MJ Strydom, MD of cybersecurity specialist DRS reveals why every business is a breach target in 2020.
It’s no secret that cloud computing and network-connected smartphones have enhanced the invasion prospects for companies. Cyber exploits are more sophisticated, illusive, and targeted than ever before. With cybercrime rates estimated to have generated US$1.5 trillion in 2018[1], navigating today’s complex cyber threat landscape requires comprehensive cybersecurity.
In 2019, becoming an under-protected target for hacking was dangerous for entire industries. A large number of state and local public sector agencies were ravaged by ransomware attacks across the globe – with South Africa proving to be no exception to that reality.
Let’s examine some of the stats coming out of 2019[2]. The CheckPoint 2020 cyber-security report estimates that in January last year, over 770 million email addresses and 21 million unique passwords were exposed in a popular hacking forum. It became the single largest collection of breached personal credentials in history, named ‘Collection #1’. However, later in the year, it was discovered that this was merely a minor slice of a bigger data leak, split into seven parts and distributed through a data-trading scheme.
Airbus, the world’s second-largest manufacturer of commercial aeroplanes, suffered a data breach exposing personal data of some of its employees. Three unauthorised attackers breached Airbus’s ‘Commercial Aircraft Business’ information systems; 620 million account details were stolen from 16 hacked websites, and offered for sale on the popular dark web marketplace, Dream Market. Later on, the same cyber-criminal published the sale of another 127 million accounts from eight more hacked websites.
The next question is, of course, what should you do in light of these statistics? The answer to that is simple – always choose prevention over detection.
Detection is not protection
Organisations driving prevention strategies as opposed to just ‘quick reaction’ measures, can win the war against cyber criminals. Attacks from unknown threats pose critical risks to businesses, and unfortunately, they’re also the hardest to avert. That’s why many businesses resort to a strategy of detection-only protection. Some rely on event monitoring and threat hunting by security operations centre (SOC) teams to detect a problem only after their systems have been breached.
But this is a far less effective strategy than the prevention of a breach. It is imperative for organisations to prevent cyber-attacks before they breach enterprise systems. Traditional cybersecurity vendors often claim that attacks will happen, and that there’s no way to avoid them. They go on to suggest that the only thing left to do is to invest in technologies that identify the attack once it has already breached the network, and mitigate the damages as soon as possible. This is untrue.
Not only can attacks be blocked, but they can be prevented, including zero-day attacks and unknown malware. With the right technologies in place, the majority of attacks, even the most advanced ones, can be avoided without disrupting normal business flow.
Without a consolidated solution, companies need a long list of security tools to address all possible attack vectors. This approach can be needlessly complex, expensive, and ineffective. In fact, building security using a patchwork of single-purpose products from multiple vendors usually fails. It generally results in disjointed technologies that don’t collaborate and creates security gaps. Additionally, working with multiple systems and vendors can introduce huge overheads. As a result, many attacks are not prevented, forcing organisations to invest more on post-infection and breach mitigation.
In order to achieve comprehensive security, businesses need to adopt a unified multi-layer approach that protects all elements – networks, endpoint, cloud, and mobile. Sharing the same prevention architecture, threat intelligence and management can safeguard your company more effectively.
Use the biggest of the big guns – threat intelligence
Keep your threat intelligence up to date if you want to prevent zero-day attacks. For the uninitiated, zero-day attack vulnerability is essentially defined as a software security flaw that is known to the vendor, but patches are not available to fix the flaw. These unintended flaws are found in software programs or operating systems.
It is critical that companies have incisive, real-time threat intelligence that provides up-to-the-minute information on the newest attack vectors and hacking techniques. Threat intelligence must cover all attack surfaces including cloud, mobile, network, endpoint, and IoT, because these vectors are commonplace in an enterprise. Attack vectors continually evolve to exploit vulnerabilities on these platforms.
In the constant fight against malware – threat intelligence and rapid response are vital capabilities. To maintain business operations, you need comprehensive intelligence proactively stopping threats, management of security services to monitor your network, and incident response to react quickly and resolve attacks. Malware is constantly evolving, making threat intelligence an essential tool for almost every company to consider. When an organisation has financial, personal, intellectual or national assets, a more comprehensive approach to security can protect against today’s sophisticated attacks. Threat intelligence is one of the most effective proactive security solutions available today.
Lastly: Beware of the devil you know
34% of all cyber-attacks are perpetrated by insiders. This makes it clear that legacy security infrastructures are dangerously ineffective.
For more information, contact MJ Strydom, DRS, mj@drs.co.za, www.drs.co.za
[1] 33 Alarming Cybercrime Statistics You Should Know in 2019, by Casey Cane, Security Boulevard, November 15, 2019.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version