Monitoring threats is an ongoing, mountainous battle rife with evolving challenges for security teams. With human threat actors and malicious bots adapting attack tactics to get round protection measures, the need for proactive, 24/7 cybersecurity threat monitoring is higher than ever.
According to Ponemon, organisations that leverage threat intelligence are 2.5 times more likely to have an effective cybersecurity posture. With cyber threats rising, but security resources often proving limited, threat intelligence aided by artificial intelligence has become essential to reducing cyber risk. Here’s how to effectively optimise your business’s cybersecurity threat monitoring strategy.
Kubernetes monitoring best tools — With Kubernetes becoming a key gateway for container software development, efficient monitoring and management of the platform is critical.
Key challenges to address
With masses of company data being migrated to the cloud and remote devices, particularly during the pandemic, security processes and strategies have had to evolve with the shift. This is among the most pressing challenges that cybersecurity teams have faced in recent times, when it comes to monitoring network behaviours.
“Cyber attacks are on the rise in today’s digital age where everything is interconnected. As cases of cyber fraud rise, cybercriminals are using sophisticated tools and advanced techniques to perpetrate cybercrime,” said Kunal Purohit, chief digital services officer at Tech Mahindra.
“With the use of cloud technology and hybrid environments, threats have expanded further, posing greater challenges to threat detection. This has made effective security monitoring and threat detection mechanisms critically important.”
Data management and industrial security
According to Madeline Cheah, senior consultant at Cambridge Consultants, two main challenge categories are at play across cybersecurity threat monitoring in today’s digital business world.
“The first,” she says, “is the big data problem, with increases in volumes, variety and velocity meaning that analysts need to dig through more data, faster and through more complexity to be able to spot the problem. This is only set to grow with the addition of edge and IoT devices being deployed with the advent of Industry 4.0.”
It’s projected that the amount of devices dedicated to the Internet of Things will nearly double from 15.1 billion in 2020, to over 29 billion IoT devices in 2030.
“This brings us to the second category: the explosion of digitalisation and connectivity in industrial applications in almost every domain – including manufacturing, automotive, biotech and smart infrastructure,” said Cheah.
“These act as novel vectors, propagation factors and represent new ways into a system that was closed to adversaries before. Practitioners also face unique threat monitoring challenges when looking at such systems. There are opaque systems that are bespoke, proprietary, or legacy where specs are no longer available and makes instrumentation incredibly difficult.
“Legacy systems could also mean cybersecurity was not considered or only retrofitted. Long lifecycles means that equipment manufacturers and owners must support – and monitor – for longer, typically over years or even decades.”
Increasingly, threat actors have been targeting critical infrastructure to scale up ransomware attacks, slowing down and halting public services such as energy, manufacturing and food distribution. This is usually carried out by nation state actors.
Targeting credentials
Over the past few years, attackers have adjusted their tactics, finding success in targeting employees with the intent of stealing their credentials. Social engineering tactics such as phishing often catch individual users out, leading to passwords, financial information and other sensitive data being breached.
“In the past, they might have relied on attacking infrastructure directly through vulnerabilities or brute force attacks. While they can still happen, these attacks run a high risk of discovery before the bad actor can get in,” explained Hank Schless, director of global security campaigns at Lookout and host of the Security Soapbox Podcast.
“Now, attackers are targeting individuals who likely have access to large sets of valuable cloud data. They do this with the intention of stealing those individuals’ credentials via mobile phishing attacks in order to be able to enter the organisation’s infrastructure discreetly under the guise of being a legitimate user.
“This creates massive issues with monitoring for threats, because the threat looks like it’s coming from the inside if an attacker is using stolen credentials.”
Protecting against cyber attacks backed by generative AI — Threat actors are turning to generative AI capabilities to evolve social engineering and other cyber attacks — here’s how businesses can stay protected.
Keys to a strong strategy
While the above challenges can bring business continuity to a standstill if not properly mitigated, having the right cybersecurity threat monitoring measures in place across the company network will go a long way in keeping attacks at bay.
