New Angles on Cybersecurity
As increasingly sophisticated cybercriminals up the ante on enterprise IT teams, a new generation of strategies are needed to protect valuable assets.
Even as spending on information security technology is projected to increase to $124 billion in 2019, it seems as if cybercriminals are becoming more audacious — and more successful — at breaching cybersecurity defenses and compromising enterprises’ most valuable assets. From the Starwood Hotels breach of 500 million guests’ information to the theft of 30 million Facebook users’ personal data, attacks aren’t decreasing in direct proportion to rising investment in cybersecurity.
As CIOs and CISOs know, this means that current strategies to protect enterprises against the most advanced cybercriminals aren’t enough. While popular technologies such as firewalls and antivirus software are still essential components of any business’s defensive perimeter, they can’t safeguard today’s systems and networks on their own any longer.
Instead, it’s incumbent upon key decision makers and their IT teams to invest in emerging cybersecurity strategies. Whether that involves methods that search out and preempt attack vectors or those that require more rigorous authentication before allowing access to enterprise information, it’s increasingly apparent that more is needed — and that a purely defensive posture against digital threats is insufficient — if these mass breaches are going to be prevented.
While every enterprise’s cybersecurity strategy will vary depending on the scope of its unique needs, the size of its IT team, and the availability of necessary resources, CIOs and CISOs across the board should consider how new angles on cybersecurity might benefit their organizations. If you’re considering diversifying your approaches to information security, the following technologies and strategies have the potential to shore up your defenses, expand your offensive capabilities, and secure assets from malicious cybercriminals.
According to research from Demisto, organizations review an average of 12,000 security alerts every week. For overworked and underfunded IT departments, resolving each of these alerts — sussing out false positives, identifying the severity of real threats, and strategizing resolutions — can quickly become overwhelming, increasing the odds that something slips through the cracks.
“Hackers have been using artificial intelligence as a weapon for quite some time.”
To help plug this gap, CIOs and CISOs are increasingly turning to artificial intelligence (AI) tools. Because maintaining network security requires IT professionals to effectively manage millions of data points at an incredibly fast pace, leveraging AI cybersecurity platforms could help by applying a machine learning algorithm to internal logs and monitoring systems. Emerging AI tools can help to identify deviations from standard practices — deviations that time-pressed IT departments might miss.
For anyone worried that AI is going to replace human professionals, those anxieties are misplaced. In the future, the tactical deployment of cybersecurity AI platforms will function best when paired with human guidance.
For instance, AI may be able to identify security irregularities that IT staff might miss, but it takes a critical, human understanding of your cybersecurity apparatus to design resolutions and apply them in a way that makes sense for the enterprise.
The defensive posture of most enterprise cybersecurity strategies makes sense, but it can also leave networks and systems vulnerable. Typically, cybersecurity professionals set up a defensive perimeter around their network and systems, and hope it can successfully detect unauthorized entry before cybercriminals breach it or shortly after they do. To really defend against digital threats, however, it’s becoming apparent that cybersecurity professionals need to be just as proactive as their cybercriminal counterparts.
“Knowing what attackers desire enables a proactive defense with decoys to lure, detect and defend.”
While “honeypots” — passive, static imitation files, databases, or servers set up outside an enterprise network that trick hackers into thinking they’ve breaches valuable assets — are not a new concept in cybersecurity, emerging capabilities have breathed new life into them. In fact, with distributed deception platforms (DDPs), IT professionals can deploy fake assets within multiple layers of an enterprise’s IT infrastructure. This can include fake operating systems or even fake credentials on real end-user systems.
With deception technology, CIOs and CISOs have a rare opportunity in the event a fake asset successfully tricks a cybercriminal. They can decommission the asset and send the hacker packing, or they can also observe the hacker as they explore what they think to be a real breach. By pursuing the latter, it’s possible for enterprise security teams to learn more about how today’s cybercriminals behave — and factor those lessons into their broader cybersecurity protocol.
Active Adversary and Threat Hunting
By 2025, research indicates that there may be as many as 75 billion IoT-connected devices. This proliferation of user endpoints shows how networks are evolving, expanding, and complexifying beyond the capacity of existing cybersecurity strategies. Considered with the rise of BYOD policies that make enterprise networks even more porous, it becomes clear that sitting and waiting for cybercriminals to come knocking is no longer a viable option on its own.
