The spectre of invasive cyberattacks in the ANZ region has become unnervingly commonplace. What was once thought to be a ‘large enterprise’ problem, now big data breaches have been caused by advanced persistent threats (APT) targeting organisations of all sizes across many industries.

APT attacks often succeed, as they can blend in with regular work activity and mask their intentions. According to the State of Ransomware 2022 report commissioned by Sophos, more than half of the organisations surveyed saw an upsurge in cyberattack complexity over the past year.

This is a 78% increase from last year, as 86% of organisations were hit by ransomware in 2022. Malicious actors are more resourceful and active than before, and the lack of adequate, proactive cyber defence is playing right in their favour.

Organisations big and small can’t afford to sit back in the face of the ever-evolving advanced threat landscape, not when the average cost to remediate a cyberattack caused by ransomware is around US$1.4 million. Making matters worse, it takes around a month for the organisation to recover from such an attack, resulting in system downtime, loss of revenue, lost earning potential, and perhaps even worse in the long run: loss of customer confidence. Following a data breach or after paying off a ransom, it can be difficult for a brand to recover its reputation.

Playing defence is no longer an option; it is time for businesses to take control of their own cybersecurity destinies and consider a proactive approach toward effective threat hunting. Organisations need to rely on a combination of next-generation technologies like extended endpoint detection and response, supported by extensive human expertise, to get the best information on suspicious anomalies and to investigate them thoroughly.

Prevention is better…

The tools are there, but threat hunting is by no means a cakewalk. It takes a range of both specialized detection and prevention tools. Quality prevention technologies, for instance, help threat hunters prioritize the 0.02% of security threats that truly require human intervention. Organisations can harness endpoint protection like Sophos Intercept X Endpoint to block out the 99.98% of threats that can be accurately identified and dealt with automatically so that future investigation and response processes can be improved and remediation processes streamlined.

… so is early threat hunting detection and response

Extended detection and response (XDR) tools will be crucial assets in investigating suspicious events to ascertain if there are malicious activities. While pureplay detection tools supply inputs from hardware and software endpoints, XDR consolidates signals from across the wider IT environment, including firewall, mobile, email, and cloud security solutions.

Sophos XDR was built with the needs of IT admins and security analysts in mind, empowering teams to detect, investigate, and respond to incidents across their IT infrastructure. It provides the flexibility of choosing from preset templates that can be customized for a host of threat hunting and IT operational scenarios or the ability for teams to write their own. Users with a Sophos Central account can trial Sophos XDR out-of-the-box, or they can try out Sophos Intercept X Endpoint, which includes XDR as part of the package.

Managing threat hunting and response 24/7/365

For organisations with a broad (and growing) threat surface or that just don’t have the in-house expertise, there are managed threat hunting services, AKA managed detection and response (MDR).

MDR platforms like Sophos MDR supply a threat detection robustness that in-house security teams can only wish to achieve, such as round-the-clock threat hunting, investigation, and neutralization. The MDR uses Sophos security experts with thousands of hours of experience in dealing with the whole gamut of possible attacks in real-time, 24 hours a day.

Leveraging advanced machine learning models from SophosLabs and SophosAI threat intelligence speeds up threat analysis and response, plus there’s a wide assortment of integrations – including Office 365, most SIEM and SOAR solutions, and Sophos’ next-generational security solutions. Users will receive holistic, up-to-date reporting that keeps them fully informed of all the security issues they’re experiencing all the time.

Taking aim and hunting down the targeted threat has never been more vital than in 2022. Who better to learn from than threat detection and response specialists Sophos, who Gartner Peer Insights have repeatedly recognized with the highest rated solutions for MDR, endpoint and firewall protection?

Businesses starting a new threat hunting journey need to attend the Sophos-organized webinar on August 23 titled ‘Getting started with Threat Hunting. Featuring incisive insights from Phil Dimitriu, Sophos APJ Director of Systems Engineering, the webinar will deep-dive into the importance of threat hunting and go into detail on the tools and frameworks that security and EDR experts leverage to hunt down advanced persistent threats.

Attendees will be briefed on the five steps that every IT and security pro should know. Sign up now for Sophos’ ‘Getting started with Threat Hunting’ webinar, and stay ahead of malicious actors by arming yourself with the know-how to respond to any threat.