The last few weeks have been eventful in the cybersecurity world, with three high-profile data breaches being revealed. We’ve become fairly accustomed to hearing about security breaches and while most businesses are becoming aware that it isn’t a case of ‘if’ they are hacked, but ‘when’, events in the UK over the course of the seven days between 22 and 29 October 2015 indicate just how complex cyber security is today.
First ISP TalkTalk announced that it had been the victim of a cyber-attack and is, to date, unsure how many of its four million customers are affected; a Marks & Spencer ‘website glitch’ meant that customers’ personal information was displayed to other users when they logged into their online accounts; and British Gas revealed that around 2,200 user account details had been posted online – but claimed the leak had not come from the company itself, leading to speculation that a phishing attack may have resulted in credentials being stolen.
What is most notable about this spate of breaches is the fact that the cause of each one was different, though the outcome was the same – customer personal data leaked.
Each of these very real scenarios highlights the diverse ways systems can be breached. A priority for any organization has to be protecting its customers’ personal data and the consequences of failing to do so can be severe, yet many are struggling to do this effectively and never has that been more apparent than over the last few days.
Breaking Down the Defensible Perimeter
It wasn’t so long ago that organizations felt that they could install some antivirus and a few firewalls and be fairly confident that their systems were secured. However, IT environments have become far more vulnerable as trends, such as the cloud, have broken down the defensible perimeter and added layers of complexity to security strategies. What’s more, cyber criminals have become increasingly sophisticated and determined – if they want to get past security defenses, they’ll find a way and, if the breaches of TalkTalk, British Gas and Marks & Spencer show anything, it is the many different threat vectors that they have at their disposal.
While it appears that Marks & Spencer’s breach was a result of internal difficulties, rather than external thieves, it shows just how easily anomalies can occur and, if they aren’t detected, can result in the loss of data.
As it stands, most organizations are overly reliant on perimeter security tools and, while many are realizing that this isn’t enough, this means that you could run into difficulty if you were attempting to comprehend the amount of work involved in monitoring your networks and identifying threats.
Threat detection tends to be based on various security sensors that scan for suspicious behavior or known signatures of malicious activity. These sensors provide a continuous stream of data related to threat events but, for some, there can be thousands, or even hundreds of thousands, of events every hour. The resulting quantity of data means that your security teams could struggle to understand which threats need further investigation – let alone shut-down any suspicious activity quickly.
Clearly, the more time it takes you to detect a breach, the more time it takes you to respond and, during this time, a serious amount of damage can be done. With a multitude of threats out there, your organizations may need a more effective strategy that will not only allow you to see and evaluate every single threat, but also allow you to mitigate them in as little time as possible.
The Right Info to the Right People at the Right Time
An effective IT security strategy is dependent on skilled people, well-defined polices and processes, as well as technology – which is critical in boosting human expertise. Security teams need as much information as possible to quickly evaluate threats to understand the level of risk, as well as whether an incident has occurred, and this requires intelligent security systems. It is critical that, rather than simply scanning for threats and raising an alarm if something suspicious in identified, these systems are able to deliver actionable insight, with supporting forensic data and contextually rich intelligence.
This ensures that the right information is delivered to you at the right time, to the right people, with the appropriate context attached, which will significantly decrease the amount of time it takes to detect and respond to threats. What’s more, not only does this provide rich intelligence on security incidents, but continuous monitoring of the network will also allow IT teams to see if there are any technical issues that need attention.
If we take any positives from the TalkTalk, Marks & Spencer and British Gas breaches it should be that they highlight just how critical it is to have intelligent security strategies in place alongside a robust and solid framework. Each is a high-profile organization and if they can become a victim, anyone can. While it may be almost impossible to prevent a breach nowadays, it is not impossible for you to limit the damage – but only by taking an intelligent approach to security.