Rakesh Kharwal
There’s no point in beefing up security for a theft that has already occurred. One may never be able to recover the financial and reputation loss completely, no matter how large their insurance policy is. Simply put, your house will never feel the same. Yes, having a robbery occur will drive you to add more security and prepare for the next attempt but don’t you wish you had taken those steps before your precious and emotionally valuable items were taken?
The key to true security of valuable items is to have your security be prepared PRIOR to the incident. A proactive approach will ensure that your valuables remain safe.
We often come across news about hacking and online scams. The frequency of such attacks has only risen during COVID-19 pandemic. In fact, according to a report done by TripWire Inc., 94% of cybersecurity professionals are more concerned about security now than they were prior to COVID-19. Miscreants are leveraging the current crisis to fraudulently direct funds into their accounts or just crash into a system to extract vital data.
The big issue and our passive response
According to a news report by WHO, a fivefold increase in cyberattacks has been directed at its staff since the start of the pandemic. Due to this, some 450 active email addresses and passwords were leaked online.
Now, as alarming as it must sound to each one of us, given the scale and cybersecurity resources an organization of such magnanimity must have in place, you just can’t afford to relax and miss tracking the key cyber security metrics.
The worst part? Users consider themselves too insignificant a target until they finally fall prey to an attacker. By turning a blind eye towards red flags, we consciously contribute to the issue, resulting in a less secure network for us to work on every single day.
Given the media’s attention to larger cyber-attacks, small and medium-sized businesses often don’t feel that they’re at risk. Truth be told, small and medium sized businesses and organizations are targeted almost as frequently as their larger counterparts.
As per report by Ponemon Institute, 67% of small businesses experienced a cyber-attack while 58% experienced a data breach in the last 12 months. Weak passwords emerged as one of the root causes of the data breach. The average cost of each attack was over USD $380,000. Yet, nearly half of the respondents (47%) had no understanding of how to protect their companies from such threats.
Most organizations have firewalls, adware blockers, anti-malware software, password protection and spam filters as their reactive strategy towards digital threats. Though they are excellent at discovering a known malware or virus and can remove it from their system, they often fail to cover the potentially sensitive areas. For example: reactive security involves signature-based ant viruses that will prevent only the known signatures entering the network whereas proactive security will define policies that will deny everything that is not explicitly allowed. Further, proactive security includes solutions such as endpoint detection and response that use statistical models and artificial intelligence to detect anomalies in the network.
Understanding the new threat-prone environment
Most companies are working remotely at present. Due to the unforeseen crisis, IT resources have been stretched thin forcing some employees to use personal devices such as laptops, personal computers and mobile devices to access their official accounts. This has exposed organizations to an enhanced security threat from these endpoints which may or may not have the requisite cybersecurity tools installed, thereby increasing the risk of data theft.
Cyber Security almost works the same way as waterproofing. One can and should mend the walls once the water has seeped in to control further damage to the infrastructure. But isn’t it better to put a system in place that repels water from entering the wall in the first place? Therefore, proactive security is important. Proactive cybersecurity measures could include:
- Network and endpoint monitoring: Companies must continuously monitor their network, which may not be possible for a human. AI-powered automated programs check the system for irregularities or invasion attempts and prompt the IT teams in real-time to take relevant actions. Technologies such as endpoint detection and response can detect new attacks and attack permutations using machine learning and behavioral analytics. Another problem that organizations face today are unconnected tools and systems, technologies such as security orchestration and response can drastically improve the efficiency of cybersecurity team by automating processes.
- Think like a hacker: Technically, achieving proactive security measures requires a mindset of a hacker. This approach enables a company to step into the shoes of a hacker for exposing weak links of their systems.
- Threat hunting: Once cybercriminals break through a company’s maiden defense shields, they can stay undetected for months, moving laterally through the network, exposing valuable data. Threat hunting allows businesses to eliminate or fix the risk zone before it can be misused by a hacker.
- Proactive Training of SOC members: Organizations need to be proactive in training their SOC team members as they are the heart of any organization’s defense mechanism. Most of the organizations are still relying on tabletop exercises, presentations, certifications, or tactical SOC exercises. No doubt, these are great ways of imparting the fundamentals of cybersecurity and outlining the steps they may take during a cyberattacks. But what about handling attacks such as ransomware or any security incidents resulting in disruption of business which have been experienced by less than20% of analysts worldwide as per report from ESG? Do you expect your SOC team to counter such nefarious attacks with an effective response? You hope they will succeed but we all know chances are bleak which is why this is not proactive training. The right approach is to turn to immersive training in a virtual environment where cybersecurity analysts can experience real-world environments and real-world attacks such as ransomware, fileless attacks, data exfiltration and many more. This approach will certainly ensure that your SOC team is able to protect their network when time comes.
As technology has advanced, machine learning and artificially intelligent applications have become much more accessible to the open market for both black and white hat hackers. This means that if our systems have evolved at detecting and preventing malware, the cybercriminals too are getting better at breaching security systems. Age-old tools and technologies cannot efficiently battle modern threats. Hence, the need for proactive cybersecurity arises that identifies the vulnerabilities using AI and proactively builds systems, processes, and skills before they can be exploited as an entry point by criminals.
(The author is Managing Director – India/South Asia & ASEAN, Cyberbit and the views expressed in this article are his own)