As destructive cyber resources become more affordable, scalable and sophisticated, hackers are as well-positioned as ever to mount full-scale attacks on unsuspecting businesses. This evolution of tools at the attackers’ disposal means that reactive cybersecurity measures are no longer sufficient enough to combat the growing threat from cyber-criminals.
Most astute business owners expect to face some sort of cyber-attack. The problem is many of them still believe that applying patches or fixing leaks will do the trick and they’ll be fine. By doing that, they are essentially presenting a static target, possibly without even realizing it.
Furthermore, they are also missing out on a powerful opportunity to learn more about how their enemies operate.
With resources like botnets and commoditized hacking software readily available to cyber-criminals, there is often very little resistance holding a determined hacker at bay. Add that to a low risk of detection or resource loss, plus potentially lucrative rewards, there isn’t a whole lot to deter hackers from grinding away at their 'work' or ‘passion’ in relative peace.
Considering the fact that just one breach of a company's firewall is likely to be enough for cyber-criminals to install ransomware or carry out sabotage operations, a more proactive form of defense is necessary to security. Such a defense involves leveraging Big Data analytics, network function virtualization, cloud scalability and penetration tactics to get a handle on how cyber-criminals operate.
This would take the fight to the hackers and potentially disrupt their activities on a wider scale. In the best-case scenarios, expensive botnets would be brought down, and their owners would tracked and sent to the slammer. So how can businesses get started?
Machine Learning and Big Data Analytics
By combining the twin technologies of machine learning and Big Data analytics, forward-thinking security service vendors are already creating products and services that can use a wealth of current and historic internal data; external contextual data and threat intelligence to understand the decision-making process behind cyber-attacks.
Not only can these systems recognize subtle anomalies in any area of the business IT ecosystem, they can also use pattern-matching to predict how and when an attack is most likely to occur, moving in near real time to disrupt the aggressor before he or she even begins the attack. This is similar to the concept behind the movie 'Minority Report', where crimes are detected and thwarted at the decision-making level.
Ongoing research at the Office of the Director of National Intelligence's IARPA (Intelligence Advanced Research Projects Activity) organization is likely to provide valuable intelligence in this field. IARPA's CAUSE (Cyber-attack Automated Unconventional Sensor Environment) project is currently studying cyber-actor behavior and cultural understanding, cyber-event coding, cyber-event forecasting, cyber-kinetic event detection, cybersecurity, threat intelligence and threat modeling.
Virtualization of Security Hardware
Big Data analytics are not possible using traditional on-premises IT architecture. As cyber-criminals move into the cloud, it is imperative that businesses follow them and replace their old 'perimeter defense' mentality with a new paradigm based on the nebulous edges of cloud and hybrid networks.
For businesses currently using hardware devices such as firewalls and intrusion detection systems (IDS), one answer could lie in embracing SD WAN technology and network function virtualization (NVF).
In fact, according to research performed by Shamrock Consulting Group, firewalls and IDS appliances are among the top five types of hardware device most ripe for virtualization. This would immediately open up the benefits of scalability with businesses able to draw on extra compute and storage resources to tackle complex and potentially overwhelming threats.
For example, an onsite physical IDS appliance could be replaced by a more sophisticated managed intrusion prevention system (IPS) with the capability to not only detect a security problem, but take instant action to mitigate the threat (dropping TCP connections, alerting skilled infosec professionals, etc.).
Incorporating the Human Factor
Automation of increasingly sophisticated security processes frees up humans for more nuanced analysis. As an analogy, imagine a technology which could pinpoint all of the small metal objects hidden in a haystack: with the vast majority of the legwork already done for them, the human would be free to concentrate on determining which objects were actually needles.
Another role for employees in the future security environment would be in penetration testing, carrying out authorized attacks on their own business networks to test the ability of their security services to detect and respond to threat.
Finally, one area of infosec which will need to remain a priority is fundamental security training. With the majority of breaches still down to human error, basic good practice around password hygiene, phishing identification and device security is likely to remain as critical as ever.