Do enterprises have the right approach when it comes to IT security?
Information technology (IT) is vital to the global economy. Every major industry is heavily dependent on IT. Unfortunately, due to the dynamic nature of today’s IT environment, these evolving technologies and modes of communication also represent one of our greatest threats. Therefore, it is not surprising that cyber security has become an important economic and national security issue.
As a provider of security solutions, we are witnessing rapid evolution of the threat landscape, with more diverse targets, and in many cases, more advanced technologies and tactics than before. This expansion in risk is threatening to erode the trust in digital commerce, communication and collaboration that we all take for granted today. Enterprises continue to witness rise in cyber-attacks. Attackers today don’t limit to monetary benefits or just acquiring information, they have evolved further to data manipulation. In light of such ever growing threats we are presented with one obvious question – “Are we doing enough to limit cyber-attacks?” or is there a need for change in approach towards security altogether?
In my opinion organizations till date have only looked at perimeter security – which is required for hygiene, but there is also a need to look at security from inside and not just externally which requires a radical change in thought. Security today is more of a mindset problem and less of a technology issue and sooner we understand this, better it is for the business. Many a times CISO/CIO’s look at legacy approach to combat cyber-attacks; approach which has – not seen much success lately, however, continues to give organizations a false sense of security.
A survey of CISO’s, CIO and security professionals revealed that the mature companies have moved to the next level of security by adopting security analytics as the primary tool while the companies at the other end of the spectrum still end up spending almost 80 percent of the budget on prevention and only 20 percent on detection. This leaves no or very little money for responding to the security threats. In case there was a threat detected in an organisation how would it stop or mitigate the same if there are no resources allocated to response.
It is critical to shift the security investments from a maniacal focus on prevention, towards greater balance on monitoring, detection, and response capabilities. It’s become cliché to say that breaches are inevitable and that faster detection and more accurate incident scoping is the way forward, but too many organizations are trying to do these very different tasks using the technologies and processes they have on hand…not designed nor capable of answering their need.
The industry’s current approach can be compared to a mindset stuck in the Dark Ages, whereby companies employ security strategies and solutions that no longer map to the business and threat environment we face today.
The attackers have evolved to sophisticated techniques like manipulating or altering the data within the organization without extracting it. Data drives decision making for people and computer systems. When that data is unknowingly manipulated, those decisions will be made based on false data. Consider the potentially devastating consequences of misrepresented data on the mixing of compounds, control systems, and manufacturing processes.
Many of the advanced attacks last year did not even use malware as a primary tactic. The industry continues to seek a technology solution to what was/is fundamentally a problem of strategic approach.
Some of the ways the security industry could address shortcomings and better combat advanced threats are:
#1 Stop Believing that Even Advanced Protections Are Sufficient
No matter how high or smart the walls, focused adversaries will find ways over, under, around, and through.
Adopt a Deep and Pervasive Level of True Visibility Everywhere – from the Endpoint to the Cloud We need pervasive and true visibility into our enterprise environments. You simply can’t do security today without the visibility of both continuous full packet capture and endpoint compromise assessment visibility
#2 Identity and authentication matter more than ever
In a world with no perimeter and with fewer security anchor points, identity and authentication matter more than ever. At some point in [any successful attack] campaign, the abuse of identity is a stepping stone the attackers use to impose their will
External threat intelligence is a core capability there are incredible sources for the right threat intelligence [which] should be machine-readable and automated for increased speed and leverage. It should be operationalised into the security programmes at organisations and tailored to an organisation’s assets and interests so that analysts can quickly address the threats that pose the most risk
#3 Understand what matters most to your business and what is mission critical
You must understand what matters to your business and what is mission critical. You have to defend what’s important and defend it with everything you have. Our problem is not completely a technology problem. Our adversaries are not beating us because they have better technology, they are beating us because they are being more creative, patient and persistent. What we need is a mind shift change.
While we can hold on to the traditional ways of securing ourselves, we also need behavioural intelligence to hunt these attacks in real time and respond to them quickly. Need of the hour is to detect quickly and respond even quicker before there is a major damage to business.
– Kartik Shahani is Senior Regional Director, RSA, India & SAARC