30 November 2016

The current state of the cyber security industry: it's a mess


28 NOVEMBER 2016

This year has been troubling for the cyber security industry with more successful and more vicious cyber attacks than ever before 

'Today’s threat landscape is constantly evolving, yet the majority of technologies being deployed to thwart them, are at odds with this evolution and focus on the age old ‘defence-in-depth’ approach' 

The last few days have summed up the current state of the cyber security industry. 

In a matter of days the European Commission was brought offline by a distributed denial of service attack, San Francisco’s Municipal Railway was held to ransom by ransomware in a system-wide attack and it was revealed that in September the Japanese Defence Ministry and Self-Defence Forces were hacked, which may have compromised Japan’s internal military network. 

It is almost farcical. From these most recent examples it is evident that critical infrastructure is totally unprepared for an attack and severely vulnerable as well. 

But it is not just the public sector that is suffering. Private organisations are hacked the whole time despite serious investment in cyber security strategies. 

To gauge what exactly is going on in the cyber security industry Information Age spoke to Mike East, VP sales EMEA at CrowdStrike. Is it really as bad as the evidence suggests? 
What is the current state of the cyber security industry? 

Today’s threat landscape is constantly evolving, yet the majority of technologies being deployed to thwart them, are at odds with this evolution and focus on the age old ‘defence-in-depth’ approach. 

Invariably, adversaries find ways to penetrate corporate networks and execute code at the system’s endpoints. So, this approach, focused on defending an organisation’s perimeter, leaves them free to operate undetected once inside, because nobody is looking. 

As a result, both vendors and end-users alike are missing a trick when it comes to proactive detection and response, which is resulting in damaging breaches. 
What does the industry lack? 

Most organisations today lack the ability to effectively leverage both advanced prevention and detection and response capabilities. 

Legacy technologies that rely on known signatures or indicators of compromise are reactive, by definition, and prone to miss the 60 per cent of malware-free attacks. 

To that end, organisations need both next-generation antivirus, full visibility into their environment, and to augment technology with proactive threat hunting to add an extra layer of protection. 
What does the industry need? 

It’s not enough to focus on the symptoms of the cyber threat problem. 

In reality businesses need the ability to stop breaches, regardless of the type of attacks they face. 

This means having actionable intelligence and scalable defences that apply artificial intelligence/machine learning and behavioural-based analytics to thwart both known and unknown threats. 
Why does cyber security’s current state make defence impossible? 

Many of the legacy tools end-users have in place at present cannot aggregate intelligence and look for anomalous behaviour across the enterprise to help them identify indicators of attack (IoAs). 

Lacking visibility into endpoints that are continuously monitored, business cannot quickly identify malicious activity in order to isolate and mitigate the impact on their network. 
Is compromised the new normal? 

Whether a Fortune 500 company, a family-run business or a utility company, all businesses today are vulnerable and proactively sought after as attack targets – whether by a nation-state group, a criminal network, or an independent hacker. 

From social security numbers to intellectual property, every brand is trusted with information that translates to monetary value, which can be sold on, or used for strategic espionage and data collection. 

Cyber security professionals should be constantly examining their network. If they are not constantly hunting for adversaries, the chances are they are being hunted. 
What cyber security practices will have to be adopted? 

To defeat a sophisticated cyber criminal, enterprises need technology, expertise and high-grade threat intelligence. 

Unifying next-generation antivirus, endpoint detection and response (EDR) and proactive threat hunting can shift the advantage back to the defender. 
How can you effectively manage cyber defence systems? 

Companies will never be able to prevent every attack; the networks and target space are too vast and there are too many opportunities to get in. 

However, keeping software updated is the critical first step to better manage defence systems. 

If businesses are using a cloud-based model for delivering cyber security, updates can be rolled out almost immediately on an automated basis. 

Second, organisations must know where their critical data is, how big the network is, where the entrance points are and how the network is segmented. 

A lack of understanding of the basic network principles and standard ‘network hygiene’ puts the company at unnecessary risk. 
What will be the top cyber security trends for 2017? 

Weaponising data will become the new norm, and the attack methods used to obtain it will become more advanced and hard to detect. 

As this shift continues to play out on the adversary side, enterprises must also change their tactics to ensure the safety of sensitive data. 

In 2017 and beyond, the use of sophisticated prevention technology and tactics including threat intelligence, machine learning and managed hunting, will be the only combination of tools to truly support enterprises in predicting, detecting and preventing damaging intrusions. 

There’s been a decline of legacy antivirus and we feel the trend is reaching a boiling point now. 

Many organisations will look to replace and augment their AV to be better prepared for today’s threats.

No comments: