Cyber Defence: How to Build Continuous Protection
Flexing your cyber defence muscles for continuous cybersecurity
Cyber attacks have unfortunately become part of everyday life for organisations the world over. Research that captures the extent of these cyber threats shows that attacks are increasing in volume and becoming more complex. Cybercriminals are resourceful and intelligent. They change tactics and techniques continuously, to evade detection and improve success rates. This leaves organisations, particularly Small to Medium Enterprises (SMEs) in a vulnerable position, along with their cyber defences.
Businesses must flex their cyber defence muscles to take on this torrent of cyber attacks. But exactly how do organisations, from the largest enterprise to the smallest firm, build continuous cyber defence fitness to stop these insidious threats?
The changing ‘cyber threatscape’ in Cyber Defence
Cyber attacks are carried out by experts in their field. Cybercriminals understand how to manipulate human behaviour as well as how to exploit vulnerabilities in IT systems. Technology, and the way that humans interact with it, aka emails, apps, devices, etc., are continuously updated and processes adjusted. Often, hackers find gaps in our cyber defenses before an organisation even knows that they are there. The result of this is a threat landscape that is in continuous motion, creating a war of attrition between the cybercriminal and the organisation.
The manifestation of this war is a series of battles, fought using a variety of weapons that are optimised to prevent detection and mitigation. Threats are always changing, becoming sophisticated to evade detection and increase success rates.
These include ransomware with:
- 61% of companies in 2020 becoming victims of ransomware and 34% of these losing their data forever (even if they paid the ransom); phishing emails, the main cause of login credential theft with 20% of employees clicking on phishing email links, 68% of which, have login credentials stolen;
- Business Email Compromise (BEC), the Association for Financial Professionals found that 62% of companies have experienced attempted or actual payment fraud initiated by a BEC attack;
- Data breaches are being caused by an increasing “diversity of methods.”
It is the continuous nature of change that makes cyber threats so difficult for an enterprise to detect and prevent. This is compounded by five issues that are making it difficult for all enterprises, but especially smaller ones, to flex their defense muscles.
Five issues in cyber that are making cyber defence muscles weak
The strong arm of the cybercriminal is being helped by key weaknesses in the following areas:
- A 2021 ESG survey into skills shortages and gaps has found that 57% of companies see the skills shortage as a “perpetual problem with no end in sight”.
- Skills churn and loss of cyber ‘muscle memory’ is also a serious problem impacting the ability of an organisation to deal with the changing threat landscape.
- There is pressure on IT teams to perform skilled security tasks as well as perform core IT operations.
- More sophisticated and complex attack tactics, for example, the use of as-a-Service malware and phishing, along with social engineering attacks, and spear phishing are making the job of securing an enterprise a challenge.
- Cybersecurity tool sprawl exacerbates the issue of a skills gap. A TrendMicro survey found that companies use, on average, 29 security monitoring solutions. The result increased noise, employee stress, and unhappy security employees who are drowning in false positive alerts.
How to meet the challenge of the changing threat landscape?
Dexterous cybercriminals are carrying out complex activities that require a company to have its ‘cyber muscles’ ready and flexed. The compounding issues of lack of skills and managing too many security tools, means that an enterprise needs to be pragmatic to take on this challenge. By understanding the situation and where to focus its strengths, a company can prevent a cyber attack:
Use the right tools for cyber defence
Cybercriminals are adept at exploiting humans and technology. Often, evidence of cybercriminal activity is subtle and hard to detect by more traditional security solutions. For example, cybercriminals may use stolen login credentials to log in to a network as a seemingly legitimate user. Once in, they can then use a variety of legitimate software tools to increase the privileges they have on the network, finally becoming an admin user with access to sensitive areas and data. Because they have logged in as a recognised user using real credentials, it is hard to spot their exploits. Specialist network monitoring tools, that are based on machine learning, can spot subtle but unusual activity that would otherwise be missed. These tools can be used directly by inhouse staff who have the right training or by outsourcing your network security requirements to a Network Operation Center (NOC) and Security Operation Center (SOC). A NOC/SOC centralises the management of your network and security. This model provides an organisation with always-on security monitoring by experienced and skilled staff.
Micro-services and Cyber Defence
Cybercriminals exploit vulnerabilities. Microservices are used to replace monolith architecture with fast deployment microservices. This swift and easy deployment means that as security vulnerabilities are identified, apps can be quickly updated. Also, an API Gateway creates a more secure environment for data access. The use of microservices is often part of the remit of an outsourcing partner who specialises in deployments based on this architecture.
Visibility across cloud, apps, and devices
The modern enterprise uses a mix of cloud, mobile, IoT devices, and peripherals such as cloud printers. But this disparate environment means that it can be difficult to have visibility of assets and data. Visibility is vital to ensure the correct and robust cybersecurity measures are applied. Specialist tools should be used to provide observability across workloads and throughout the lifecycle of a workload. These tools monitor the entire IT real-estate of an organisation and can typically be supplied via a third party with specialist knowledge on how to use and interpret visibility solutions. One of the important areas that visibility opens to an enterprise is understanding the hierarchy of value in assets and data. This helps to create and deploy security policies that are relevant and appropriate. Again, help on cybersecurity policy application and enforcement can be sought form specialist partners.
Maintaining cyber fitness
Cybercriminals work to improve techniques and tactics, and in doing so, make the task of maintaining a positive cybersecurity posture, a challenge. The tools of cybersecurity are an important part of a wider approach that must include maintenance and ongoing shared responsibility across the entire organisation, with help from third party specialists. But tools alone cannot guarantee effective threat protection:
- Organisations need to imbue a sense of security throughout their organisation: by creating a ‘Culture of Security’
- Employees require training on cybersecurity issues: using Security Awareness Training, to help develop a Culture of Security
- Understand the specific security needs of the organisation: through the visibility of assets, data, workloads, and lifecycles
- Create security policies: that are based on data protection regulations and industry compliance that map to security needs
- Enforcement of security policies: by using cybersecurity tools and third party SOC/NOC services
- Continuous cybersecurity posture testing: continuous improvement of security based on changing threats, technology, operations, business goals.
Data breaches, ransomware, and other cyber attacks affect us all. We must work together to maintain a level of cyber fitness to counter cybercriminals, even when they up their game and create even more complicated attacks.
How shared responsibility lets a business flex its cyber muscles
Cybersecurity challenges are creating headaches for enterprises of all sizes. An increasingly complex cyber threat landscape, a lack of skills, loss of capability, cost of specialist tools, and tool management, is creating a perfect storm. The way through this challenge is to share the responsibility of security with the right partners. Outsourcing to specialists who have the right inhouse capabilities creates a fair and equitable model that is cost effective and flexible enough to withstand change. By using the right partner, such as NOC and SOC services, you can circumvent the issues that cybercriminals take advantage of, e.g., lack of cybersecurity skills and the noise of too many, inappropriate, and outdated, security tools.
Find out more on how you can protect your business:
+353 818 900 000