Experienced cybersecurity leaders are beginning to call for a move from reactive detection to proactive prevention. It’s clear that the need to get ahead of the cybersecurity curve is real.
Over the past decade, experts talked about the number of days that malware is in your system, and now the discussion is fast becoming how many seconds you have between detection and disaster. There is no longer time to call the boss, check your files or phone a friend. Victims are literally watching their systems being taken over, and they are powerless to stop it despite massive budgets and plans. Clearly, spending on an arms race with dollars, people and technology is not an effective long-term solution. We need a different approach.
Enter proactive prevention, the concept behind this move toward flipping the script and finally getting ahead of our adversaries.
Why are we talking about this now? With both attacks by state actors and insiders recording big year-over-year increases, and total breaches continuing to rise organizations around the world are feeling the bite in significant ways. Reports of big dollar losses, operational losses and businesses being held hostage occur almost every week. In many of these successful attacks, the malware is simply moving faster than the defensive systems – defense that still requires a human to look at a screen, perform a quick analysis, make a recommendation, get approval from above (for most big responses like shutting down a service) and then make 100% of the code changes necessary to enforce the modification is simply proving too slow. When malware strikes today, even if it’s been sitting covertly for months, it strikes with a speed and alacrity that renders defenses mute.
But the biggest reason we’re finally going proactive is that the technology is finally ready to make these long-held concepts a secure reality. Artificial intelligence that learns to predict rather than react, microsegmentation that can efficiently switch to more defensive postures in a heartbeat, and behavioral biometrics that can provide trusted identities well beyond those of ancient passwords or a handful of multi-factors are finally real, available and just beginning to make a difference.
We’re talking about this now because it can finally work now. Today, large-scale energy providers are predicting attacks before they happen, and immediately quarantining key resources while the coming attack is studied. Today, companies are microsegmenting their key divisions and departments so that when (not “if” anymore) a ransomware attack gets in somewhere, it won’t be able to spread laterally and take down an entire organization. Today, companies are using dozens of behavioral biometric markers to determine identity, like which hand you hold your phone in which car seat you sit. And this number will soon grow to hundreds of markers, making an even more trusted identity possible.
The White House’s National Cybersecurity Moonshot focuses on four key technologies that will lead the way to faster response times. These technologies are: 5G communications to connect our world and deliver massive waves of new data; augmented intelligence to provide the speed and agility to bring real-time trusted decisioning to that data; behavioral biometrics to provide identities that stand up to the deepest fakes; and quantum resistance that will withstand the coming generation of computers that can all-too-easily decrypt today’s secrets. These four technologies, when applied to the latest security theories of Zero Trust and proactive prevention, can be the building blocks for enterprise security that provides the trust and predictability of proactivity.
Technology alone is not the answer, and a successful shift in strategy from reactive to proactive requires strong pillars of support to be foundationally established within an organization. Executive behaviors must change to accept the goal is now to minimize and contain a breach, but not to stop each and every one from happening. Education of your security teams and overall workforce must change, getting beyond platitudes and “other peoples’” jobs to truly understanding their roles as front-line attack vectors. Your ecosystem of suppliers must change, flowing down real security guarantees with checks and consequences. Corporate policy must change to allow, encourage and reward stakeholder involvement, and privacy systems must be trusted and respected to ensure maximum engagement.
While this may seem daunting for your organization, it is becoming the best-of-breed goal to work toward today. It can start with your board of directors, flow through your executive teams, permeate both front and back office business functions, and run deep into HR and purchasing departments. These groups must be equal partners in your overall successful move to a proactive defense that provides the predictability and peace of mind required to thrive in today’s hostile environments.
Computers are being used to attack us and our critical infrastructure. Adversaries are employing artificial intelligence and machine learning against us. Organizations can’t continue to move at their current pace to address cybersecurity threats. They need to accelerate, automate, embrace advanced technologies and take a Zero Trust approach.
By Tom Patterson, Chief Trust Officer, Unisys