing threats from dwelling on networks, wreaking havoc and stealing data that can then be used for nefarious purposes. Threat hunting helps organisations stay a step ahead and mitigate the growing risk from cybercrime.  

By Simeon Tassev, MD & QSA at Galix Networking