A game of cat and mouse

Let’s face it: Cybercriminals are constantly looking for new ways to tunnel into your network or disrupt your business.

According to The State of Cyber Security 2017 survey, by ISACA, 53% of cyber security professionals reported an increase in the overall number of attacks in 2016 compared to 2015. In terms of the specific kinds of attacks experienced and the associated impacts, 10% reported experiencing a hijacking of corporate assets for botnet use, 18% reported experiencing an advanced persistent threat attack, and 14% reported stolen credentials. Top three attack vectors were phishing 40%, malware 37% and social engineering 29%. Cybersecurity Ventures predicts cybercrime will continue rising and cost businesses globally more than $6 trillion annually by 2021.

Though C-Suites pay more attention on cybersecurity, not every organization has embraced a security strategy with constant evolution. AT&T quoted a recent survey of IT and business professionals, more than half said they have had the same model for information security management in place for three or more years. Only 11% of them graded their organization’s security practices an A.

Dr. Herrod, General Catalyst Partners, shared with us some new approaches to fight hackers. Here, I would like to talk about two latest technologies.

(A)   Threat analytics: automate processes for identifying and responding to abnormal activities

Threat analytics systems recognizes known or potentially malicious data patterns and communications activities. These systems identify previously observed attacks, flag behaviors or traffic that fall outside an organization’s normal operations. They then bring suspected threats to the attention of security analysts for further investigation.

Some cutting-edge threat analytics systems utilizes machine-learning capabilities to make educated guesses about whether an unfamiliar pattern or activity is likely to be a threat. Given that even medium-sized organizations can experience millions of security events each day, systems that can move beyond analysis into automated response are critical.

(B)   Virtualization: improve flexibility and consistency with software-defined security

Software-based or virtualized security is becoming one of the most promising forms of network virtualization. These innovative solutions can be deployed onsite as well as in private and public clouds. Instead of having to purchase, maintain, and integrate hardware-based security controls, virtualized security solutions can be deployed on a shared hardware platform. They can adapt to changing security demands and update security functionality faster and with more coverage.

**************************************************************************************************

While embracing new technologies, business should not forget the fundamental processes and controls for lowering a system’s vulnerability.

(A)   Identify & access management: access authorization policies for applications, devices and people

Control who, what, and where. Whether they allow data to just be viewed or permit it to be distributed, organizations must control who and what can access the data.  In the past, identity and access management tools focused on determining the roles and clearances of individuals. Today, authentication and authorization must also be applied to devices and applications. For example, AT&T uses a software-defined perimeter approach to access control that restricts remote access to authorized users. Any Internet of Things (IoT) device, generally needs to communicate with a small subset of predefined users or devices, if a device attempts to move beyond those established parameters (a potential sign of malicious activity), its access is blocked.

Password. To increase security levels, two-factor authentication can be required to access an organization’s data, such as demanding both a password and a fingerprint scan / other biometric identifier.

As the IoT-driven botnet attacks illustrate, unsecured IoT devices can be harnessed to launch DDoS attacks. That’s why even low-level devices should require unique passwords and support software patches and upgrades. As mentioned in my previous blog, security by design approach and defense-in-depth approach worth considering.¹

Data encryption. Data encryption has always seen as a sore point for users because the encryption-decryption process is often slow and frustrating. Advanced encryption algorithms, with increased processing power, and new encryption services are now making it easier to encrypt data. By requiring a unique key or password to decrypt a file, encryption helps increase confidence about the integrity of a file’s contents and the authenticity of its sender.

(B)   Data center and cloud security

To protect data inside their data centers, companies have built strong defense systems using a combination of firewalls, spam filters, multifactor authentication, threat analytics and response solutions, etc. Organizations are also hiring third-party consultants to develop cybersecurity capabilities for them. As corporations migrate their data and applications to the cloud, they should require their cloud service providers to have the same level of data protection as in their private data management systems. Please do not forget the measures to secure data traveling between the two.

(C)   Incident response: outlines roles and actions to curtain a breach

Successful incident response plans begin well before a breach occurs. Along with the tools and teams required to identify and respond to breaches, an incident response program requires two core components:

A cross-functional team. A post-breach response is often an affair involving the C-suite, IT, security, communications, legal, and other teams across the organization. Third-party service and technology partners also play a role, as do law enforcement agencies and regulators.

Just as organization holds regular crisis management exercises, an incident response plan must be tested regularly, so that all involved parties know about their respective roles and responsibilities well. If the breach requires public disclosure, companies need to act quickly but carefully to soothe the customers’ concerns, address media queries, and meet with regulators and law enforcement, to avoid further harm from public relations crisis.

(D)   Share knowledge

Through working with a cybersecurity service provider or constant participation of technology forums, cyber security professionals stay abreast of the latest cybersecurity technologies and expertise, and tap into the shared knowledge and data on existing and emerging threats. Lessons learned by the service provider from an attack on one organization, can be used to respond and protect another organization, to whom a similar attack is launched subsequently.

(E)   Network protection

AT&T quoted a recent analysis that 7.5% of public Wi-Fi networks were either malicious or used to mount a network attack at some point. Over a 3-month period in 2016, nearly one-third of executive devices were exposed to a network attack. One preventive measure is to require mobile workers to access corporate systems via a virtual private network (VPN), which establishes highly secure links over public networks, enabling mobile workers to safely access and transmit data from anywhere in the world. Ideally, companies should segment their network to place their highly sensitive data in the most protected and restricted areas.

(F)   Educate your employees on their responsibility

Educate your employees about malicious Wi-Fi, highlighting the dangers of connecting to unknown Wi-Fi networks and the importance of logging onto trusted websites only. In addition, they should steer clear of sharing valuable files or data online or in emails. Companies should create whitelists of approved mobile apps, closely monitor the app profiles of devices used, and educate employees about the dangers of using unapproved apps.

Companies should evolve and update their cybersecurity strategies to ensure that they are prepared at any time. A proactive approach involves securing all components of the digital ecosystem (data, connected devices, applications, networks, and the data centers), with the help of innovative technologies and methods that improve the identification and response to both existing and future threats. Companies should also invest in talent retention, personnel development, cross training and other activities that strengthen and maximize current staff’s capabilities to fight against cyber threats.

________________________________________________________________________________

Remark:

¹ Enhancing the security of IoT operations depends in part on the emergence and widespread adoption of standards that recognize the entire IoT ecosystem. Some alliances are taking tentative steps to end widespread fragmentation in the IoT market. With the development of best practices across the multiple layers of IoT, cybersecurity challenges and issues can be reduced for both organizations and individuals.

References:

[1] https://www.business.att.com/cybersecurity/

[2] http://cybersecurityventures.com/cybersecurity-market-report/

[3] The State of Cyber Security 2017 survey, Part 2 Current Trend in the Threat Landscape, by ISACA

[4] http://www.telegraph.co.uk/connect/small-business/tech/easy-ways-to-protect-your-business-from-cyber-attacks/

[5] https://www.us-cert.gov/home-and-business