[BreachExchange] A new approach is needed in the battle against cyber attacks

Mon Mar 27 18:45:52 EDT 2017

https://www.helpnetsecurity.com/2017/03/27/battle-cyber-attacks/

How do you search for something that’s invisible? An increase in the
sophistication of cyber attacks means that it takes an average of 146 days
before a corporate hack is discovered. Modern breaches are a mix of
chameleonic deception and clever automation, enabling malicious code to be
concealed deep inside the corporate network. In the battle to fight
cybercrime, discovering the undetectable is a challenge CISOs face every
day. With this in mind, organisations must turn to new and innovative
methods of discovery such as threat hunting, the process of proactively
searching networks to detect and isolate sophisticated threats.

Hackers cloaked in camouflage

In the search for vulnerabilities cloaked in camouflage, a change in
approach and perspective is key. In astronomy, for example, planets can
often be hard to find because they are so much dimmer than the stars they
orbit. To tackle this, physicists do not look for the planet itself, but
instead measure shifts in the velocity of the planet’s parent star caused
by the influence of its orbiting companion. In other words, they stop
looking for the unseen object itself and look instead at the effect of its
behaviour on the things they can see.

As the sophistication of cyber attacks grows, it is getting increasingly
difficult to find hackers hidden inside the system. Most security products
are good at detecting known threats, but can’t do much to spot malware
that’s designed to be invisible. That’s why it makes sense to switch to a
behavioural strategy, such as threat hunting. To spot the chameleon, CISOs
must begin searching for the impact of the malicious code, and not just the
code itself.

The spiralling cost of failing threat prevention

The implications of failing to spot a malicious intrusion can have
disastrous effects to an organisation’s bottom line. From a loss of
customer confidence and the potential theft of intellectual property, to
corporate fines for the non-compliance of data security. The cost of
dealing with the fall-out of security breaches can far outweigh the cost of
preventative cybersecurity measures. In its annual Cost of a Data Breach
Study 2016, the Ponemon Institute reported an increase in the average cost
of a data breach from US$3.79 million to US$4 million.

However, this cost is set to spiral over the coming years, pushing the
priority of prevention high up organisations’ lists. With the introduction
of the General Data Protection Regulation (GDPR) coming into full effect in
May next year, we will see a significant change to the regulatory
landscape. From 2018, disclosure of a data breach will become mandatory and
fines may stretch to 4% of revenue, posing significant cause for
organisations to reconsider their security measures.

The introduction of GDPR will not only increase the pressure on
organisations to keep personal data secure but, in the case of a breach,
will also mean that CISOs will need to ascertain how and when defences were
breached. This information could prove vital in determining the size of
fine the organisation must pay if they haven’t taken adequate steps to
prevent a breach.

Investing in resources

The threat of GDPR will make it tempting for organisations to throw extra
resources at keeping criminals out, expanding the size of cybercrime teams
and investing in new technology. The problem is that the combination of
growing hacker sophistication and the complexity of existing systems is
already creating more alerts than cybersecurity teams can handle.

The vast majority of these alerts are false positives, incidents that turn
out to be harmless but which must nonetheless be investigated. These
incidents suck thousands of hours out of already-stretched administrators.
That’s why organisations are increasingly relying on automated security
solutions – intelligent technology that can protect organisations from
being attacked by hackers without the need for human effort.

Threat hunting: A combined effort

This is a promising start, but won’t be enough. If CISOs are to find the
invisible, they must discover attacks that operate beyond the reach of
automated protection and monitoring measures. In other words, they need to
find the planets that can’t be seen.

Effective threat hunting relies on the combined effort of human and
automated machines. It would involve human-driven behavioural analysis,
complemented by the automated collection of data on unwanted changes to
authorised programs and software. It is this collection of data that can be
too time-draining and prone to error for humans to tackle. Instead, this
combined human-machine approach reduces the risk of malicious code avoiding
detection, enabling security teams to keep the organisation’s sensitive
data safe.

A solution to the increasing threat posed by hackers is possible. What it
requires is for organisations to re-think their approach. They must utilise
the extent of human talent, and take advantage of the potential of
automated technology. Stop asking humans to do the impossible, and halt the
search for the invisible. By implementing threat hunting tactics in an
organisation, CISOs use the best resources on offer to keep vulnerabilities
at bay. With the introduction of GDPR only a year away and customer loyalty
as important as ever, businesses must tighten their defences now to prevent
becoming the next headline story.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170327/2b2f9a9c/attachment.html>