Global Threat Trends and the Future of Incident Response

The Varonis Incident Response team discusses recent global threat trends and shares why proactive IR is the future of data security.
Megan Garza
3 min read
Last updated April 10, 2023
Global threat trends and the future of incident response | Varonis

Last year alone, the Varonis Incident Response team investigated more than 250K alerts. No, that’s not a typo — our IR team reviewed a quarter of a million alerts. With ransomware on the rise and the amount of data growing at an exponential pace, having a proactive team on the frontline is more important than ever.

In our latest masterclass, Mike Thompson, Raphael Kelly, and Chris Kisselburgh from the Varonis IR team discussed current global threat trends, including the spikes in insider threats and the importance of focusing on the early indicators of compromise.

Watch the full recording to see a walk through of why Proactive Incident Response is the future of data security, the cyberattacks the Varonis IR team thwarted in the past year, and what makes Varonis’ data detection and response different.Global Threat Trends Video Replay

Ransomware is on the rise…again.

Our incident response team addresses these types of incidents almost every week, and some of the things they’ve noticed about the increase in attacks is a change in approach.

As organizations have gotten better at recovering from ransomware attacks, threat actors moved from encryption alone to data encryption and exfiltration for additional leverage over victims. Although this trend first took off only a few years ago, it’s now standard practice in most attacks. “The ransomware event is almost more of the notification that the attacker is there — the more dangerous piece is that the data has left your environment,” said Mike Thompson, Varonis Security Architect Manager. “You can recover encrypted data; you can’t recover data that’s been exfiltrated.”

You can recover encrypted data; you can't recover data that's been exfiltrated.

Economic turmoil always leads to an increase in insider threats.
To date, there have been more than 150,000 big tech employees laid off in 2023 alone in what is widely considered a more “recession-proof” industry.

Witnessing your friends and coworkers lose their jobs — and worrying about your own employment security — can increase the likelihood that “somebody tries to cover their bases and make a little extra money on their way out the door,” Varonis Security Architect Chris Kisselburgh said.

“When we have critical worldwide events like this that have a global impact, we should be looking at how this affects human behavior at the end of the day.” Concerns of an economic downturn and recession can affect people at their core. “Human behavior is what we’re really studying,” Chris said.

It’s vital to focus on the early indicators of compromise.

The Russia-Ukraine war has disrupted a lot of ransomware organizations. Experts thought threat actors like Emotet, a malware strain and a cybercrime group believed to be based in Ukraine, had been dismantled, but our IR team has seen them resurface quite aggressively, which is why “looking earlier in the kill chain is absolutely a priority,” Chris said.

He added that he can’t stress enough the importance of investigating those early indicators. “Companies will see alerts on a Friday that maybe are not taken as seriously as they should be and then by Monday morning, the entire domain is encrypted,” he said. “It’s critical that we take the early indicators as seriously as possible.”
Mike added, “What we’ve seen on occasion is people pick up on one potential compromised user and they really focus their efforts on remediating that one user or compromised device and then they consider the case closed. Then a week later — bam. Ransomware pops up.”

Data has no home base.

“We’ve seen a lot of changes in IT over the last two to three years. We have this global shift to a remote workforce during COVID; that was a big shift in IT in addition to security at the same time,” Chris said. “Because one of the things we have to consider is, ‘Where does the data go now that I have 10,000-plus remote users all across the globe?’”

He added that the current remote workforce situation won’t revert to the pre-pandemic ways of working. “Data is no longer limited to your file servers. Data — in reality — is everywhere.”

And the shift to a remote workforce trend was a rapid one. This means there is most likely a large security gap in security posture between what orgs had in an on-premises environment versus what they have now in a cloud environment. The same due diligence must be executed now, which can be tricky when the cloud security space is relatively new as compared to on-prem security tactics.

Data is no longer limited to your file servers. Data, in reality, is everywhere.

Incident response is moving from a reactive methodology to a proactive one.

Historically, incident response teams have been reactive, waiting to jump on calls after a customer reported an incident. But the future of incident response must be proactive to keep pace with evolving threats.

Closing

With the launch of our SaaS Data Security Platform, Varonis can provide proactive IR services: analysts regularly reviewing customers’ environments, threat-hunting, and investigating, all without taking up our customers’ valuable time. With our analysts' collective decades of experience, we can spot indicators that a ransomware attack is imminent, and if we do find something worth noting, we escalate those incidents only to avoid alert fatigue.

Watch the full discussion on global cybersecurity trends and the future of incident response here.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

speed-data:-the-importance-of-asking-for-help-with-michelle-griffey
Speed Data: The Importance of Asking for Help With Michelle Griffey
Michelle Griffey, Chief Risk Officer for Communisis, shares the importance of asking for help and how the widespread adoption of AI is a good and bad thing.
speed-data:-film,-foodies,-and-the-future-of-tech-with-david-ulloa
Speed Data: Film, Foodies, and the Future of Tech With David Ulloa
Dr. David Ulloa, Chief Security Information Officer at IMC Companies, shares the best line of defense against a sophisticated threat actor.
straight-from-the-ciso:-top-tips-for-today's-cybersecurity-leaders
Straight From the CISO: Top Tips for Today's Cybersecurity Leaders
We’ve gained massive insight from our conversations with CISOs and other cybersecurity leaders. Now, we're passing along their wisdom to you.
speed-data:-aws,-gen-ai,-and-secdataops-with-jonathan-rau
Speed Data: AWS, Gen AI, and SecDataOps With Jonathan Rau
The VP and Distinguished Engineer at Query explains what most organizations get wrong about cloud security.