By Justin Jett, Director of Audit and Compliance for Plixer
New technologies are continually implemented, processes put into place, and team members added in. Moreover, while the advice and preventative actions are well-meaning, not to mention essential in buffering the blow of an attack, the current landscape has quickly proved that cyberattacks are now inevitable. Analysts at the Gartner Security and Risk Management Summit contend that any amount of defensive effort by companies will not be enough to thwart all cyberattacks. Instead, Gartner analysts say the best companies can do is limit their cyber exposure.
A Fast Growing and Costly Crime
Through record-breaking data breaches over the last few years, a single cyberattack can gravely impact a company’s bottom line, along with its reputation. In 2015, Cyber Ventures’ cybercrime report predicted that cybercrime damages would cost the world a whopping $3 trillion annually by 2021–but in the same report for 2017, that number shot up to $6 trillion. The current report also points out that cyberattacks are the fastest growing crime in the US and they are increasing in size, sophistication, and cost. Several factors are driving this, but a big one is the relatively quick and easy payoff for hackers.
New Tech, New Threats
Whether driven by financial gain or political motivation, hackers will almost always find a way to manipulate their targets. With this in mind, as Gartner analysts confirm, it is no longer a matter of if a company will be hit, but when. Simply put, the success rates of these attacks are high. With a constantly evolving landscape and technology that changes faster than security teams can keep up, hackers can shape and mold their techniques to fit the latest iterations. Consider, for one, the 111 billion lines of new software code currently being produced each year. This alone exponentially increases the number of vulnerabilities that hackers can target and exploit. Every new line of code creates a crack in the wall; enough cracks and eventually the wall comes down. Add to that the dangerously crippling shortage of cybersecurity professionals and the result is a surefire recipe for a multitude of threats and full-blown attacks.
Limiting Cyber Exposure
While it is important to have best practices in place and ensure that teams are diligent about things like patching, security measures should not end with the biggest or the easiest issues. Companies must implement the latest technologies to monitor and respond to possible threats continuously. Network traffic analysis should be integrated with vulnerability assessment tools to scrutinize every conversation; looking for credential misuse, lateral movement, as well as protocol and application anomalies. Organizations should also catalog each point in the network that interconnects (regardless of perceived virtual segmentation), and they should monitor all traffic to and from those intersection points to ensure there have been no compromises. Improving detection times allows tiger teams to remediate the attack and return systems to normal faster.
A thoughtful and adaptable response plan is another key to keeping all systems and teams running smoothly in the wake of an attack. Organizations should ensure that all team members have undergone security awareness training and that everyone understands their respective roles concerning the response plan. Investing in better tools, bigger teams, and time spent training may not eliminate a cyberattack, but companies can certainly soften the blow by planning in advance. Above all, keep in mind that prevention, while a positive goal, is not likely in the current IT landscape. Instead, businesses should shift their focus to risk mitigation by limiting cyber exposure with the actions mentioned above.
About the Author:
Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.