In an increasingly data-driven world, businesses are constantly striving to gather operational and customer data and to distil it into valuable business insights. What is often overlooked is the value of cyber security data analytics in helping to manage the cyber threat. This insight comes potentially from the security tools deployed to monitor various aspects of the infrastructure, and also from those deployed to monitor Network Operations.
Every day we see media coverage on the latest major cyber security breaches. At the same time, the threat landscape increases exponentially as new technologies such as the Internet of Things, big data and cloud computing expand the attack surface.
There has also been a step change in the threat environment from such things as state sponsored cyber activity, the leaking of ‘industrial strength’ state developed hacking tools into the wild (in particular the US National Security Agency tools such as ‘Eternal Blue’ and ‘Eternal Romance’, available on the web and used to facilitate the globally impacting WannaCry, NotPetya and Bad Rabbit cyber attacks). Added to the sheer volume of stolen credentials available on the web and dark web, coupled with a tendency for people to use the same usernames and passwords across multiple on-line applications, these provide the imperative for next generation cyber security.
Ours is a digital economy, so raising awareness of the cyber threat is not about scaremongering, it is about learning to embrace the evolving challenge and using cyber security techniques both to protect and enhance business. Proactive management of the cyber risk at Board level is crucial, yet many firms remain on the back foot, treating cyber security as an IT issue rather than the strategic risk management challenge it really is.
Trust is a key element in an organisation’s relationship with its customers, something that is challenging to reinstate if compromised as a result of a serious data breach. Reputational damage can result in a disincentive for customers to continue to use the service, and in commercial organisations can affect the share price. Properly addressing the cyber risk should be viewed as a potential competitive advantage enhancing customer experience rather than just an additional overhead cost.
Business leaders, shareholders, employees, politicians and citizens – we all look to organisations to act in our best interests to safeguard our personal data. Indeed, the European Union General Data Protection Regulations (GDPR) will be enacted in May 2018, placing an additional legislative duty on organisations to respect and protect the information they hold. The potential fines for failure to adequately protect customer personal data are enormous, and the timescales for reporting an incident are equally tight.
While the majority of organisations can’t afford detailed threat analysis or the latest behavioural analysis tools, all businesses can apply some level of both auto-remediation and specialist human experience to help combat the cyber threat. It’s about finding an improved balance, leveraging both automation and human insight. Technology can block well known threats based on activity that has been experienced before, while new threats are flagged for human intervention.
Where it gets tricky is that not only are we seeing the volume, complexity and pervasiveness of cyber-attacks growing, but there is also a huge workforce shortfall in cyber security skills. We know from recent research that by 2020, over 1.8 million cyber security jobs will not be filled due to this skills shortage. More so, as businesses invest in novel cyber security technologies in a bid to stay secure, they often find they have to deal with bleeding-edge technology or products that become obsolete too quickly. So with limited human and financial resources, how can businesses fulfil that essential human intervention and avoid the risk of technology obsolescence?
This is where Prescriptive Security comes in - security that turns human experience and analytic power into machine intelligence to play a key role in counteracting cyber-attacks - indicating a clear shift from conventional reactive and predictive security approaches. Prescriptive Security is about preventing cyber breaches from happening in the first place, by leveraging big data and supercomputing capabilities. It increases the detection surface, enhances the velocity of the response and decreases reaction time.
Using enhanced threat intelligence, advanced analytics, big data, artificial intelligence and machine learning to address issues autonomously or to act as a decision support tool, a Prescriptive approach highlights the issue for human decision in real time. It optimises the time spent by cyber security professionals who will be able to use their time more productively, hunting for threats and, by automating responses to common cyber-attacks be able to focus on the more complex and persistent ones. Essentially, it means organisations need no longer focus on finding a needle in the haystack, but use the haystack to find the needle. In addition to being a more effective approach to cyber security, it also affords analysts a more satisfying role in threat management.
All of this highlights the importance of adopting a partnership approach to threat intelligence. Using their own limited resources in addition to a Prescriptive Security Operations Centre provided by a Managed Security Service Provider, organisations can improve detection and response times while optimising cyber security resources. When making evidence-based decisions to reduce their overall risk, businesses must buy services that deliver outcomes, rather than individual products. This approach means businesses avoid vendor lock-in, thereby outsourcing to the service provider any risk of technology obsolescence.
Prescriptive Security Operations Centres (PSOCs) will be the next generation cyber security infrastructure that our digital economy needs to allow organisations to effectively protect their assets - from valuable business data to customer personal data.
The reality is businesses must commit ongoing investment to cyber resilience as a cost of doing business – and in fact as a commercial advantage. Failure to do so will result in organisations missing out on external investment or indeed no longer being deemed economically viable. The answer lies in technologies knitted together in end-to-end solutions which enable organisations to realise their digital transformation ambitions.
Sandy Forrest, Client Executive, Atos UK and Ireland
Image Credit: B-lay