Breach, Threat Management, Data Security, Security Strategy, Plan, Budget

Stop betting on detection-based security technology

A clear majority – some 68% of global CISOs – do not believe that their organization can cope with a cyberattack. As a result, CISOs are continuously approaching enterprise leadership and company board members to voice their concerns. So, it would make sense that top managers would give CISOs the resources they need to do everything possible to prevent an attack. Guess what? They’re not.

Organizations are not being proactive in their security strategies and are failing to implement the proper security controls. Immediately after an attack occurs there’s a groundswell of concern and discussions circle around how the attack occurred, who was responsible, and the damage incurred. This conversation turns the focus to remediation and away from what’s most important: How can we ensure that these types of incidents do not occur in the first place?

Most recently, we’ve witnessed some of the most massive—and impactful—security incidents such as SolarWinds, Microsoft Exchange Server, Colonial Pipeline, and now Kaseya. These attacks grab the attention of all the major television networks and make front page headlines. Yet, they fail to grab the attention of board members, top executives, and constituents of publicly-traded companies so that they spur the hands-on tech people at the company level to take action. Have we not had enough close calls or downright direct hits? Enough is enough. It’s time for decision-makers to step up, take action and implement preventative measures to defend against these attacks once and for all.

Detection-based solutions have serious security gaps

These threats almost always enter the networks through malware-bearing files, such as email attachments or website downloads. The malware gets planted via a payload and triggered by an unsuspecting target. It should come as no surprise that 41% of CISOs fear users will click on malicious links or download compromised files. Unfortunately, security leaders have to rely on outdated detection-based technologies and solutions. A majority of traditional security solutions are unable to protect against new and sophisticated threats and savvy, multistage attacks.

A recent study found that malicious files could bypass Office 365 Advanced Threat Protection 23% of the time and the average time-to-detect (TTD) was about 48 hours. For G Suite, malicious files were able to bypass detection 35.5% of the time and the average TTD was 26 hours. Additionally, detection-based solutions are unable to detect undisclosed threats and zero-day exploits. An average of 80% of successful breaches are new or unknown zero-day attacks. With these numbers in mind, it seems like major organizations are content playing Russian roulette with their networks, customer data, and futures. There’s a lot of talk, little or no action, and quite frankly, enterprises are running out of excuses.

Stop attacks before they enter the network

A 2017 survey found that hackers strike every 39 seconds. Given that cybercrime has increased exponentially over the course of the past year, that number has grown even higher today, mainly because organizations are still not structuring security strategies appropriately. For so long—even to this day—the companies focus on detecting threats so that security leaders are alerted when malicious activity appears within the organization’s network. This results in security team members rushing to contain the threat and minimize any damage. Most ransomware attacks are deployed just three days after the organization’s network was originally infiltrated, and 75% of the time hackers will delay encrypting their victims' systems to conduct other nefarious activities, such as exfiltrating data and stealing administrative credentials. Haven’t we learned by now that malware and ransomware mobilizes so fast that the hackers have already done the damage once it's detected?

Contrary to public perception, there’s no shortage of technology available that can prevent all types of threats from infiltrating corporate networks. Unlike traditional detection-based solutions, such as next-generation antivirus and sandboxes that have high rates of false positives and reduce productivity, technologies such as content disarm and reconstruction and browser isolation are rooted in malware prevention and focus on proactive preventing, such as disarming potential threats and neutralizing malicious content before it can be deployed. There’s no one-size-fits all solution, therefore IT professionals need to identify the inconsistencies in their existing security strategies and plug the gaps—or adopt new and more holistic solutions—by leveraging preventative technology to ensure workflows remain productive and completely secure.

Board members need to give CISOs a seat at the table so that they can engage in a productive and actionable discussion about how to protect the organization. Without these discussions, CISOs will continue to operate with a lack of investment – both financial and from senior leadership – and ineffective technology. They will cross their fingers and hope and pray that the hackers don't strike. Cybercriminals are not necessarily getting smarter. They know that it only takes a slight tweak in malicious code for the malware signature to become altered and ultimately undetectable by traditional security solutions, allowing the threat to slip through the cracks. Detecting and responding doesn’t prevent sophisticated attacks, it can only attempt to minimize the damage—and once it's detected the company becomes a statistic.

We must stay proactive and implement the preventative tools we’ve had in our arsenal all along. It’s time to stop waiting for hackers to exploit the vulnerabilities within security technology because I can promise this much: The hackers will strike sooner than later.

Aviv Grafi, founder and CEO, Votiro

Aviv Grafi

Aviv Grafi is Founder & CTO of Votiro, an award-winning cybersecurity company that helps organizations accept safe content and data inbound, at scale, through Votiro’s open, API-based content disarm and reconstruction-as-a-service technology. Aviv is the principal software architect for Votiro’s enterprise solution, Votiro Cloud, which protects against known and unknown malware and ransomware in data, regardless of data source or destination.

Prior to co-founding Votiro, Aviv served in an elite intelligence unit of the IDF, nurturing his passion for finding simple solutions to complex security issues. Aviv’s areas of expertise span the cyber product lifecycle—from strategy and development, through go-to market—along with network security, IDS/IPS/firewall internals, defensive programming, enterprise security penetration testing, vulnerability research, and virtualization.

Aviv speaks publicly on these topics as they are relevant in order to raise industry awareness and push for innovative solutions. Aviv holds a B.Sc. in computer science, a B.A. in economics, and an M.B.A. from Tel Aviv University. He is the inventor and principal software architect of Votiro’s enterprise protection solutions.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.