“Our offices are currently closed. Please contact us again during regular business hours.”
Cybercriminals love messages like these — more notably, their implications.
Hackers often seek to exploit organizations during off-hours, weekends and holidays because defenses are — at least from a manpower perspective — quite literally down and response times are much slower.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued cautionary warnings on this practice, pointing to ransomware attacks on U.S.-based critical infrastructure entities over the 2021 Memorial Day and Fourth of July holiday weekends.
A recent study by cybersecurity software company Cybereason, titled Organizations at Risk: Ransomware Attackers Don’t Take Holidays, also revealed that 90% of cybersecurity professionals are concerned about weekend/holiday attacks, and 24% do not have specific plans in place to address increased risks on holidays and weekends — even despite having been previously attacked during off-hours.
To help organizations better prepare themselves around the clock and calendar, Cybereason announced today at Black Hat their new Cybereason Managed Detection and Response (MDR) mobile app. The app will be available for both Android and iOS devices later this month.
“Security analysts face alert fatigue, staffing shortages and more attacks coming during off-peak work hours,” said Lior Div, Cybereason CEO and cofounder. “These burdens demanded a response.”
XDR and real-time cybersecurity response
According to MarketsandMarkets, the extended detection and response (XDR) market size is expected to grow from $985 million in 2022 to $2.36 billion in 2027, with a compound annual growth rate (CAGR) of just over 19%.
Cybereason’s AI-driven XDR platform helps security analysts quickly understand the full scope of attacks in real time through a patented MalOp (malicious operation) Detection Engine.
The company’s new MDR app essentially provides defenders with a mobile security operations center (SOC), said Div. Cybersecurity experts can reduce mean time-to-remediation by suspending an attack’s lateral movements directly from their devices. Users will see detailed intelligence for active MalOps, how they map to the MITRE ATT&CK framework and the criticality threat level.
The app provides anytime access to dashboards and enables quick identification and isolation of compromised machines to remediate and minimize downtime and workflow disruptions, according to Cybereason. Users can also maintain constant contact with the Cybereason Global SOC to immediately address potential threats.
Furthermore, the app links to reports and industry news so that users can stay abreast of the latest tactics, techniques and procedures used by nation-state threat actors and cybercriminal ransomware gangs.
A 24/7/365 threat landscape
The new app is particularly important in today’s 24/7/365 cybercrime landscape, according to Div.
According to the survey, 60% of security professionals said weekend and holiday attacks took longer to assess in scope, and 50% said off-hour attacks required more time to mount an effective response.
Also from the study:
- 36% of respondents who had experienced an attack said they believe it was successful because there was no contingency plan in place and only a limited number of staff to respond.
- 33% required a longer period to fully recover from such attacks.
- 12% said their organizations suffered more revenue losses as a direct result of delayed response times.
As for the human element, 86% of respondents said they had missed a holiday or weekend activity due to a ransomware attack. Div pointed out that this last figure can factor heavily into employee job satisfaction, potential burnout and employee churn — all of which can further work into a potential cyberattacker’s favor.
Cybereason competes in this expanding market with the likes of SentinelOne, CrowdStrike, Trend Micro, Fortinet, Sophos and Cisco.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.