With cyber attacks running into the tens of thousands yearly (at a conservative estimate) and the criminals behind them developing their tech skills to increasingly advanced levels, it’s no longer a case of “if” your company will become a victim – it’s “when”.
It seems like every week another big brand makes news headlines because of major disruptions caused by security breaches. Apple, Twitter, PayPal and a host of banks were among those that found their information and systems allegedly compromised by hackers this year alone. And it’s virtually guaranteed that 2017 will see a slew of fresh attacks. But this article isn’t about fear mongering – it’s a discussion of where cyber security is falling short, and what can be done about it.
Failure to detect intruders
Verizon’s most recent Data Breach Investigations Report (DBIR) looks at information security incidents in more than 82 countries, across a wide variety of industries. It shows that 89% of all breaches have a financial or espionage motive and that attackers are getting much faster at compromising their victims. The typical time required to hook into their systems? A day or less (often a matter of seconds). They then lurk in the background performing lateral movements, sometimes for months or even years before taking action and disappearing with the credentials, other data or finances they were targeting. The DBIR indicates that half of all exploitations happen between 10 and 100 days after the initial invasion, with the median around one month.
The issue is that cyber security systems often fail to detect these intruders until it’s too late. By the time the attack is noticed, the damage bill is running into the millions, and it may not be possible for the company to ever fully recover. The vast majority of incidents are not even detected by the victims themselves – they are identified by third parties. IT security teams are essentially treading water, reacting to breaches instead of effectively preventing them – and allowing hackers and malicious insiders to stay one step ahead. This has to change.
From a reactive to a proactive approach
It’s clear that simply taking steps to secure your data is no longer enough. And while response and recovery plans remain critical, a more comprehensive, integrated strategy that includes a pre-emptive approach to cyber security is needed to protect your company’s data – and with it, the future of your business.
Pre-emptive security means putting in place active measures that anticipate threats and repel attacks, based on intelligence and preparation as part of a detection-response doctrine. Cyber security experts sometimes joke that there is an alternative way of warding off attacks – disconnecting from the Internet entirely. Since that is not an actual possibility, we need to install reliable solutions to beat adversaries at their own game. Early detection is key and the ability to respond timeously is fundamental to a defence in depth approach.
Bringing in Breach Detection
More and more, companies are turning to automated cyber security incident response systems to detect and block a host or network-based attacks. Breach Detection from Internet Solutions is one such solution. A kind of honeypot 2.0 (faster, more affordable and much improved), it uses the age-old defensive technique of deception to trap would-be attackers.
The process is simple: you configure a number of devices (perhaps you make one a Windows file server, disguise another as a router, and a few others as Linux web servers), and deploy them throughout your network. They act just like their namesakes – intruders can’t tell the difference. When there’s any suspicious activity, like a scan for open services across the network, or default passwords being tried against network devices, these devices alert your cyber security staff to the attempted breach, and they can take care of it before any damage can be done. There are zero false positives. Attackers can try to identify the devices, but doing so requires active interrogation – and this sets off an alert. Breach Detection is a detection product that helps you shift your cyber security strategy to one of cyber resilience.
How well protected is your company from cyber attacks? Is your defence strategy mostly reactive or does it include pre-emptive tactics? Use our Cybersecurity fact sheet to find out the benefits of outsourcing your cybersecurity versus managing it in-house.