[BreachExchange] Four cybersecurity trends every CIO should know
Destry Winant
destry at riskbasedsecurity.com
Tue Jan 15 03:25:56 EST 2019
https://www.helpnetsecurity.com/2019/01/11/cio-cybersecurity-trends/
The cybersecurity landscape in 2019 will likely bolster bigger, more
complex threats and developments. Given the intricacy of today’s cyber
security challenges, organisations will need to adopt a security
approach that requires digital support and increased collaboration
from both IT and security teams. So, what key trends can we expect to
see in this new year?
Greater uncertainty and a rise in digital tools
Many organisations are often unaware of whether their current software
is vulnerable to attack. They often ask the question: what software is
inside my estate? This includes identifying what software they know is
bad, for example, Java or malware.
The next key questions are: what connections has that software made to
other machines, which machines have it, and have those machines
reached out to any other machines on the network? And can we find a
trend, so we know which machines to go after to remediate the breach?
Breaches are only going to get more complex and harder to beat in 2019
and as a result, there is a greater need for businesses to include
endpoint security to protect company machines and stay up to date with
patches; yet this is something many organisations fail at surprisingly
often.
Organisations need to move the needle from simply protecting their
estate to using sophisticated tools that can detect and investigate
threats. The industry has adapted the way it protects data by looking
to detect and respond with a variety of tools such as next-generation
firewall, intrusion prevention systems (IPS) and sandboxes. However,
this is not enough in today’s age of complex attacks.
As hackers become more skilled, we will also see more organisations
using enhanced cyber security tools, such tools including Artificial
Intelligence (AI), to achieve higher speed and intelligence, and allow
businesses to find the answers to these common questions more
efficiently. What’s more, these tools will be able to track the
unusual patterns within company devices and remediate an attack in
real-time.
Emergence of AI technology
If someone is copying a large volume of files, shouldn’t we be alerted
by that? For example, if an employee that doesn’t usually copy much
information, is suddenly copying 70,000 records, shouldn’t this be
something we need to be alerted to?
AI has the ability to alert you with this kind of unusual activity. AI
opens up realms of possibilities and allows us to explore with more
speed and intelligence. However, AI also has the ability to be
dangerous as hackers also begin to adapt and inevitably become more AI
capable.
Signature based approaches to antivirus systems are also changing.
With many antivirus systems being file or signature based, when a new
virus is released, the solution to resolving the threat is all based
on a signature.
Hackers developing malware understand that everything is signature
based today. Many organisations may choose to use more of an AI based
structure within security software for malware and viruses. Solutions
that will be combating these types of threats will also need to pick
up this trend and become AI integrated so that they can react much
faster than a signature based approach.
Remediating attacks using real-time remediation strategies
Acting faster to remediate threats has never been more important. The
more public a company is, the more desirable it is for hackers.
Hackers love to break through the biggest organisations in order to
make front page news, just look at Wannacry and Petcha as examples of
the biggest attacks made in 2018. In the new year, hackers will
continue to target the most public organisations.
Large organisations are beginning to look to cyber security software
solutions to remediate attacks. It often takes 3-10 weeks to fix an
issue, at which point detrimental damage has already been caused. This
calls for real-time remediation strategies: the ability not only to
detect and protect against singular incidents but to fix the problem
for the entire environment. Organisations can move from simply
treating the symptom, to fixing the cause of the problem at the root.
Increased collaboration between IT operations and security teams
Typically, the security team is inundated with new threats every day
and need to evaluate these threats and give the operational team
insight, however, the operations team will already have a list of
things that they need to do.
The problem lies with both teams having different mindsets. Security
teams focus on risk management and safeguarding a business against
threats, whilst operational teams focus on process and performance
management.
The key to solving the rift is collaboration and working together to
solve the same problem: both teams need to have a SecOps mindset. They
need to develop a way of working and thinking that is based around the
principles of innovation, speed, security and business value.
Organisations will need to look into how they can bridge the gap in
2019 and understand that integrating IT and security is fundamental
for generating value for the business.
More information about the BreachExchange
mailing list