KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Security leaders face an uphill task as cyber-criminals become increasingly creative, highly innovative, and armed with an arsenal of seemingly unlimited resources. Rapid digitalization to re-capture post-pandemic growth coupled with an uncertain geopolitical climate, businesses face growing cyber threats that require security leaders to re-think their cybersecurity strategy. To win the win against cyber-criminals, “knowing the enemy and knowing yourself” is key to building effective defences.
Security leaders face an uphill task as cyber-criminals become increasingly creative, highly innovative, and armed with an arsenal of seemingly unlimited resources. Rapid digitalization to re-capture post-pandemic growth coupled with an uncertain geopolitical climate, businesses face growing cyber threats that require security leaders to re-think their cybersecurity strategy. To win the win against cyber-criminals, “knowing the enemy and knowing yourself” is key to building effective defences.
So also from my side, good afternoon. Hope you're all doing well. I would like to have a chat with you about the changing cyber threat landscape, how to stay ahead of cyber criminals before starting with that particular topic. Just a few words about us. CMA is a startup founded in 2017 out of Singapore. We are now worldwide present with that within this very first few years, we were able to attract some, some high ranking customers. We also receive some well known well reviews from, from various analysts. Yeah.
And that should be it about because you, you are more likely interested into some essentials. So what are we looking at nowadays, as of now, as you can see. So this is an analysis from an Analyst firm, sorry for that. So organizations are constantly increasing their spendings for cybersecurity, regardless if it's tools, if it's personal, if it's infrastructure and that for very good reason, as you can see on the right side with the scale that the cost of cyber crime is also constantly growing.
And with that, I think there is a very good reason given to have a very close look about the cybersecurity approach, the strategy, and also the application of a fabric. So what are we looking at? So FERMA is a company, which is if I would be asked very simple, I would consider ourself as an intelligent service for the cyber world on a private level. So with that, we are able to collect harvest, correlate information out of various sources out in the cyber world, on the different layers, with the different niches and corners and shady places you might think of.
And with that kind of information, we're able for first of all, to oversee the whole scenery, which means that we are able to understand what are the hot targets, what are the financial relations to this? What are the objectives out of this who is probably most likely going to be attacked and what are the movements within the threat actors community?
So, first of all, as we are looking at this right now, the whole targeting is driven by the current economical and political surroundings with that said the current situation in, in the Ukraine is one of the main key drivers upon which targeting is currently being executed, which means, and also that is related to the other topics on a particular slide, which means it is first of all, the objective for a financial disruption, but also for a supply chain disruption. We are looking from a financial standpoint on two interesting facts.
So first of all, and obviously, which is well known, cyber criminals are after money. They would like to have an outcome out of their work. We're looking at an industry to this regard, but they also are requesting money. So they need funding. And that is one of the interesting parts of it. The funding is something which has become more and more important. Supply chain.
Disruption is set in the current geopolitical situation, one of the most important objectives so that the supply chain on the target side, but also on the threat actor side is on the one hand to be disrupted on, on the other hand, on the other side to be improved. So who is under attack, who is spotted as a target, everyone that's basically it. So we do have conversations with customers of different sizes, different businesses and different territories.
And, and one of the key aspects to this is always, so why should, why should I be worried? We are just, I don't know, a hundred, hundred and 50 employee com company. We were a very specialized business.
So, so why is that of importance? Well, as the numbers and as the St statistics show, and also our observations is that no one is spared, even though SMEs, obviously you hear about these enterprise companies being under tech successfully or failed. This is something which is then covered on media in certain cases, but basically there's a lot of activity, especially towards SMEs. One of the major aspects ransomware, John has mentioned it, ransomware is just, is just, just manic. There's no better word to say. So ransomware attacks are increasing tremendously again, targeting everyone.
So carpet bombing to initialize a ransomware attack is the most common attack method with that. All these ransomware groups are colluding are collaborating. And what we figure out by the way is also that successful campaigns. So successful TTPs are then used further on in a, in a subsequent execution chain. And also what we see is obviously cyber criminals collaborate. If we look at the activities, how to implement and how to execute and how to plan and attack, we understand that this is a, a specific sequence of individual tasks.
And for each task, you need to have a very specialized expertise. So you find threat actor groups focusing on reconnaissance, weaponization, and others are then focusing on the actual campaign execution. And this is something which where we see that cybercriminals are not working on a solo basis. They're working jointly. They collaborate is that, so what is coming up? And this is also based on our observations. So we are looking at now cyber criminals, focusing on kinetic cyber attacks. This is very important to understand that not only data is in focus, but also any kind of kinetic relates.
And that is a very dangerous situation. It's a very scary situation. And this is something where organizations need to focus on as well. Another aspect, again, current situation state sponsored for instance, with the Russian state sponsor attacks. But we have seen that in the past, especially out of the Eastern regions of this world where states sponsored threat actors were on their daily business with a very different objective where the Russian states sponsor attacks are completely supporting any kind of military threat activities.
