In 2016, we have seen the largest cyber bank theft in history, hacking of emails in the U.S. presidential election and a massive denial-of-service attack linked to the Internet of Things.
Attackers – ranging from nation-states to organized criminal gangs – have moved well beyond crude, scattergun approaches to defeat weak security. Today they are skilled, determined and focused – and quite possibly already inside an organization’s network, either because they’ve breached it or because they are an employee or partner with access. They are varied in motivation, capability and tactics.
BAE Systems recently conducted a survey that reveals the majority of information technology professionals (97 percent) believe business security and defense is a priority for their organizations. Yet more than half (54 percent) admit they assess cyber threats just once a week or less. The recent survey of 200 IT professionals at U.S. organizations also revealed:
- 87 percent believe their organization’s leadership understands the serious impact of a cyber attack;
- Compromising sensitive company financial data (63 percent) and compromising customer information (58 percent) are top concerns when it comes to cyber attacks;
- 50 percent are concerned about the hijacking of credentials to compromise customers or suppliers;
- 33 percent worry that too many employees are not aware of the cyber risks involved in using social media and digital channels.
As cyber attacks can occur at any time and often go undetected for weeks or months, it is critical that organizations employ round-the-clock threat assessment with a human in the loop to focus on genuine threats and fortify business defenses. Determined, capable cyber criminals use research, advanced capabilities and repeated attacks to penetrate any organization they deem vulnerable.
But many companies simply don’t have the resources to respond. They’re trying to keep pace with business and technological change, using tools and services delivered over the internet, as well as those held in-house. They cannot afford to hire the right people, take the right training or buy the right technology every single time. That means they can’t defend their networks, their data or their people and customers. Many organizations are overwhelmed by the sheer pace of attacks and lack the knowledge or the technology needed to mount an effective defense against increasingly sophisticated opponents.
Going to the experts for a managed or outsourced service is a fact of business life, and the same applies when it comes to securing one’s data, security devices and networks. It’s a sensible, logical business and technology decision that allows organizations to focus on their core business objectives.
The MSS provider market is large, with at least 300 companies offering services in the U.S. alone. Some simply offer packaged approaches: one size fits all. Many traditional managed service providers focus the majority of their efforts on “known attacks” and miss the more targeted, hidden threats. These more sophisticated methods are increasing with modern, dedicated attackers. They will create custom malware to evade detection, hide in a network for months or years and leave little or no evidence of their intrusion. Skilled, professional attackers will persist, and if they don’t break in the first time, they’ll be back – with more powerful and capable tools.
This calls for defenders to take a proactive approach: one that goes looking for threats, rather than waiting to stumble over them later in the attack process. When assessing MSS offerings, organizations should consider:
- Does the provider go hunting for malicious patterns in the everyday data your organization creates?
- Does it use sophisticated analytics to ask the right questions – and hunt for breaches, past and present?
- Does it use the latest generation of big data technologies – artificial intelligence and machine learning – to find patterns that might otherwise never be seen?
- Does it share information, pattern data, lab research and national security resources to uncover new malicious tactics, techniques and procedures?
- Does it minimize the noisy alerting from security equipment and the daily fire drills investigating what turn out to be false positives?
In today’s world, a traditional approach to cybersecurity is not enough to prevent attacks. Crime occurs where there are opportunities, and the same is true for cyber crime. By outsourcing cybersecurity to threat-hunting experts, businesses can now receive real-time, continuous monitoring and threat assessment.