BLOG POST

Are You Spending in the Right Places to Break the Cyber Kill Chain?

 

July 23, 2019 | Reports Security and Risk | Nick Bowman

The shift that organizations are undergoing as they move customer and citizen data online, push new services, create new ways to interact, and improve supply chain efficiencies is one of the most seismic things to have happened in IT since cloud…or SDN…or virtualization…or high speed internet.

The latest CyberArk Global Advanced Threat Landscape Report arrives against the backdrop of this change.  The impact and demands of digital transformation represent a – potentially – massively expanded attack surface.  Bottom line?  Right now, it’s really important to be spending your security budget in the right places.

The Cyber Kill Chain
The cyber kill chain model: Focus security spending on blocking lateral movement and privilege escalation attacks.

Consequently, investigating where information security professionals targeted their budgets to combat cyber threats was one of the principle goals of this CyberArk Global Advanced Threat Landscape Report. To do this, CyberArk mapped security professionals’ spending plans against the cyber kill chain – initial infection, reconnaissance, command and control, lateral movement, privilege escalation and disruption and damage. We found that there are two places on the kill chain that represent the areas of greatest risk. The first is the area of initial infection. Our survey shows that half of global organizations believe that there is no way to block all attackers all the time from penetrating the network.

Since it seems clear that some attackers will be able to get in, it’s important that organizations concentrate their spending on technologies that can address the second area of highest risk – blocking lateral movement and privilege escalation. So, it’s good to see that 28 percent of survey respondents are planning on doing just that by focusing their efforts on blocking lateral movement and privilege escalation within their systems over the next two years.

Controls that address these phases of the cyber kill chain can thwart attackers before they can get to what really underpins today’s digital businesses – critical data and assets. With limited resources to bring to an expanding digital threat landscape, organizations need to pick their battles. Protecting critical assets is the fight organizations can’t afford to lose.

Download the eBook to see the full survey results.

 

STAY IN TOUCH

STAY IN TOUCH!

Keep up-to-date on security best practices, events and webinars.

Share This