Manufacturing and engineering businesses can no longer rely on defensive, reactive measures. Proactivity is required to build knowledge of relentless risks to better predict, prioritise and prevent ransomware attacks. Cyber threat intelligence can help achieve this.
The elite mentality and professionalism of the football Premier League provide a useful reference for enhancing cybersecurity strategies. Like the UK’s manufacturing and engineering sector, top-level football has established itself as a multi-billion-pound industry. This intensifies competition and drives innovation, as football clubs strive for the top spots and to solidify their position in a lucrative league.
An area of football where innovation has exploded, is the management of teams and the meticulous preparation for each match. Advanced technologies, wearables, video collection and data science and analytics are used to understand the opposition and to inform match plans. The same principles apply to staying ahead of ransomware hackers and improving cybersecurity.
An evolving threat landscape
Earlier this year, the National Crime Agency reported that the ransomware landscape has shifted to a ‘post-trust ecosystem’. Businesses now face more unpredictable, dangerous and interconnected threats of attack. Cybercriminals have no boundaries. They relentlessly innovate, experiment and collaborate to outpace law enforcement and find new ways of breaking security defences.
The Hacker News recently reported a ‘strategic alliance’ between three ransomware groups – DragonForce, LockBit and Qilin, which epitomises how the ecosystem is evolving. The criminal coalition aims to share techniques, resources and infrastructure to strengthen overall capabilities. Such moves demonstrate a level of interconnectivity and how ransomware threats are growing and adapting.
Organisations, especially those operating in high value sectors like manufacturing and engineering, where disruption and unscheduled downtime can prove critical, have to be more alert and informed. Like Premier League game preparation, businesses need to know what they are going up against.
Intelligence-led gameplans
Elite Premier League managers build extensive intelligence of opposing teams. Previous matches are analysed, with constant replays and examination of how goals were scored and conceded. The opposing team’s tactics will be broken down, with meticulous attention paid to how a team sets up and how it targets areas of weakness on the pitch.
Managers and coaching staff utilise this intelligence to adapt how they approach a match and prepare, with decision-making informed by comprehensive, reliable data and insight. The same should be applied to mitigating ransomware attacks. Organisations must build threat intelligence about how the opposition – cybercriminals – are doing what they do, how and why.
Many forward-thinking organisations have invested in robust cybersecurity defences. However, ransomware attacks are successful due to being able to establish entry into organisations via a multitude of ways, making it harder for security teams to detect and monitor every possible entry point. Every security team is overwhelmed with monitoring; tuning and prioritising directions is an endless balance of noise to signal ratio. Essentially, can I observe every possible attack? And at what stage would I like to detect? Knowing earlier can help lessen impact but creates more alerts to review….it’s a dilemma.
Hackers are constantly putting organisations under the microscope, scrutinising how they build defences and gaining knowledge to inform their attack techniques. Cybersecurity teams must adopt the same level of observation and scrutiny by proactively monitoring the threats they face.
Cyber threat intelligence can enable organisations to better understand ever-shifting ransomware threats. Sophisticated vulnerability and attack surface intelligence will analyse billions of data points from across the open and dark webs, and technical sources, providing a comprehensive external view of the vulnerabilities, misconfigurations and other exposures that are in the most urgent need of review and potential remediation.
With threat intelligence, organisations can be winning the Premier League like Liverpool FC’s Arne Slot and avoid being relegated due to not being prepared for the opposition faced throughout the year.
Jason Steer, chief information security officer, Recorded Future
