Tackling the Challenges

Understanding the ever-changing threat landscape

It should come as no surprise that cybercrime is one of the biggest threats organizations of all shapes and sizes face today. There were purportedly 918 data breaches compromising nearly 2 billion data records in just the first six months of 2017.1 No organization, be it a Fortune 500 company or small business, is beyond the reach of today’s sophisticated hacker.

Looking at just the financial impact of cybercrime, the average annualized cost of cybersecurity per enterprise is $11.7 million which represents a 22.7 percent increase over the prior year.2 The same survey reports that the cost of cybercrime tops $17 million per year for organizations in industries like financial services, utilities and energy. With the constantly evolving campaign strategies cybercriminals are adopting like ransomware-as-a-service, it’s no wonder that 87 percent of board members and C-level executives state they lack confidence in their organization’s level of cybersecurity preparedness.3

Once a problem to be dealt with by the IT department, the magnitude of the issue has now made it a top priority for every part of an organization including the traditional security operations team. The line between the traditional security or loss prevention department handling physical security to protect a company’s brick and mortar assets and the IT department looking after its digital ones has started to blur. While the threats to our brick and mortar assets probably hasn’t changed much over the past several decades, the threats to our digital or virtual ones certainly has.

Back in the late 1990s and early 2000s, there was much talk about the convergence of physical and digital security as IP-enabled devices started to come onto the scene. That convergence was never fully realized in the manner that industry experts thought should or would come to fruition.

As we fast approach the 2020s, cybercrime may prove to be the catalyst that reignites the drive to bring the two sides together, redefining convergence.

The Ever-evolving Cyber Threat Landscape

Just when we thought we had a handle on the methods that cybercriminals deploy to breach our networks and steal our data, the cyber threat landscape changes. While first lines of defense, such as firewalls and anti-virus software, can be effective at identifying and potentially stopping known forms of malware and viruses attacking companies every day, they are blind to signature-less and zero-day malicious activity used by black hat hackers today. Unfortunately, this trend does not show signs of abating, as internal security processes are having trouble keeping up with increasingly sophisticated and pervasive threats.

Adding insult to injury, cyberattacks can often go undetected for weeks, months or even years before being discovered. Often referred to as the Breach Detection Gap (BDG) or dwell time, it is defined as the time elapsed between the initial breach of a network by an attacker and the discovery of that breach by the victim. According to global statistics a recent Ponemon shows dwell time for malicious attacks has stretched to an average of 229 days.

Verizon, in its 2016 Data Breach Investigations Report, calls this lapse the Detection Deficit and re-enforces the fact that cyber security compromises can happen in minutes, but discovery can take days or longer. This report also found that less than 10 percent of breaches were discovered by internal means and were usually brought to light by third parties.

One final blow to combatting cyberattacks for many organizations is the relatively shallow pool of talent available to help companies fight these threats from within.

Is There Light at the End of the Tunnel?

The short answer is yes, and it is not a train barreling down the tracks. The key to helping secure our networks and precious data, the life blood of every organization, is multi-fold.

The first step should be collaboration between all concerned parties within a company, particularly between the offices of the CSO and CISO. Understanding the needs and concerns of both organizations is key to defining and designing a holistic security plan that protects both physical and virtual assets.

The second step should encompass a comprehensive cyber security training program for every employee. It is well documented that many breaches occur when an employee inadvertently opens a contaminated email or visits a “dark” website. This training program should also emphasize the need for strong passwords that are changed often, keeping firewall and anti-virus software up-to-date with the latest patches and never fall into the trap of “set it and forget it.”

Embracing the latest in technology is a crucial next step. It seems like every day a new tool or technology is brought to light to help combat the cyber security problem. The crux of the problem is finding what is right for you and your specific cyber needs.

You Don’t Have to Go it Alone

Let’s look at the various resources that are available to you. I think it is safe to say that firewalls and anti-virus software are fairly well known and understood. But have you considered embracing a managed and monitored firewall and anti-virus program? Engaging a third-party provider to deliver these services can help ensure that your solutions are always up-to-date, communicating with each other and monitored for potential breaches 24/7/365.

Relatively new on the scene are managed detection and response (MDR) services. General characteristics of a MDR services are:

  • Vendor-provided technology for threat detection.
  • Monitoring and analysis by human security analysts.
  • Using threat intelligence or data analytics.

MDR services notify clients of verified incidents only. The notifications provide granular detail of the scope and severity of an infection with recommendations for quick containment and response. MDR services offer 24/7/365 continuous monitoring of customer network data, provide analysis of the data to add context to the event and then notify the customer of the incident. With MDR services, clients typically have more direct communication with the security analyst and rely less on using a portal for alerting, investigations, case management and workflow activities.

MDR services rely on advanced tools and human analysis, so they are more apt to uncover malicious activity that has breached the first line of defense offered by firewalls and anti-virus software and can reduce the time from infection to detection sometimes in minutes rather than months. They are meant to complement or fill gaps in existing security operations.

There are also Managed Security Providers (MSP) and Managed Security Services Providers (MSSP). An MSP typically manages devices such as switches and routers whereas an MSSP focuses more on managing firewalls and anti-virus software.

Many companies are also turning to security only networks. The benefits of a dedicated security-only network are multi-faceted: a security-only network can deliver a higher level of protection and offers faster speeds, more band-width with easier access for loss prevention and security teams—while not impacting business critical systems. Deploying a standardized implementation across multiple locations can also provide a lower cost alternative to traditional networks.

Further benefits to a security-only network include nearly unlimited access for applications, such as the remote monitoring of video or conducting remote investigations. This can provide investigators with immediate access to video and supporting data to help reduce travel, associated expenses, and the overall time it takes to conduct the investigations.

Selecting the Right Cyber Security Partner

When choosing a third-party expert to help with your cyber security needs, it is important to look at their pedigree as it relates to training, certifications and resources. Companies providing security services in the arena should be Cisco Cloud and Managed Services Express Partner Certification, Meraki Certified, SonicWALL Certified and hold security product-specific certifications. Cisco Cloud and Managed Services Express Partner certification recognizes companies that have attained the expertise in the planning, design, implementation and support of cloud or managed services based on Cisco platforms. Equally as important, your partner should be certified in new and emerging technologies such as Palo Alto Networks and Fortinet.

As cyber threats become more and more sophisticated, your approach to combating them needs to be as well. Whether it is through the use of MDR services, managed firewall services, enhanced employee education or a combination of tools available to us, fighting cybercrime needs to be one of our highest priorities.

Today, criminals not only breach our facilities by breaking in through doors and windows but now breach our data by breaking into our networks.


This article originally appeared in the January/February 2019 issue of Security Today.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Busy South Africa Building Integrates Custom Access Control System

    Nicol Corner, based in Bedfordview, Johannesburg, South Africa, is home to a six-star fitness club, prime office space, and an award-winning rooftop restaurant. This is the first building in South Africa to have its glass façade fully incorporate fritted glazing, saving 35% on energy consumption. Nicol Corner (Pty) LTD has developed a landmark with sophisticated design and unique architecture by collaborating with industry-leading partners and specifying world-class equipment throughout the project. This includes installing a high-spec, bespoke security and access control system. Read Now

  • Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3