It's not easy for an organization to defend against the frequency, sophistication and wide range of attackers seeking to compromise a network, obtain intellectual property or bring business operations to a halt.
And all too often, we see executive teams resort to buying a broad range of solutions as the answer to growing cyber threats, believing that the more technologies they layer in, the safer their networks will become. But this isn't necessarily true – hackers are continuing to evolve tactics, getting faster and arguably more “clever” with their techniques, enabling them to bypass traditional prevention solutions such as antivirus (AV). It's become clear that there's still too much that most executive teams don't know about how to architect their strategy for success. And when it comes to cybersecurity, what you don't know will hurt you.
To properly safeguard networks, executives need to have insight into today's cyber landscape, from the evolution of threats to what is needed to protect their specific line of business. Taking a step back, we must first understand how threats are detected by conventional technologies.
Most security solutions rely on identifying signatures and known threats, or Indicators of Compromise (IoCs). The problem with tracking IoCs is that they don't capture new obfuscation methods and the majority of today's attacks, which are malware-free intrusions. New exploits, signatures or versions of malware can be crafted and deployed within minutes. We've seen this ring true with ransomware. Its highly profitable nature motivates adversaries to craft new variants that can circumvent the traditional prevention technologies many businesses rely on. But there are certain approaches and capabilities organizations can take to keep up with these changing tactics.
The key to a strong defense is taking a proactive approach to cybersecurity. Proactive security focuses on a few key elements, including using artificial intelligence as well as behavioral analytics or Indicators of Attack (IoA) based prevention. Unlike IoCs, IoAs identify adversary behavior indicating malicious activity, such as code execution or lateral movement. By detecting an attack at various stages of the kill chain, organizations can prevent, detect and respond before damage is done. Any large organization will have an incident. The key is to ensure that an incident doesn't turn into a breach.
While we could speak at greater length to the power these capabilities provide an organization, we'll go through a quick overview:
● Machine learning analyzes security-related data, including file “features” and behavioral indicators over a massive data set. Often times billions of events can be used to “train” the system to detect unknown and never seen attacks based upon past behaviors. If machine learning algorithms are trained with data-rich sources, and augmented with behavioral analytics, they can be an extremely effective first line of defense against modern threats like ransomware.
● Threat intelligence provides actionable insight into the risks businesses face, enabling organizations to build a more resilient and strategic defense. What's important to remember is that threat intelligence should help you prioritize what attacks may have the most impact to your business. For example, a piece of commodity malware will have a much different level of priority and response than a targeted attack from a nation state actor. Intelligence isn't necessarily about going after a group or individual, rather it is focused on understanding the adversaries' attack methods and what sort of impact they might have on your business.
● And “human enforcers,” also known as managed hunting teams, are a team of cyber experts proactively patrolling a business's network for any anomalies, providing an extra layer of human protection that augments and enhances automated detection capabilities.The fact that many executives remain solely reliant on technologies like AV and haven't yet integrated technologies that provide better prevention and visibility, is indeed concerning. But, the truth is, whether a small business or a Fortune 100 enterprise, proactive security can be critical for protecting intellectual property, guarding core systems, and ensuring your critical business process doesn't get interrupted. Today's organizations must look at security and business resiliency with the same lens. In too many cases, cybersecurity risk has not been adequately translated into terms a board can understand, but given the impact of NotPetya, WannaCry, and other malicious attacks, security must become a board level concern. Only then, will organizations truly know its impact on risk management, customer retention, and brand reputation.