​Maximising Your Security Resources

Scott Crane, Director of Advanced Enablement at Arbor Australia

The number of detected security incidents in Australia increased by 109% in the last 12 months according to PwC’s Global State of Information Security® Survey 2016. Compare this to the global increase of 38.5% and it’s easy to understand why, in April, the Government announced it will invest more than $230 million over the next four years to enhance Australia’s cyber security.

From TalkTalk to Ashley Madison to the Australian Bureau of Meteorology and the Australian Bureau of Statistics Census debacle, cyber-attacks on organisations continue to make front-page news. Whilst this may have increased the general public’s awareness of cyber threats, for those within the security industry it does not come as a big surprise.

Despite ramping up investment, many organisations are still vulnerable to attacks, namely due to a shortage of ‘human’ security resources. To fully maximise our security, we need to start adopting a double-layer defence strategy: technology and human. It is the people in our security teams that provide the intelligence needed to combat the human adversaries behind today’s orchestrated attacks. These less automated, more human-led attacks are one of the key reasons why organisations continue to be breached, despite having the latest detection and prevention technologies in place.

Flying Under the Radar

Many organisations operate a ‘Detect and Respond’ security posture. This strategy involves the investment in, and deployment of, security tools that can detect and block the latest threats. This is then coupled with processes that focus the security team on the high-priority events generated by these tools. This approach works well at stopping 90+ percent of threats that target organisations, but it won’t stop a determined human adversary.

People are innovative and good at finding ways around problems, especially if they are motivated (and there are plenty of motivations for bad actors). They will carry out reconnaissance and plan an attack campaign so that even when it is detected by the latest technologies, the events remain at a low priority and thus do not get any focus from our security teams. This allows the attack to slip under the radar and undetected, usually until the attacker nears their goal at which point, even if we do detect them, it is inevitably too late to come up with a comprehensive containment strategy.

The key issue here is that we are often solely reliant on our detection technologies ringing a big alarm bell to attract our attention, but these attacks don’t work like that. In many cases we have the data we need to identify these attacks much earlier in their lifecycle, we just need to enable our security teams to see these patterns of activity.

Seek and Contain

This is where the ‘Seek and Contain’ security posture can be much more effective. This still involves the deployment of detection and prevention technologies to deal with known threats – that is a given. The difference with the Seek and Contain approach is the shift of time and money investment towards more advanced, behavioural detection technologies and more forward-leaning security processes, such as hunting.

By adopting the Seek and Contain strategy and by having the right tools in place, existing security personnel can now be much more effective. They can work events more efficiently, identify patterns of activity that may represent risk - but may previously have been missed - focusing more of their time and energy in stopping the threats that really matter to the business.

They may eventuate online, but cyber-attacks always stem from people. We need to counter their innovation and attacks by maximising our security resources and adopting a double-layer defence system, combining the best technology with the best assets we have – our people.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attackshuman errorsecurity failuresdata protectionABMcyber securityABS StatshackingPwC Australiapoor securitycyber threatsTalkTalkAshley Madison hack

More about Australian Bureau of StatisticsBureau of MeteorologySeek

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Scott Crane

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place