Tackling the Challenges
Understanding the ever-changing threat landscape
- By Morgan Harris
- Jan 17, 2019
It should come as no surprise that cybercrime is one of the biggest threats organizations of all shapes and sizes face today. There were purportedly 918 data breaches compromising nearly 2 billion data records in just the first six months of 2017.1 No organization, be it a Fortune 500 company or small business, is beyond the reach of today’s sophisticated hacker.
Looking at just the financial impact of cybercrime, the average annualized cost of cybersecurity per enterprise is $11.7 million which represents a 22.7 percent increase over the prior year.2 The same survey reports that the cost of cybercrime tops $17 million per year for organizations in industries like financial services, utilities and energy. With the constantly evolving campaign strategies cybercriminals are adopting like ransomware-as-a-service, it’s no wonder that 87 percent of board members and C-level executives state they lack confidence in their organization’s level of cybersecurity preparedness.3
Once a problem to be dealt with by the IT department, the magnitude of the issue has now made it a top priority for every part of an organization including the traditional security operations team. The line between the traditional security or loss prevention department handling physical security to protect a company’s brick and mortar assets and the IT department looking after its digital ones has started to blur. While the threats to our brick and mortar assets probably hasn’t changed much over the past several decades, the threats to our digital or virtual ones certainly has.
Back in the late 1990s and early 2000s, there was much talk about the convergence of physical and digital security as IP-enabled devices started to come onto the scene. That convergence was never fully realized in the manner that industry experts thought should or would come to fruition.
As we fast approach the 2020s, cybercrime may prove to be the catalyst that reignites the drive to bring the two sides together, redefining convergence.
The Ever-evolving Cyber Threat Landscape
Just when we thought we had a handle on the methods that cybercriminals deploy to breach our networks and steal our data, the cyber threat landscape changes. While first lines of defense, such as firewalls and anti-virus software, can be effective at identifying and potentially stopping known forms of malware and viruses attacking companies every day, they are blind to signature-less and zero-day malicious activity used by black hat hackers today. Unfortunately, this trend does not show signs of abating, as internal security processes are having trouble keeping up with increasingly sophisticated and pervasive threats.
Adding insult to injury, cyberattacks can often go undetected for weeks, months or even years before being discovered. Often referred to as the Breach Detection Gap (BDG) or dwell time, it is defined as the time elapsed between the initial breach of a network by an attacker and the discovery of that breach by the victim. According to global statistics a recent Ponemon shows dwell time for malicious attacks has stretched to an average of 229 days.
Verizon, in its 2016 Data Breach Investigations Report, calls this lapse the Detection Deficit and re-enforces the fact that cyber security compromises can happen in minutes, but discovery can take days or longer. This report also found that less than 10 percent of breaches were discovered by internal means and were usually brought to light by third parties.
One final blow to combatting cyberattacks for many organizations is the relatively shallow pool of talent available to help companies fight these threats from within.
Is There Light at the End of the Tunnel?
The short answer is yes, and it is not a train barreling down the tracks. The key to helping secure our networks and precious data, the life blood of every organization, is multi-fold.
The first step should be collaboration between all concerned parties within a company, particularly between the offices of the CSO and CISO. Understanding the needs and concerns of both organizations is key to defining and designing a holistic security plan that protects both physical and virtual assets.
The second step should encompass a comprehensive cyber security training program for every employee. It is well documented that many breaches occur when an employee inadvertently opens a contaminated email or visits a “dark” website. This training program should also emphasize the need for strong passwords that are changed often, keeping firewall and anti-virus software up-to-date with the latest patches and never fall into the trap of “set it and forget it.”
Embracing the latest in technology is a crucial next step. It seems like every day a new tool or technology is brought to light to help combat the cyber security problem. The crux of the problem is finding what is right for you and your specific cyber needs.
You Don’t Have to Go it Alone
Let’s look at the various resources that are available to you. I think it is safe to say that firewalls and anti-virus software are fairly well known and understood. But have you considered embracing a managed and monitored firewall and anti-virus program? Engaging a third-party provider to deliver these services can help ensure that your solutions are always up-to-date, communicating with each other and monitored for potential breaches 24/7/365.
Relatively new on the scene are managed detection and response (MDR) services. General characteristics of a MDR services are:
- Vendor-provided technology for threat detection.
- Monitoring and analysis by human security analysts.
- Using threat intelligence or data analytics.
MDR services notify clients of verified incidents only. The notifications provide granular detail of the scope and severity of an infection with recommendations for quick containment and response. MDR services offer 24/7/365 continuous monitoring of customer network data, provide analysis of the data to add context to the event and then notify the customer of the incident. With MDR services, clients typically have more direct communication with the security analyst and rely less on using a portal for alerting, investigations, case management and workflow activities.
MDR services rely on advanced tools and human analysis, so they are more apt to uncover malicious activity that has breached the first line of defense offered by firewalls and anti-virus software and can reduce the time from infection to detection sometimes in minutes rather than months. They are meant to complement or fill gaps in existing security operations.
There are also Managed Security Providers (MSP) and Managed Security Services Providers (MSSP). An MSP typically manages devices such as switches and routers whereas an MSSP focuses more on managing firewalls and anti-virus software.
Many companies are also turning to security only networks. The benefits of a dedicated security-only network are multi-faceted: a security-only network can deliver a higher level of protection and offers faster speeds, more band-width with easier access for loss prevention and security teams—while not impacting business critical systems. Deploying a standardized implementation across multiple locations can also provide a lower cost alternative to traditional networks.
Further benefits to a security-only network include nearly unlimited access for applications, such as the remote monitoring of video or conducting remote investigations. This can provide investigators with immediate access to video and supporting data to help reduce travel, associated expenses, and the overall time it takes to conduct the investigations.
Selecting the Right Cyber Security Partner
When choosing a third-party expert to help with your cyber security needs, it is important to look at their pedigree as it relates to training, certifications and resources. Companies providing security services in the arena should be Cisco Cloud and Managed Services Express Partner Certification, Meraki Certified, SonicWALL Certified and hold security product-specific certifications. Cisco Cloud and Managed Services Express Partner certification recognizes companies that have attained the expertise in the planning, design, implementation and support of cloud or managed services based on Cisco platforms. Equally as important, your partner should be certified in new and emerging technologies such as Palo Alto Networks and Fortinet.
As cyber threats become more and more sophisticated, your approach to combating them needs to be as well. Whether it is through the use of MDR services, managed firewall services, enhanced employee education or a combination of tools available to us, fighting cybercrime needs to be one of our highest priorities.
Today, criminals not only breach our facilities by breaking in through doors and windows but now breach our data by breaking into our networks.
This article originally appeared in the January/February 2019 issue of Security Today.