Security leaders are well aware that the number of cyberattacks has been rising significantly year over year. In 2024, for example, “global cyberattacks increased by 75% compared to 2023.”
Numbers like these cause many to believe that cybersecurity is a losing battle: The defenders need to be vigilant all the time, while malicious actors must only be successful once. Cyberattacks, we are told, are inevitable, and their frequency, sophistication and impact are only increasing.
This viewpoint is understandable. With an expanding attack surface, there are more opportunities than ever for malicious actors to infiltrate organizations and wreak havoc. In addition to common attack methods like phishing, supply chain vulnerabilities and zero-day exploits, cybercriminals are also succeeding by employing AI-driven attacks and exploiting complexities in cloud security configurations.
However, while it is true that cyberattacks are multiplying, I tend to take a different approach to securing organizations. Although predicting every single cyberattack is obviously impossible, understanding attacker behavior and identifying commonly used and repeatable patterns can result in significantly reducing risk.
Understanding The Mindset Of Cyberattackers
A key step in predicting cyberattacks has to do with understanding the motivations of malicious actors. Once we know what their ultimate goals are, we can often also know what type of attack to expect and what kind of organization will be targeted.
Here are some examples:
• An attacker motivated solely by financial gain—as is often the case—is more likely to target large organizations with high revenue. Such an attacker would probably consider supply chain attacks to maximize ROI.
• Hacktivists, who are driven by a cause, will deliberately target organizations or systems to advance a specific political or social agenda.
• Malicious actors who crave notoriety will aim to breach a highly secure system just to receive public recognition for doing so.
• Of course, there are also cybercriminals whose goal is to simply create chaos. To achieve this, they may target critical infrastructure systems to spread panic and instability.
Having these insights can enable you to customize defenses to the specific threats that you are likely to encounter. However, there’s an additional way to predict cyberattacks.
Learning From Data To Reduce Risk
Contrary to what many might believe, there are definite patterns for cyberattacks. My company sees that organizations are repeatedly attacked using the same approach, which allows us to narrow down the choices for the most likely attack route.
In fact, my company’s experience shows that many attacks are often attributed to 20 common routes, consisting of just 35 cybersecurity gaps. These common attacks are caused by security deficiencies, including Active Directory misconfigurations, weak password policies, permissive access rules and weak authentication mechanisms.
Understanding likely attack routes has proven highly effective for managing incidents across multiple cases. In one recent instance, a large technology organization suffered a significant ransomware attack, and the company’s incident response team lacked information regarding the tactics, techniques and procedures (TTPs) and indicators of compromise (IoCs) of the incident.
Our team was able to identify what might have been possibly exploited and provide the incident team with specific data to collect and analyze. Based on what we knew about the company and the likely attacker, we succeeded in narrowing down the options to four likely attack paths. Interestingly, one of the routes we indicated closely mirrored the actual attack path.
As a result, the team was able to contain the incident and start the recovery in less than 12 hours, a process that usually takes significantly longer.
Shifting From Reactive To Proactive Defense
What we can also learn from the common attack routes is that often, prioritizing the basics can go a long way toward protecting businesses. For example, account hijacking, brute force attacks and exploiting new vulnerabilities are all fairly simple tactics that have straightforward mitigation. Such fixes can include:
• Robust password policies
• Strong authentication mechanisms
• Network segmentation
• Proactive access governance
• Updating software
Cybercriminals are always evolving their tactics, but by understanding their motivations, being familiar with likely attack routes and implementing proactive defenses, organizations can prevent or minimize the impact of the next cyberattack.
Source: Forbes
