The recent DDoS attacks have once again highlighted the importance of effectively managing cyber security risks. Discussion around cyber security is brought to public attention when a large attack occurs, however with cybercrime estimated to cost Australians AU$1 billion each year, according to the Commonwealth Government’s Australia’s Cyber Security Strategy 2016, it is time for organisations of all sizes to rethink their approach.
Understanding risk exposure
At its Symposium/ITxpo on the Gold Coast, Gartner announced total IT spending in Australia is forecast to reach almost AU$85 billion in 2017. With a 2.8 percent increase from 2016, cyber security must be viewed as a priority by all employees.
One of the largest problems organisations face today is focus. It is crucial they first undertake a self-evaluation to determine what specific problem they are trying to resolve before trying to solve it. Without understanding the problem, it is difficult to find an effective solution. For example, is an organisation only protecting itself from malware-based attacks? In reality, malware-free attacks now more common than malware attacks (60% / 40%). A vulnerability assessment can illustrate if the current solutions are effective for your specific needs or if a new approach needs to be taken.
With society’s reliance on email, adversaries have also discovered that by targeting a small group of specific users, spear phishing becomes an effective technique to obtain insider access. What compounds the challenges is that well-resourced adversaries are able to collect massive amounts of personally identifiable information and continually elevate the success rates of phishing attacks. Earlier this year, the FBI stated that law enforcement globally has received complaints from victims in over 75 countries regarding what it terms “business e-mail compromise”.
At the same time, we are witnessing the rise of modern age threats on a massive scale.
In the first half of 2016, CrowdStrike Intelligence observed a 700% increase in the detection of ransomware. It can become a challenging problem because once files are encrypted, it is difficult to de-crypt them. This leaves affected organisations with a difficult decision to make: either pay the ransom or lose their data. In many cases, downtime and data loss are more costly than the ransom, which is why many organisations opt to pay. The second major challenge is that ransomware is highly polymorphic. There are tens of thousands of malware samples and variants detected in the wild. While the “ransomware” buzzword is often used, it is important to note eCrime is a vast ecosystem of interconnected services, actors and schemes. Other types of financially motivated attacks are also on the rise.
Companies should look to bolster their risk mitigation efforts by integrating actionable threat intelligence as a means to formulate more informed and tailored security strategies. Understanding the pertinent threat landscape can help decision-makers prepare for the types of attacks they are most likely to face and take steps to shore up defences accordingly.
The paradigm shift
Cyber security planning is not just the IT department’s responsibility. There’s no point in building walls to keep the bad guys out, if people keep leaving the gates open. Cyber attacks pose an existential threat to the entire business, not just the IT department and security solutions must be driven across the company from the top down.
To manage a good cyber security position, the IT function must be supported by the leadership. Executives must ensure they understand the basics of the risks their organisation faces and request regular updates on how those risks are managed.
An enterprise-wide approach expands beyond specific solutions and into broader strategy. The IT department does the heavy lifting but it is the responsibility of every employee to help maintain a viable security position. Because everyone stands to lose if the wall is breached.
A holistic approach to cyber security involves the entire organisation.
The plethora of high profile breaches this year alone has shone a spotlight on the flaws in old-school business security practices and highlighted the importance for organisations to deploy robust tools, processes, technologies and intelligence to protect their critical assets.
As a matter of cybersecurity hygiene, companies need to conduct a comprehensive assessment to identify the gaps in their security posture. This should involve examining the state of the network to ensure there are no intruders, providing for advanced endpoint detection and response mechanisms in case breach prevention fails and establishing proactive threat hunting to stop breaches holistically.
Today’s reality is that adversaries are finding ways to infiltrate networks and are increasingly using malware-free tactics that evade traditional signature-based detection methods. When it comes to preventing cyber attacks, businesses must adopt a more adaptive and preemptive approach that can stop modern threats. Visibility and detection will remain critical, as well as how effective and fast the response capability of the organisation is to remediate attacks.
Organisations will be in a position of strength if they are able to continually and proactively hunt for threats in their environment and apply next-generation prevention. New approaches such as machine learning can augment human knowledge, swiftly and accurately analyse billions of events in real-time and allow organisations to detect unknown threats.