As with interest in deception technology, a growing number of cybersecurity professionals are becoming interested in more aggressive postures against hackers. With active adversary and threat hunting technology, for instance, IT teams can identify actor vectors and neutralize them before they breach your network. By pitting engaged humans against committed hackers — rather than waiting for inert cybersecurity programs to generate a warning when a breach has occurred — enterprises stand a better chance of warding off more attacks.
“The only effective counter to a skilled, thinking, active attacker is an active, well-informed, thinking defender.”
The active adversary approach has already proven successful. A report commissioned by Crowd Research Partners shows that companies with dedicated threat hunting teams detect and deal with cybersecurity threats 2.5 times faster than those without one, with 64% saying that the program improves their detection of advanced threats and 63% saying that it reduces incident investigation time.
While CIOs and CISOs rightly consider ways to expand their offensive cybersecurity capabilities, it’s just as important that they invest in new ways to strengthen their defenses. One of the most promising emerging methods to do so is biometric authentication.
Where this technology was once prohibitively expensive and met with public skepticism, it’s now entered the mainstream through consumer-facing products like smartphones, tablets, and laptops. In fact, with younger generations brought up on this concept, IBM research shows that 75% of millennials are already comfortable using this technology to protect their information.
“Unique biometric patterns are extremely accurate, from the way we move our hand on a mobile device screen or with a mouse, it is virtually impossible to precisely imitate another person’s behavior.”
Currently, two primary methods divide biometric authentication: physical and behavioral. With physical biometrics, characteristics such as fingerprints, irises, faces, and veins can be mapped or scanned in multiple ways to gain access to a device linked with an enterprise network. With behavioral biometrics, this technology can authenticate users based on work and personal habits, such as scrolling patterns and typing speeds on computers or, for mobile devices with onboard accelerometers and gyroscopes, the user’s gait as they walk down the street.
With biometric authentication, CIOs and CISOs can secure individual devices and safeguard key information by better protecting points of entry to networks. While this technology is still being developed and improved, it shows how more rigorous user authentication can make things harder for determined cybercriminals.
Another promising defensive strategy emerging in cybersecurity circles is Zero Trust. Put simply, Zero Trust Security (ZTS) rests on the assumption that you can’t trust anyone, ever — regardless of who you think they are as they navigate your network. In this way, Zero Trust is less like a single, defined strategy and more like a practical philosophy for CIOs and CISOs as they decide who to authenticate, where, and when.
“Most organizations rely on old-school concepts and strategies that have not kept pace with the profound technology changes we’re witnessing.”
In the Zero Trust paradigm, cybersecurity teams set up inspection points throughout your IT infrastructure. When a user approaches one of these inspection points, cybersecurity technology verifies the source of traffic before granting permission to access resources that lay beyond. To do so, IT professionals will need to apply rigorous protocols to your network that can govern these interactions in such a way that you don’t disrupt workflows or cut into productivity.
By adhering to a Zero Trust mentality, setting up inspection points, and preparing this protocol, you’ll be making it easier for your cybersecurity team to do its job. Indeed, with detailed information on all network traffic and logs of inspection point authorizations, IT staff can more readily spot unauthorized access attempts and resolve them accordingly.
Secure By Design
While it’s vital that CIOs and CISOs integrate emerging technologies such as these into their networks, it’s also important to consider how we create networks in the first place. By building networks with the intention of adding cybersecurity tools at a later date, IT professionals lose out on an opportunity to make their enterprises inherently safer — from the moment the first line of code is written.
As cybersecurity professionals contend with mounting threats, a concept known as secure by design is becoming increasingly important. Like Zero Trust, secure by design is less of a single technology and more of a dictum. It effectively argues that, with new technology such as IoT making networks more complex and difficult to defend than ever before, the networks that they access need to be designed from the ground up with those vulnerabilities in mind.
Like deception technology and honeypots, the underlying logic here isn’t new. Instead, the insights gleaned from new technology — and the weaknesses they create for enterprises defending against cybercriminals — can inform DevOps teams as they take digital threats as a given and weave cybersecurity stopgaps into the fabric of the network itself.