Is cybercrime, once an annoyance, now an ever-present threat, next just a cost of doing business?
The evolution of malicious code, attacker motivations, and technical capabilities has taken us past malware and suspicious files into a much more complex and threatening environment. The threat is no longer malware and and suspicious files. It is about protecting memory, system registries, and lateral moves through virtual machines. Businesses are being held hostage by ransomware, hardware vulnerabilities are being exploited to slip under traditional security defenses, and advanced code techniques can sleep to evade sandbox traps and morph continually to defy signature-based detection. Will we reach a state where security breaches and data theft are just factored into the cost of operations?
Our answer is “no,” but a revised security strategy is needed to properly address the current and future cyberthreat environment.
The rules are changing, and attackers will continue to defy them.
Two major things are happening to the threat landscape: we are drastically changing the IT architecture, and our adversaries are ignoring any and all rules of engagement. Both have roots in the technologies that are powering our businesses, such as social media, Internet of Things, smartphones and tablets, increased mobility, and cloud computing. Attackers are adopting these technologies as fast as we are, using cloud services for limitless scale and anonymity, mining social media for targeted phishing, and exploiting our devices and mobility for multi-vector attacks.
We need greater awareness of what is happening around us.
In any security situation, awareness and context are critical. Those old posters from World War II, about loose lips, careless talk, and “the enemy is listening” were great at keeping awareness high. We have to continually educate our people about security best practices, particularly around phishing and other attempts to exploit human weaknesses. Our security tools also require greater awareness. It is no longer sufficient to just defend the corporate endpoints, network, and data center. Isolated tools take too long to update with current information, whether it is local events or global threat intelligence. They need to talk to each other in real-time, publishing and consuming information, and collaborating on their responses. Our new environment of clouds and devices is smart and always connected, and our security tools need to be at the same level or higher.
It is time for the machines to help out.
The high cost of a security breach means that detection and response speed matter. Human processing and reaction times are just not fast enough for the volume of information and the speed of compromise, and the growing shortage of skilled security personnel will only exacerbate the problem. Machine learning is necessary to correlate events and identify emerging attacks. More automation not only gives us the speed we need; it also frees up security staff from routine tasks and restores their capacity to focus on the broader and more important activities. Most important, we need cloud-based analytics for scale and adaptability.
Defenses will be adaptive, predictive and scalable.
At the end of the day, this new environment is all about the data, not the devices. Identifying and protecting your data, and analyzing security data to detect and correct digital threats. With data spread all over the cloud, a modern security strategy requires multiple vantage points to observe behavior, in the cloud, on premise, and on the device. Cloud-based analytics are necessary for scale and speed. On-premise solutions enable customization and agility. On-device security components deliver local protection and trusted execution. Automation and machine learning will contribute adaptability and speed, shifting actions from forensic clean up to probability-based protection. Most importantly, we need to reduce the complexity of configurations and operations so that our security personnel can focus on the business and tailoring defenses to their organizational requirements.
No, it’s not acceptable to have to build a few hundred ransom payments and bi-annual security breaches into your bottom line. And it doesn’t have to be if we plan our security strategies less around the things that will change, and more around those things that won’t change.
We will need agility, awareness, automation, analytics, scalability and adaptability. Of these things we can be sure.