The digital transformation is speeding up and the world is increasingly running on data. In its wake cyber criminals are getting a whole lot smarter and over the past year we’ve seen massive ransom- and malware attacks resulting in global headlines, and cybersecurity is now a priority for everyone. But building huge walls in order to prevent attacks is no longer the solution. Instead we need a different mindset, focusing more on detection, and on building organisations infused with security thinking.
Big data as a security tool
As organisations become more security aware their cybersecurity efforts have made it harder for attackers to remain undetected. Attackers don’t want to get caught while stealing valuable data so, and as many businesses have data protection solutions in place, for example malware detection systems, they opt for standard Windows tools instead, like Microsoft Power Shell, to snoop around in the network.
This is where big data analytics can really help by setting a baseline for the internal users of the system and warn when anomalies occur. For instance, technicians will have certain work routines, while finance department employees will have a different workflow. When all of a sudden someone in the finance department opens Power Shell, this is not a standard behaviour and it will trigger warning signals even though it just happens to be a standard Windows application. Organisations with high security risks, like government bodies and companies with significant volumes of IP or critical data to protect, already rely on big data for security.
Your servers turn into secret bitcoin miners
The rise of cryptocurrencies has created a new security risk. Cryptomining requires large amounts of computing power and criminals are regularly “recruiting” individual computers in order to creating vaste crypto-mining networks. One or two computers might not show up on the radar, but with proper detection measures in place, like monitoring of resource usage you are able to keep intruding miners away. In general the very best strategy is to ensure all your systems are up to date. Don’t leave things unpatched or run old versions of software. And of course: don’t click on everything you see. Attackers still see e-mail scams as an attractive “way in.
Impossible to keep attackers out
Of course it’s important to try and protect your company, but let’s be honest, there is no way you’re ever going to be 100% protected. This is why we’re now moving away from prevention to focusing on detecting intrusions as soon as they happen. In a world of changing threats and compute-everywhere environments, the old security paradigm of just building bigger walls will be replaced by a continuum from block to allow. Machine Learning is becoming the key technology for predicting, detecting and preventing known and unknown threats. According to Gartner, deploying threat detection and response tools is a top priority for Chief Information Security Officers (CISOs). These investments can make a big difference. A report published by the US Ponemon Institute calculates that when an intrusion is found in less than 100 days, the average cost is $2.8 million. When detection takes longer than 100 days, the expense jumps to $3.8 million.
With the increase in cybercrime the hottest experts are those in IT security. But what can you do when there aren’t enough security experts to go around? The best immediate bet is to look for external partners to help secure the organisation’s IT.
Not every company needs a team of security professionals, but everyone needs people who are security aware. By ensuring the organisation has the right knowledge and culture a lot of threats can be avoided. For example, developers should always have security in the back of their minds while working on their projects. But all employees have to become more aware of security risks and take responsibility.:
- Everyone in the organisation must be aware about the threats and know some really simples rules: Firstly not all e-mails should be opened. Secondly, not all attachments should be opened. Thirdly, do not reply to everything. And do not insert any unknown memory stick into the computer!
- Establish routines for handling attacks and ensure everybody knows about them. An employee takes the chance of opening an e-mail and then they don’t want to be a nuisance or expose their “stupidity” so they don’t tell anyone. Clearly not a good idea. People need to know who to contact, and they need to be met in a friendly and professional way
- If something occurs, the notification procedures must be crystal clear, the distribution of responsibility indisputable and the measures immediate. Surveillance equipment must be routinely controlled, and there has to be subscribers to security updates.
- Practice, which is part of the contingency, may be done at different levels: from within the IT department to the entire organisation, but it’s really important that it happens.
When security experts are hard to find a great way to infuse security thinking into the organisation is by creating a multicompetence team. Look for employees with integrity and a personal interest in security, people who are spending time outside of work searching for security holes and keeping up with the latest trends and tools. With this team in place, not only can you use their combined expertise, they will also act as ambassadors and spread security awareness to their respective departments.
Do you want to transform how you work with information security to speed up innovation in your company? Download our Digital Ability Report HERE and get some insights on how to take security and innovation to the next level!
Author: Fredrik Svantes, Senior Information Security Manager, Basefarm
Fredrik Svantes is the Head of the Basefarm Security Operations department and has also lead the Basefarm Security Incident Response Team for the past seven years. Previously he has worked for companies such as Blizzard Entertainment, doing detective work on logs for massive online platforms running games such as World of Warcraft. Blog: http://bfblogg.wpengine.com . Twitter: @fredriksvantes .