by Samuel Greengard, business & technology reporter, Baseline, Oct. 24, 2017
Increasingly sophisticated and dangerous cyber-threats require more innovative security approaches, including advanced automation tools, AI and blockchain.
The complexities of today’s cyber-security environment aren’t lost on anyone. It’s increasingly difficult to spot threats, detect intrusions, and thwart hackers and cyber-thieves.
“A cruise through the latest headlines about breaches is sobering,” says Lisa O’Connor, managing director and leader of Accenture Cybersecurity Research. “The sophistication level and the amount of data that folks are going after is frightening. Many of these events are concerted efforts to steal data, undermine organizations, and monetize information and intellectual capital.”
To be sure, it’s a critical time for businesses, government, educational institutions and others. Despite years of ratcheting up security and plugging holes, cyber-crooks continue to break into systems and steal data. A list of recent breaches includes prominent companies such as Equifax, Hyatt, Deloitte, Whole Foods and Pizza Hut.
Ponemon Institute reports that the average cost of a data breach now stands at $3.62 million. In 2017, the average number of lost or stolen records resulting from data breaches rose by 1.8 percent over the previous year. The mean time to identify and contain a breach now stands at 191 days.
Studies show that about 80 percent of organizations are affected by cyber-attacks. The takeaway? Cyber-security isn’t only the job of a chief security officer (CSO) or chief information security officer (CISO). It’s something that must span all corners of the enterprise—and beyond its walls.
While it’s important to focus on fundamental security tools and solutions—as well as practices and processes that protect digital assets—it’s also vital to tap next-generation technologies, such as blockchain, artificial intelligence (AI), automation and security-as-a-service solutions.
Automating Activities and Tasks
How can an organization adopt a more advanced and innovative approach to cyber-security? How can security teams mitigate threats in a world where there are no borders for data and connectivity? Basic firewalls, malware protection, intrusion detection and packet filtering are no longer adequate.
“You have to look for ways to automate activities and tasks,” explains Paul Hill, a senior consultant at SystemExperts, an independent security consulting firm. “You can’t shut down a set of IP addresses every time an attack occurs without interfering with the business or completely shutting it down. You can’t depend on whitelisting and blacklisting when the same attacks stream in from different machines and IP addresses.”
Various automation tools, solutions and technologies—along with well-conceived processes—can help security teams move beyond a reactive mode. Organizations are suddenly able to collect and correlate data rapidly, and from a wide variety of sources, while maintaining confidentiality of data, Hills explains.
These automation systems can rapidly identify the source of an attack and can aid in deploying critical patches, updates and other remediation tactics faster than attacks can spread. Likewise, they detect infections or intrusions faster than attackers can exfiltrate data.
AI is a crucial piece of the automation puzzle, Hill adds. Emerging deep learning and machine learning tools can spot abnormal or suspicious behavior in log information and network flow data. This typically includes firewall logs, load balancer logs, operating system logs, application logs, and other data that often wind up in a traditional System for Cross-domain Identity Management (SCIM) system.
In addition, Accenture’s O’Conner advises keeping an eye on an emerging area of machine learning that revolves around data classifications. “Many organizations have no idea what value their structured and unstructured data have, and yet they have to apply the right security to the data.” Other emerging areas for AI include penetration testing and spotting social engineering attacks.
The quest for more innovative and holistic cyber-security is also leading organizations to blockchain technology. A growing number of enterprises are using the technology internally, O’Conner points out. The next step is expanding blockchain to business partnerships and across supply chains.
SystemExperts’ Hills says that the technology is particularly valuable for managing distributed ledgers, tracking goods in transit and collaborative editing. In addition, vendors are introducing products that use blockchain to secure sensitive records, replace PKI with keyless signature infrastructure, and use KSI to reduce reliance on passwords. Organizations are also turning to blockchain to develop secure, decentralized messaging systems.
Balancing Technology and Processes
A growing number of organizations are also turning to security-as-a-service (SECaaS) solutions. This can further aid in the quest for greater automation.
One of the problems with a conventional security framework, Accenture’s O’Connor says, is that organizations too often approach tasks in an uncoordinated and haphazard way. An ad hoc method may lead to gaps, glitches and breakdowns.
The fallout, according to SystemExperts’ Hill, is inconsistent patching, firmware updates, and the use of tools ranging from encryption to multifactor authentication. In addition, organizations are more susceptible to staff misusing administrator accounts.
A managed services approach typically addresses these issues and helps enforce a unified policy for multiple locations and across physical and cloud infrastructures. It can also help organizations scale security solutions faster, while also reducing overall complexity.
In the end, Accenture’s O’Connor advises, business, IT and security leaders must better balance processes and technology. There’s a greater need to handle the basics, including investing in security and building seamless protections into the fabric of the organization.
That involves educating various groups and constituencies—including both developers and senior executives—to spot and address potential problems and implement best practices. It’s also essential to understand how emerging tools and technologies—AI, blockchain, automation and managed services—can take cyber-security to a higher, more reliable level.
Of course, these tools aren’t a panacea, and no technology by itself will solve today’s cyber-security challenges. Moreover, as the internet of things (IoT) gains adoption and cyber-thieves use AI, cyber-security headaches and battles are likely to grow.
“Organizations must create continuous security that extends to partners and into a supply chain,” O’Connor emphasizes. “They must adopt a data-centric and multi-layered approach. Today, the keys to success are standardization and automation. It’s all about introducing a more orchestrated and holistic framework for security.”
To read the article in Baseline, click here.