If there’s anything the organisations have learned from the last 12 months, it’s that they are done with fear, uncertainty and doubt when it comes to cyber security. The board doesn’t want to hear about it and neither do employees.
The CISO’s job in the months to come is going to be a tough one. Cyber attacks will continue to increase in scale, but there is a greater acceptance of the fact that attacks will happen. This is leading to an increasing level of fatigue with fear as a driver and a thirst for active detection and response.
This is impacting a vast range of industries – from domestic attacks on government agencies to efforts to disrupt critical infrastructure – that includes the national grid and nuclear power plants. These attacks originate from the ‘internet of insecure things’, because these industries use devices that are vulnerable and ripe for attack.
It has become a sickness. The industry needs a cure but it’s not going to come in the form of prevention.
Take ransomware, for example. Businesses have only just begun to see the escalation of this form of attack and its evolving into a devious, manipulative beast. One that has recently taken on a new twist with the adversary allowing one infected individual to receive unlock codes when they knowingly help infect another target (Popcorn ransomware).
These types of attack vectors show the increasing innovation and sophistication that we can expect to see a lot more of.
Human behaviour dictates that only a few people will put up a fight against these types of attacks. The social democratisation of ransomware has proven its effectiveness and has become an even greater threat.
The response to this can only be an increased focus on security training and awareness, heightened vigilance and, of course excellent backup and recovery capabilities too.
In the wake of realising that security needs to become “behavioural”, the CISO must move the organisation towards a more adaptive and agile security model.
The firewall has proven to be ineffective as a barrier and identity is now the new perimeter. The basic principles of identity and access management, lifecycle controls and good identity governance have become a requirement for every organisation – large and small.
There is a growing trend towards enhancing all security with identity analytics drawn from those basic principles of identity management and governance.
Good analytics and solid user awareness is not possible without an underlying foundation of IAM governance. Organisations can benefit greatly from understanding and gaining insight into human behaviour relative to access but this is only possible when built on a solid understanding of the “desired state”.
If user behaviour analytics is not to go the way of DLP – much spend, big deploy – little true value, it has to be built upon and integrated with solid identity and access governance principle.
Done right, understanding and predicting access behaviour will grow into an essential and productive additional security decoction layer for the advanced attacks we are now starting to see.
While business leaders are continuing to learn how to combat these new threats, when it comes to the technology, there needs to be more agile and responsive security infrastructure.
The industry for too long has been thinking about “prevention” and its been a tough shift to turn the focus towards detection and response.
This is understandable, as prevention is static and has no timeline, whereas detection and reaction is very active, and is judged purely on its timeline.
Active detection and reaction needs to work in seconds and minutes, not days and months. Moving that timeline expectation is key and it’s the only way we’re going to turn things around.
For some, the frequency of data breaches can create a state of fatigue and acceptance. However, organisations must resist the temptation towards acceptance and inevitability.
All organisations should re-think how they approach IAM and to take a governance-based approach with strong identity and access controls at the centre of their cyber security strategy.
This means layering in a solid base of process and technology that can ensure that the right people get the right access at the right time.
Ultimately, it’s clear that there continues to be many things on the collective CISO’s mind in the year ahead; however, 2017 also holds much promise.
As more organisations start to shift into detection and response mode, and better yet – as more understand how vitally important to the ‘cure’ that identity can have on their IT security programs – the more confident they’ll become in getting ahead of the continued wave of threats they face.
Sourced by Darran Rolls, CTO, SailPoint