Registering risks
Firstly, the adoption of a risk-based approach, leveraging AI, machine learning and automation capabilities, can aid focus of efforts on areas of high-risk impacts to improve efficiency and respond to key threats.
“Equally,” Dr. Mesh Bolutiwi, director of cyber GRC at CyberCX UK adds, “the adoption and combined use of different advanced threat detection methods and algorithms (e.g., signature, anomaly, behavioural) can help to bolster monitoring outcomes in an ever-evolving threat landscape environment.
“The integration of contextualised and up-to-date threat intelligence data from numerous threat information sources, as well as the tailoring and configuration of rulesets, IOCs, and so on, contributes to improved threat monitoring efficiency.
“While malicious AI is a threat to security, the same abilities which make it so also make it a huge opportunity to combat emerging threats. As always, the aim of the game is to develop and improve security technologies faster than malicious actors; and in the case of AI, this will no doubt involve leveraging AI itself to enhance defences.”
An community-focused approach
As well as keeping risks at front of mind, it pays to ensure the entire organisation workforce consider the behaviours of threat actors, and communicate openly to ensure everyone is on the same page.
“To catch a cybercriminal, you need to think like one. Similarly, in order to stand a chance against a well-coordinated community of attackers, you need your own well-coordinated community,” said Mandy Andress, chief information security officer at Elastic.
“Open security encourages collaboration, with information security experts pooling their collective brainpower and sharing code, detection rules and artefacts as they work together to protect IT systems. It’s a joint effort to improve security software for the benefit of the community as a whole rather than the shareholders of one specific software company.
“As the threat landscape continues to expand and hackers utilise new technological advancements to take their efforts to the next level, the transparency offered by open security will be imperative to keeping businesses safe.”
Consider a career in cybersecurity — Opportunities are rising for cybercrime. This is bad news for businesses, but good news for those who want a career in cyber security.
Make use of security frameworks
Frameworks such as MITRE ATT&CK and NIST, meanwhile, can be utilised in order to keep track of current and prominent cyber threats, and fix any flaws in the cybersecurity threat monitoring strategy.
Matt Aldridge, principal solutions consultant at Opentext Cybersecurity, explains: “The ATT&CK framework is capable of giving a really great, almost scientific approach to understanding all the different ways that attackers can get into the network, and the techniques and tools they’re going to use to do it.
“This allows the organisation to then map their vulnerabilities against those different techniques. What that then lets you do is focus on where your key weaknesses and gaps are, that you need to address and improve on, and then make sure you’re bringing in technology, people or processes to mitigate those. It gives you a much more focused approach.”
Zero trust
Finally, a zero trust approach, if implemented and maintained properly, will ensure that no unauthorised party enters the network, which will help minimise threats.
“Imagine a defence mechanism that not only learns from regular user behaviour, but also quickly identifies when something is amiss – behavioural anomaly detection,” said Aron Brand, CTO of CTERA.
“By integrating AI into our defence arsenal, we can swiftly pinpoint activities that, while appearing human, betray subtle signs of machine origin. Whether it’s a machine accessing vast datasets at super-human speeds or exhibiting abnormal and suspicious data access patterns indicative of data theft, next-generation anomaly-based detection systems can discern, flag, and respond.
“Yet, this alone won’t suffice. In an era where trust is both a commodity and a vulnerability, businesses need to also adopt the Zero Trust Framework. Gone are the days when we solely relied on impenetrable fortresses and perimeter defences. Today’s mantra is simple yet profound: ‘Never trust, always verify’.
“Every user, every device, irrespective of where they are or which network they access, undergoes continuous scrutiny. This ensures that even if an AI adversary breaches the initial defences, its every move within the system is watched, restricted, and potentially blocked.”
Related:
16 cybersecurity predictions for 2024 — Check Point Research has revealed its top predictions for cybersecurity in 2024, covering topics including AI developments, ransomware and cyber insurance.