Were the other activities prior to that, also state driven completely on a financial focus SAP before ransomware, it's just escalating. And another interesting fact, which we have discovered and experienced also personally, is deep fake technology being part of the attack methods, which means that for instance, as we are now having that particular presentation, that in certain cases, you can't be sure that you just see and hear me, but it's not me. And that'll be interesting to watch and to follow, but also to prevent in future. So why are these cyber attacks as of now so successful?
And I think that is one of the key elements also to put into consideration. When we talk about a cybersecurity fabric, as of now, the visibility of the external threat landscape is very limited or not existing. That is our experience. When we have our conversations with customers, with organizations, that is an interesting aspect because when I may raise an analogy to this, you have a house, you have an alarming system within your house. You have locks on your doors, you have very secure windows and all there is.
So every time someone tries, tries to intrude into your house, into your property and alarm goes off and that's in the point of event. But what you do not know is if and how, and who is looking at you from the outside at your property to plan something, to initiate something, gathering information about the details about your property, to try to find weaknesses.
And this is the part where we think it is most important to start with, to understand the exposure of an organization with its it infrastructure, but also with other aspects with the employees, with their behavior, for instance, but also with already existing data leakages, for instance, that is something which organizations should understand because with that, they're able to close their holes and, and, and also their identify their weaknesses, their vulnerabilities. And when I say vulnerabilities, I'm not talking about this buggy software vulnerabilities.
That's one aspect of this processes can be vulnerable for an organization, as well as the behavior of individuals. And this is something which needs to be understood when we look at this reasons for any kind of success.
We also find in very often cases, not only shadow it, but also forgotten it, which means that we list kind of an it asset for instance, which was used two years ago for a test of a web application and the responsible department and the individuals in that department were relying on each other saying, Hey, you should have decommissioned that particular its or why is it still online? Which means that there is a possible risk.
And also the branch risk is something which organizations should better understand, which means that business decisions are a trigger for a possible and for the risk of an attack, as well as the executed attack is also a driver for certain business decisions afterwards, which were not in scope beforehand with the digital footprint. And that's another important aspect. So not only knowing what the exposed it assets and their vulnerabilities are, it is also important. What is my digital? So what is my impersonation level?
So how many impersonated websites are existing out there by whom are they initiated? What part of infrastructure and campaign are there in, in, in, under which control of which that actor's group, this is something which is sometimes completely ignored, but important to understand, because with that, you're able to prepare yourself, but also your employees, your customers, your vendors, to be more secure expanding, or the expansion to third party systems nowadays, there is this whole technological integration let's say of supply chains, vendor relationships, customer relationships.
So data is transported completely automated on a system integration. And this is also kind of a risk for, for these individual organizations. But you would like to also understand if you do have a trusted relationship or a trusted business relationship with a vendor with, with a supplier or with customers, you would like to understand what their security exposure is just to make sure that that does not affect you in any case. And obviously we're looking at a very complex situation or cybersecurity systems and controls. So what can we do to stay ahead?
There are six challenges around this, but also six answers from, from our perspective of observations. Number one, to understand the, the external threat landscape visibility, look at yourself from a hackers perspective, look at yourself and everything which is exposed to the cyber world from this hacker's perspective and think like such. So this is an interesting task you would not be able to, to, to fulfill.
And I'm not talking about any kind of pen testing, for instance, I'm talking about what are your weaknesses again, not vulnerabilities only tied to any kind of buggy software or outdated software, but it's also how, how can for instance, an attack method be executed, which is a combination of multiple methods, social hacking combination with malware infiltration. Nowadays the situation is somewhat different than it was maybe 15, 20 years ago.
When we all started with that, it's not that a hacker is sitting somewhere in a dark room, finding a server over the specific organization and then tries to break in that that days are gone. It is more sophisticated nowadays. It's a combination of very sophisticated approaches.
So what you need to understand is in real time to, to, to monitor your own it infrastructure, as well as your processes, as well as your behavior of, of, or the behavior of the, of your employees with that is also important to have a sustainable and very profound vulnerability intelligence in place, which means you can have a look at every vulnerability there is, and that's an endless list and you might ask yourself, so what does that help me looking through that particular list?
That's the point you would like to understand what kind of it assets are vulnerable and you would like to understand in detail, what type of vulnerability is it affected? And you would like to understand what is the risk out of that vulnerability, because a particular vulnerability or unknown vulnerability in terms of an zero to exploit for instance, is something which can be part of a current campaign or was part of a campaign, or has never been part of a campaign. And that is one of the key indicators to Def to define the risk scoring for a particular asset.
You would like to prioritize which of your it assets are most likely to be the weak factor of your complete infrastructure. And with that, you need to have a vulnerability intelligence in place, which tells you exactly that information with all the surrounding context and subsequent information brand intelligence, as said before business decisions or driver for an attack or for the risk of an attack and, and, and the way around as well, once you've been under a tech, you might also be rethinking your business decisions. What does that mean? I give you an example.
