Delay your inevitable data loss with these 5 tips
Perhaps the most surprising statistic anyone outside IT security might not be aware of is how long most cybersecurity breaches are left untreated.
Most people are aware of large institutions’ and companies’ reluctance to admit publicly that they have been subject to data breaches of any type. But the fact that so-called “dwell time” of malware or other malicious entities is in the region of 80 days, on average, will come as a shock to many.
While this period can in some cases be reasonably explained – perhaps the infected device was powered off – in the majority of cases, the security breach either went unnoticed for that long, or worse, was known about, but remediation took a further few days to happen.
It’s obvious even to the untrained observer that the longer a problem is allowed to go unresolved, the worse the outcomes are, with no exceptions.
The reasons for long dwell-times are varied and range from the malware’s stealth capability to its selected eventual target type. Some malicious code undertakes its work in a manner that is difficult to construe as malicious – such as quietly mining Monero on compromised endpoints – while some take time to propagate from machines of low interest to more valuable targets – Finance Department client machines, web servers, secure storage devices, and so forth.
The intended outcomes for the malicious parties vary: ID theft, financial data exfiltration, ransomware demands, password harvesting, or mass endpoint co-opting to become part of future DDoS attacks. The more sensitive the data or complex the goal, the longer it may take to accumulate resources or achieve ends.
But assuming that malware of whichever variant can be identified quickly enough to make a significant difference, sometimes even then, internal procedures prevent effective responses. Without centralized overview and control, it’s difficult for larger organizations to prioritize risk management.
Additionally, internal policies may not be capable of ensuring swift remediation. The security operations center (SOC) may have to undertake its work via the traditional IT helpdesk, for example. And the helpdesk may be understaffed or be otherwise busy fighting fires – fixing the VP of Marketing’s printer, or other such glamorous activity!
The internet abounds with advice for organizations who wish to improve their IT security, and much of this revolves around employing the very latest technology to counteract threats – usually for a hefty fee.
— Cybersecurity (@cyber) April 25, 2018
These third-party solutions can be useful, of course, but few enterprises of more than a hundred staff will have the luxury of ripping out existing security infrastructure and starting again. Instead, a carefully planned, secure (and yet piecemeal) approach needs taking.
With this in mind, here are five ways in which the very latest in technology has changed the security landscape, and how the newest tech can similarly be employed to keep your business safer.
Accept BYOD and protect your endpoints
No one thinks twice about coming into the workplace each day with a smartphone. And many enterprises allow their employees to connect to the local network – in some cases, to the network which is the same one on which business-critical services and machines operate.
There needs to be a clear policy in place regarding BYOD, and if endpoints are allowed to use local facilities, they need to be subject to the same types of protection, oversight, and control as the rest of the hardware on the LAN. Modern cybersecurity services stress the importance of protecting this first line of malicious ingress – rightly so, too.
Artificial intelligence and its variants
Most IT & technology suppliers are now throwing AI-style terms at all their products and seeing if any stick – with outcomes which are sometimes highly dubious.
But in cybersecurity, machine learning and neural networks are playing an increasingly significant role in threat mitigation. Because cyber threats come in the form of data, it’s easier to develop software that can use machine learning techniques to aid human activities than in some other areas of commerce – such as the processing of spoken language (NLP).
Pattern recognition is one of the most common uses for AI, and patterns of malware and other breach vectors are ripe for being identified by self-learning algorithms. Check if your supplier can leverage this type of tech.
There are many sources of cybersecurity intelligence on the internet, and this type of data is often available either for free or for nominal fees – nominal, that is, in comparison to the usual cost of a data breach.
By pooling together different data streams – commercial, open-source, specialist, proprietary or more general white/black lists, remediation will improve. The issue for many organizations is getting the technology or the know-how to bring all the available threads together, and this is where a third-party service can be of use.
There are very few total IT security solutions on the market, despite the protestations of the marketing messages every CISO is bombarded with daily.
Modern enterprises need to use a variety of cybersecurity solutions, combining software and hardware, local installations and cloud-based data.
This stack needs bringing together into as few places as possible, and to implement this, APIs need to be used to ensure the disparate systems can interface and produce, between them, a coherent full picture.
Scale and change
Today’s highly complex internal networks, spread across sites and even continents complete with devices undreamed of a decade ago, will only grow – this is inevitable.
Another buzz phrase (other than AI) is IoT. Networks are set to grow in size, complexity, and bandwidth requirements as more devices come online. The very latest cybersecurity measures need not only to be able to encompass and protect the new generation of smart devices but also provide the infrastructure itself adequate protection.
IoT’s initial outings have led to significant security concerns as cheap devices with embedded systems (such as very light and low-resource Linux variants) are relatively easy to compromise. Cybersecurity methods need to manage more than Windows patch Tuesday roll-outs – make sure yours does.
With those snippets of advice in mind, now might be the time for your organization to consider one of the cybersecurity providers who feature on this site. Each can help with endpoint protection, traditional filtering methods, and pro-active monitoring & remediation. Get educated, pick and choose – and remember, back up your data. It’s a case of when you lose data, not if.
3 April 2020
2 April 2020