Cyber security is more complex now than ever before, and the implications of a cyber-attack can be much more disastrous. Organisations must consider not only the financial implications but the reputational damage that can arise following an attack. The proliferation of social platforms and the increasing needs of regulation, mean that security breaches can be publicised across the globe within minutes. Whilst the cost of launching a cyber-attack has reduced over the last few years, the cost of defence has risen. This is because there's a greater variety of attack vectors – means by which an attacker can gain access to your network. The methods deployed are so vast, compared to previously, that it makes it increasingly difficult to build an effective defence against. Highly sophisticated cyber-attacks are also using automation techniques to maximise their damage, to the extent where one piece of code can be used many thousands of times.
The weapons of choice are often commonplace within computing platforms, such as Java, DLL, and PowerShell, used to infect and attack machines. In the same way that a virus makes our body think that we're under attack and uses our own cells against us, ransomware makes applications run encryption algorithms on files and folders (which contain lots of information) that are then held to ransom.
It's now becoming much more difficult to protect a security estate due to the huge variety of attacks. The simple fact is that with the amount of potential attackers out there, you cannot cover all bases at once.
Furthermore, defence technology is slightly behind the curve. Attack vectors are morphing as they propagate, and protection software is always out of date by a day. In fact, every day software is only in date for a microsecond. In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found four every second. Software cannot fight a threat that it doesn't know about yet, and with the creation and development of malware being so fast, software seems to struggle to keep up.
Because of this, there are many attack vectors that companies just cannot cater for as they are not deemed dangerous enough to deal with. The high volume of attack vectors and the delay in technology "catch up" means that you cannot cover all bases, so companies are simply focusing on the worst offenders. The staggering number of attack numbers and the growing sophistication of malware means that a single security approach is no longer enough. Ultimately, if we solely rely on traditional Anti-Virus software for protection then we are always at risk. This makes total cyber security nearly impossible.
The only way to protect our security estates is to start viewing those estates differently. Instead of using traditional stateful Firewall method and trying to keep things out, we should be restricting users to the kind of activity that can be controlled. Identifying and managing the user and the content that user accesses can do far more to protect a security environment than attempting to cover all security bases. Successful user management includes single sign on and ID as a Service.
Ultimately, there's a need for companies to understand exactly what their users are doing. In compliance terms, the technology that companies use can't control enough of the environment to meet compliance needs. In a world where users are demanding anytime, anywhere, any place access to data and other corporate assets, it is crucial that they understand the implications and risks of this access.
The key to cyber security is to get end users to understand and be responsible for data and information that they handle. Employees shouldn't feel hindered by technology and security; they should be able to use the technology given by employers to support the job function whilst, at the same time, being able to adhere to compliance regulations and understand their role in that compliance. The adoption of Single sign on and other solutions help to seamlessly integrate security within the users' workflow, almost invisibly.
Therefore, defence now requires a more joined up approach. Technology and software are necessary for protection, but to truly protect your security estate you need to be proactive. Proactive monitoring can often pre-empt breaches before they are allowed to cause business disruption. Recent technology innovations in global threat intelligence, behaviour analytics, and artificial intelligence enable this proactive approach to scenarios such as security incident and event monitoring (SIEM). But a SIEM is nothing more than a tool; it's the analyst support in interpreting the output that allows for critical decisions to be made.