Cybersecurity, The Enterprise Network & Evolving Threats

The #1 priority for new IT spending in 2022: Cybersecurity.

That is the consensus of nearly two-thirds of the 2,000 CIOs who participated in the 2021 Gartner CIO Agenda cybersecurity survey. In fact, according to the report, the $154 billion spend on information security and risk management technology in 2021 was an increase of 12.4% from the previous year with an expectation of spending to top $172 billion by the end of 2022.

This should come as no great surprise considering the acceleration of cyber-threats, including numerous damaging attacks perpetrated on high-profile organizations over the past few years. In 2021 alone, the incidence of cyberattacks increased by 125%, peaking at 925 a week per organization globally. A recent joint CISA/FBI warning predicting the likelihood of even more malevolent activity targeting U.S. organizations as spillover from the conflict in Ukraine has only added to the increased sense of urgency.

Prior Hacks Fueling Current Attacks

The increase in hacking attempts aligning with a global pandemic is also no coincidence. The sudden exodus of employees from under the protection of enterprise firewalls and into home offices  translated into open season for threat actors looking for vulnerable targets. Organizations were caught unprepared and scrambling to close open pathways for intrusion created by a dispersed workforce using unsecured technologies for business purposes.

One would think that, as the pandemic eases and employees head back to the office, so, too, would the success rate of cyber-attacks . But just the opposite is true. One reason: Over the past three years, cybercriminals have been extremely successful at breaching business systems and stealing data. According to the Identity Theft Resource Center (ITRC) Annual Data Breach Report, there were a record 1,862 U.S.  data breaches in 2021, a 68% increase over 2020 that  generated a plethora of stolen data landing on the Dark Web. Now in the hands of experienced cybercriminals, that data is fodder for social engineering tactics used against unwitting targets to gain access to enterprise operations.

And that, in turn, has given rise is an evolving and ever-more nefarious form of cyber-theft, specifically, the propagation of ransomware. In a ransomware attack, the intruding perpetrator is able to unleash malware into the networks that encrypts critical  data, blocking access to files, databases, or applications. A ransom is then demanded to restore access. In 2021, researchers recorded 623.3 million ransomware attacks globally, an average of 2,017 attempts per organization. This represents a 105% increase over 2020 and more than triple the number seen in 2019.

Why such explosive growth? For starters, a successful ransomware event is extraordinarily profitable for the criminal, netting an average of $570,000 per successful strike and, for large organizations, that has often climbed to the millions.  On top of the ransom payout itself, such events are also extraordinarily damaging to the victimized enterprise costing, on average, an additional $4.62 million in terms of mitigation, brand damage, and business loss.

Other reasons that ransomware attacks are on the rise:

1. The easy monetization of ransom demands through hard-to-trace cryptocurrency. Unlike bank accounts, this form of payment provides anonymity for the destination address associated with the ransom demand;
2. The tendency of companies to succumb to the demands of the attackers and, in so doing, encourage more bad actors to embark on this “get rich quick” scheme. While government officials are requesting that organizations hold out on paying ransoms, it is extremely difficult for, say, a healthcare system or public utility when extended network downtime will have a direct impact on the welfare of the populations they serve. It is no surprise, then that the healthcare segment faced a 755% increase in ransomware attacks in 2021, according to the 2022 Cyber Threat Report
3. The growth of Ransomware as a Service (RaaS). For as little as $40 a month, anyone with minimal technical skill and access to the Dark Web can lease a “kit” used to infiltrate targeted organizations, lock down network operations, and set up the ransom money exchange. According to cybersecurity technology company CrowdStrike,  many of these offers include features identical to legitimate SaaS providers, such as 24/7 support, bundled deals, even user reviews and forums.

Criminal Attackers See Fresh Opportunity through the Voice Channel

While these trends have prompted increased focus and spending on network reinforcement, the majority of that attention has been on the data network (email and web). In the meantime, bad actors are now finding new opportunity in the overlooked and under-protected voice channel.

Saboteurs intent on harming a targeted business may flood the organization’s voice network with computer-generated calls from spoofed (digitally altered) caller IDs. These “spoof storms” degrade network performance and disrupt business operations. They may also be the first indication that a criminal element is probing the organization for signs of network vulnerabilities and potential human targets. Once identified, these individuals become the focus of vishers (voice phishers) who leverage harvested personal data and social-engineering (psychological manipulation) techniques to gain trust and then extract sensitive information that they can use to access internal systems.   

These vishing incidences are on the rise and show no signs of abating. They are, in fact, evolving. This PhishLabs report describes the emergence of a new hybrid vishing strategy that starts with an email with a request to call back what appears to be a trusted source, and ends with the victim calling and providing the sender requested information over the phone. Of course, that call is going to a cyber-thief. Though trained to be wary of hitting links in emails and cautious about calls from unknown sources, employees are apparently more trusting when they are the ones making the call. Such incidences have more than doubled quarter-over-quarter in 2021 and now account for more than 21% of all “response-based” threats.

So it’s not just inbound voice traffic that’s at risk; outbound traffic is now just as likely to provide a gateway for fraudulent activities.