A few weeks ago, a large food and beverage organization has been hacked. The reason was fairly simple. That organization has made on, on a very high management level, the decision not to reduce or turn down any business with Russia or with Russian clients, the activist group has taken that particular decision to say, or to spell out a warning towards that organization in terms of, Hey, you might rethink your decision.
Otherwise you'll be under tech, that particular organization considered that warning and ignored it, which led to the fact that that particular activist group was able to exfiltrate tons of data. First of all, and they were also able to exfiltrate and then publish parts of that data, which was all related to the Russian business. And that has a business implication because me, as for instance, the CEO or within procurement of a supermarket chain in Russia, I was able to look at my data playing, but I was also able to look at the data of my competitors.
So I could turn around to that particular organization and demand other contract details, higher discounts, and all there is. And that was then the reason for that organization to rethink the business decision and to reduce business activities, everything which is happening in the cyber world is something which is worthwhile to be observed to be analyzed, to be correlated because you would like to understand what kind of activities are happening around you.
And again, giving the analogy with the house, with your alarming system and all these high class door locks and what there is, you would also understand and like to understand what is happening around you. Who's looking at you, why are they looking at you? What are they talking about? What are they talking about you? What are they looking at when they talk about specific assets of your particular infrastructure?
And this is something which is an important information, because that allows you to be very early in a situation where you can mitigate any kind of risk, which allows you actually to take yourself out of the focus because you are in limit eliminating any, any kind of weak spot that also applies to the situation where you would like to understand how your users are behaving outside.
Where are your credential sets used, whereas your email address was your username used, because that is also kind of an information which allows me as a hacker to understand how for instance, an email is generated, how it is built in your organization. So I can start impersonating and I can start creating a very sophisticated spare phishing attack, just because that I know how profound and how yeah. Sophisticated in certain cases, email addresses are generated in, in, in, in very certain cases, we're also able to reveal any kind of identity and credential data.
And with that, we also understand that users are often very lazy or not very creative creating new passwords. So they are reusing passwords and once a data breach of a third party platform where all this credential data is then leaked from exfiltrated allows me to understand how likely it is that a particular combination of username and password is then being able to be used towards the organization's infrastructure, the situational awareness, very important, try to understand what is happening around you from a non-technical from a non cyber world perspective.
So what is your economical situation around you? What's the political situation around you? So for instance, we have discovered that the Olympic games in Tokyo was a huge implication for organizations related to that event. The same applies then obviously to the us election two years ago, the same applied then also to the pandemic situation, especially for those organizations who were involved in supporting any kind of protection and remediation of that pandemic situation. And this is something which you would like to understand as well.
What is happening around you in terms of your geography, your business, your technology you're using. And finally, what, what is worthwhile thinking about is that particular cyber intelligence, which is available for you as a valuable asset. Think of it like James Bond in the old movies where Sean Connery or Roger Moore was sitting in, in, in London, in the office in front of M and he's been handed this paper based file this dossier, and that was full of information of any kind, which was related to his new task to new job.
And he was given the task and do something with that, but somehow get things straight, get things sorted. And that is what we do. And that is what actually customers are looking for from our experience, that particular dossier to find out who, why, what, when and how is happening around you and, and, and what is, what is the possible threat towards you? Not only the possible, but also the actual threat towards you, because with that, you are ahead of time. And with that, let me skip that.
You're able to be very predictive and that's the keyword prediction being so far ahead of time, that it leaves enough time for you to have a very profound and consistent way of mitigating any kind of risk. You're not forced to do anything because you have to respond immediately initially to something. It gives you the possibility to be very proactive with that part of information.
When we talk about the surface discovery, when we talk about vulnerability intelligence, the brand intelligence, the digital risk discovery and protection from the outside, as well as the situation awareness, which leads to the cyber intelligence information. That's something you can then have as part as your fabric, floating into your cm solution, into your soar solution, to be more profound and more prepared on making valuable decisions, which are then leading towards a higher success rate, just to tell, to make you understand why we're looking at this. We have to look at the basics.
You need to know your enemies. You need to know what other strengths are, how they operate from where they operate, why they operate, what their objectives are, and you need to know yourself. You need to know what is it that makes you attractive to others. You need to understand where your weaknesses are so that you can mitigate those weaknesses.
And this is where I say or where we say as the company know yourself with one single platform, because that's one of the key aspects, eliminate the complexity of multiple platforms and solutions, and be able to have that one single view on yourself from an external threat landscape management perspective, providing you the threat Intel, which is required for you to be more, sorry, to be more reactive. So with that, I am towards the end. So what's you from our perspective should be looking at and consider this.
You might want to think about any kind of predictive information, which gives you time. And that's one of the most valuable assets in today's world. Thank you.
