Cybercrime is a constantly evolving beast. In the past quarter century, the methods, motivations, and impact of cybercriminals have changed and developed – from bothersome worms and viruses to devastating DDoS attacks and advanced persistent threats (APTs).
The threat landscape as moved from an age of nuisance – created by lone, rogue coders motivated primarily by achieving notoriety – to a world in which organised gangs with political, socio-economic, or financial motivations precisely target weak points in specific organisations.
Data breaches are growing exponentially – inflicting more damage than ever before, and hitting new peaks in terms of sophistication, scale, and impact. Although many of the specific tactics used in attacks – such as malware and phishing – have been consistent over the last few years, attackers have become smarter, faster and more organised.
As last year’s breaches of Target, Sony and others show, attacks are more complex than ever, criminals are prepared to go extraordinary lengths to achieve their aims, and countless dollars, company reputations, employee well-being, and executive careers are at risk.
And cybercriminals will undoubtedly become more tenacious moving forward. Cybercrime is a booming industry that continues to attract new groups and funding, and find new targets – and will continue to do so as long as the rewards for criminals far outweigh the risks, the odds of getting caught stay low, and the costs of entry for cybercriminals remain inexpensive.
As cybercrime expands, cyber security professionals will need to adapt to ensure their businesses can continue to thrive in the face of these challenges. Here are three ways the cyber security industry should look to evolve to stay ahead of growing cyber threats.
1. Cyber security as a business process
There is no ‘silver bullet’ for cyber security. If criminals are skilled, well-funded, determined to break into a company’s network, they will eventually succeed. No technology, new or old, is able to single-handedly prevent that.
To protect their business, security professionals need to lead their organisation into a stronger, security-focused state of mind. It means identifying and understanding the data they hold and the specific risks they face – and educating the executive team and boardroom on what it means, and where and why investments are needed.
Beyond that, it’s up to security professionals to instil a culture of continual improvement. It’s about knowing what the risks are, and practicing and provisioning to mitigate them.
It’s about measuring and benchmarking a team’s performance and working to get a little better every day – be it for the time it takes to respond to a security incident, or patching vulnerabilities.
By doing this, organisations will not only get better at security – but strong security will be a habit for the team and the business.
2. Aligning prevention, detection and response
IT solutions to prevent and detect security issues are still important for deterring basic attacks – but as cybercriminals grow more capable and determined, they will eventually fail. Cybercrime has progressed to the point where data breaches are more a questions of ‘when’ rather than ‘if’.
But that’s okay. If companies focus on how they respond to attacks once they occur, they have the ability to quickly resolve the incident and limit the attack’s damage.
How a company handles a security incident has an enormous impact on the overall damage, legal ramifications, and public perception. Taking steps to improve response as earlier as possible can make all the difference.
Organisations should build an incident response (IR) plan well before they ever need one. This includes accounting for any potential regulatory requirements, looking at best practices for mitigation and remediation, and understanding who is responsible for which parts of the response.
They should make the plan clear to all relevant stakeholders. IR is not exclusive to the security team – IT, human resources, marketing, PR, executives, and the board are all involved one way or another. It’s essential that they know what their role is, and have the information necessary to do it properly.
Finally, organisations should practice and update the plan frequently. When an incident strikes, they want a team acting on muscle memory. They should run simulations often, and work on improving performance to ensure your team is primed to respond when needed.
3. Building cyber resilience
By aligning their prevention, detection, and response strategies and functions, organisations can ensure that they can manage today’s cyber threats, even as they continue to evolve.
Because instead of looking at emerging attacks methods and shiny new products, they build fundamentally sound, comprehensive security processes that lowers overall risk and enhances their ability to bounce back.
In the end, that’s what cyber resilience is: the ability to manage an attack quickly and gracefully, before it causes catastrophic damage, and return to normal business operations with minimal disruption.
For centuries, businesses have learned to live with disasters – be it fires, robberies, or accidents. Cybercrime is just the next challenge – and it too can be managed as just another part of doing business.
Sourced from Paul Ayers, Resilient Systems