Fundamentally, there are two major reasons why enterprises get breached despite ever-increasing cybersecurity budgets. They are typically related to insufficient proactive intelligent threat analysis and addressing advanced malware as it enters an enterprise computer system or network too slowly.
Companies can take up to four months to address critical vulnerabilities and, on average, more than 200 days to detect a data breach. This gives hackers ample opportunity to launch a successful assault and wreak financial and reputational damage. The second reason is that most enterprises, lacking sufficient security staff, don’t sufficiently appreciate what really does and does not work in cybersecurity, nor the traits that characterize competent and sophisticated hackers.
Good hackers are patient and studious. If they believe a company is worth infiltrating, they examine defenses thoroughly for weaknesses before launching an attack.
The cybersecurity challenge is even tougher for security pros working in the financial services sector, government and in the protection of critical infrastructure, where extremely sophisticated and generously funded nation-state actors are commonly the perpetrators. In these cases, in particular, defenses necessary to thwart attacks must pour through extensive data and utilize it to analyze the adversary. Coupled with appropriate analytic tools, defenders can understand the pattern of the attack and map against the files.
A survey by Nuix Black Report of white hat and black hat hackers found that traditional defenses against hacking, such as firewalls and antivirus software, at best slow hackers down. What is more effective is better security analysis at endpoints and, most important, two strategic measures – tailored automated artificial intelligence techniques, and at times the adoption of offensive, as well as defensive, cybersecurity measures.
Enterprises have a strong incentive to improve their security strategies. According to the Ponemon Institute and Accenture, cybercrime now costs organizations on average $11.7 million annually. In addition, companies victimized by cyberattacks also find themselves increasingly targeted by plaintiffs’ attorneys who bring lawsuits alleging negligent security measures. Last year, for example, Anthem agreed to pay $115 million to customers impacted by an attack believed to have been perpetrated by a foreign government.
Use Data Proactively
To minimize breaches, enterprises need to be as open and adaptive as possible and mend their ineffective ways. Too many, for example, are always chasing yesterday’s attack, thinking they can analyze a past attack on someone else to help predict and prevent tomorrow’s attack on them. This thinking is flawed because attackers chronically change the attack vector. In addition, enterprise cyber pros too often do not have a sufficient grasp of critical file data.
One promising approach to fix the latter problem being adopted by security firms and, increasingly, corporations is the combination of automated elastic file analysis, coupled with independent reputation scoring services to block potentially malicious traffic. JPMorgan Chase, for example, uses a platform designed by cybersecurity company ReversingLabs to automate and greatly speed the process of malware hunting by analyzing data on more than five billion black list and white list files. This provides enterprise-scale file inspection for early identification of breaches across email, storage systems and the web.
More basic hygiene steps, of course, are also important to pursue. Here are a few key ones:
- Assess your organization. Many cyber attacks take advantage of basic, often unnoticed security vulnerabilities, including poor patch management procedures, weak passwords and insufficient end-user education. Proactive training and even basic tools to help educate employees on phishing emails have proven incredibly successful.
- Consider adopting intrusion detection systems. An example of such a company that provides this system is Attivo Networks. Attivo applies deception-based decoy and luring technologies within networks to deceive and misdirect attackers into revealing themselves.
- If you go to the expense of penetration testing, maximize the results. One survey shows that only 10 percent of penetration-testing respondents go to the trouble of remediating all identified vulnerabilities and subsequent re-testing. In addition, DevOps time-to-market constraints must be closely coordinated with SecOps security priorities to maximize a company’s security posture.
The bottom line is that companies must concentrate less on barriers and more on a multifaceted and thoughtful defense posture. If they do so, they will get a lot more bang out of their cybersecurity dollars and mitigate or stop more cyber breaches.
*** This is a Security Bloggers Network syndicated blog from RSA Conference Blog authored by Sean Cunningham. Read the original post at: http://www.rsaconference.com/blogs/proactivity-and-speed-have-become-essential-components-of-cybersecurity