CSOs Know the Risk – and the Cost – is Rising

CSOs know that the risk of their organization falling victim to a cyber-attack is on the rise. According to Statistica, 74% of large companies surveyed reported a data breach in 2021, a 58% increase over 2020. 

What’s more, in its  2022 Global Digital Trust Insights Survey, Pricewaterhouse Cooper (PWC) collected insights from 3,602 business, technology, and security executives, 50% of whom said they expect a significant surge in reportable cyber-incidents in the coming year. 

And the cost? According to this IBM report, the average total cost of a data breach in 2021 was $4.24 million – a 9.8% increase over the prior year. For a healthcare organization, that cost soars to $9.23 million, a 29.5% increase over 2020.

It’s no wonder, then, that investment in cybersecurity has become a top priority. Organizations cannot afford to do otherwise.

Best Bang for the Buck – Intrusion Prevention

The vast majority of the PWC survey respondents say they anticipate new spendings on cybersecurity protections in 2022, with more than a quarter projecting double-digit spending increases.

The challenge now is in directing those dollars where they will provide the greatest benefit.

In their “9 Essential Elements of Network Security” report, authors Lee Doyle and Charles Kolodgy list Intrusion Prevention as the second most essential element behind fortification of the Network Firewall.  They describe an Intrusion Prevention Systems (IPS) as one that “provides continuous monitoring of the network or system activities and analyzes them for signs of policy violations, deviations from standard security practices or malicious activity. They log, alert, and react to discovered issues.”

A January 2022 article for CFO titled Cybersecurity Spending Areas to Evaluate also advances investing in Intrusion Prevention and, in fact, places Threat Detection and Monitoring into the #1 priority position. The logic is clear. As summed up by Raj Patel, cybersecurity practice leader for financial consultancy firm Plante Moran, organizations intent on protecting their assets need to act now to “Invest in cyber tools and solutions that help monitor vulnerabilities and detect potential cyber threats. These tools will act as an early-warning system and limit the damage from an attack.”

Voice Traffic Filter – the Ultimate Addition to your Cybersecurity Toolkit

When addressing “network security,” it’s important to recognize that the network itself is made up of two fronts – data and voice – and historically, the least protected of these is voice. Among the most comprehensive tools for closing the gaping cybersecurity gap in the enterprise voice network is Mutare’s Voice Traffic Filter. Its unique, multi-layered system for diverting unwanted and nefarious calls not only blocks the bulk of known spam and robocalls at the network edge but, through continuous call traffic monitoring and sophisticated analytics, recognizes suspicious patterns consistent with vishing “reconnaissance” probing, potential spoof storms, and other aberrant or nefarious activities.

The Voice Traffic Filter also provides administrators with the information and controls they need to divert any call with suspicious markings through the filter’s unique voice CAPTCHA for additional vetting, so accidental blocks of legitimate callers are avoided while potential damaging intruders are diverted. This control is also a way to quarantine questionable traffic, with the added capability to test that traffic to determine if each call can be trusted, or not.

Through the Filter’s Custom Rules manager, administrators can create organization-specific allow lists, block lists, and Rules for actions (Allow, Drop, or Route) which are then applied against specific numbers or partial numbers, not only for incoming traffic but for outgoing traffic as well.

In essence, the Mutare Voice Traffic Filter hardens an organization’s Resistance Strength against cyber thieves who, as criminal opportunists, are always on the lookout for the easiest targets. Mutare’s Voice Traffic Filter makes sure your organization is not one of them.

See What’s In Your Voice Traffic

Organizations interested in gaining a better understanding of the health of their voice traffic can start with a free Mutare Voice Traffic Analysis (VTA) that processes organization-supplied call data records (CDR) through its dynamic database to reveal the approximate volume of unwanted calls traversing the network. According to Mutare’s VTA data (well over 100 million call records processed to date), these robocalls and spammers account for approximately 9% of all incoming enterprise calls nation-wide. Blocking these alone before they ring through provides immediate relief from workflow disruption, increases network performance, and provides, on average, a nearly 800% annual ROI just in recovered productivity.

Full Voice Traffic Filter Test Run

However, true network protection requires far more than blocking known robocalls and spammers, as these calls are often just providing cover for the very real threat of cyber-criminal intrusion. That is where the Mutare Voice Traffic Filter’s multiple layers of protection sets it apart. While skilled cyber-criminals may attempt to elude database filtering through caller ID manipulation, they can be revealed under the deeper analysis and detection capabilities of the Filter’s sophisticated call data analytics and reporting that allows administrators to divert suspicious calls before they have a chance to penetrate the network and inflict damages. Each integrated layer, starting with the Dynamic Database and including STIR/SHAKEN score analysis, Threat Radar detection, Custom Rules for managing both inbound and outbound traffic, and voice CAPTCHA vetting, provide a near-impervious shield of protection which is designed to evolve with subsequent layering even as nefarious actors change their tactics.

To fully experience the full detection, filtering, and reporting capabilities of Mutare’s Voice Traffic Filter, speak with your business partner or contact a Mutare Representative to arrange for a Proof of Concept trial. Mutare makes it easy.