A recent survey showed nearly half of IT executives don’t change their security strategy, even after a cyberattack. But organisations shouldn’t feel helpless, says Marc Wilczek, COO of Link11.com, as he calls for more to adopt a proactive, preventative approach to cybersecurity.
Insanity is doing the same thing repeatedly and expecting different results, as the saying goes. For example, if your house was burgled, you’d probably fit stronger locks on your doors and windows or upgrade your alarm system to help cut the chances of another burglary. But it seems that this logic is not being followed when it comes to enterprise security. In CyberArk’s recent Global Advanced Threat Landscape Report 2018, 46% of 1,300 IT executives in seven countries said they rarely change their security strategy – even after a cyberattack on their organisation.
The survey findings suggest that a troubling degree of security inertia lurks within many organisations and effectively renders them unable to prevent or contain cyberthreats. This complacency puts sensitive corporate data, IT infrastructure and assets at risk. In fact, a further 46% of respondents said their organisation can’t stop hackers from infiltrating internal networks each time they try. A total of 36% said their company’s administrative credentials are stored on personal computers in Word or Excel documents. And 50% of respondents admit that their customers’ privacy or PII could be at risk because their data is not secured beyond the legal minimums.
Flexibility first, security second
Whether organisations use cloud computing, offer online services to customers, build large-scale data silos or connect thousands of IoT devices, going digital inevitably means facing a whole range of new cyberthreats. But in many cases, safeguarding those services is often a secondary consideration, with the priority being getting the service up and running. Security is often added as an afterthought, potentially leaving gaps and vulnerabilities that could be exploited.
And in today’s threat landscape, that’s no longer good enough. The current generation of attacks are sophisticated, multi-vector and extremely fast moving, which means that organisations’ networks are breached well before they are even aware of it. The IBM/Ponemon 2017 Cost of a Data Breach Study stated that US companies took 55 days on average to contain a data breach.
Further, modern threats rarely occur in isolation. For example, criminals will often launch a DDoS attack against one part of an organisation to divert attention from a hacking attempt or malware exploit against another part of the network. In the first three months of 2018 alone, Link11’s Security Operation Centre discovered 14,736 DDoS attacks launched in Europe – an average of 160 attacks per day and an increase of 10% on the previous quarter.
Yet despite the increasing frequency of attacks, major organisations are still being heavily impacted by them. In early 2018, online services from several banks and financial and government services in the Netherlands were brought to a standstill by a series of DDoS attacks. Customers were left without access to their bank accounts for days, causing losses and reputational damage.
Act, don’t react
So how can organisations stop doing the same security actions repeatedly, which always lead to the same outcomes of breaches, outages and disruption? Put simply, companies need to move from reactive security to a proactive, preventative approach.
As enterprise IT landscapes are getting more complicated, and network perimeters expand, security protections need to extend beyond that perimeter into the cloud. What’s needed is to deploy a cloud-native solution that can use AI to filter, analyse and block malicious web traffic if necessary, before it can even reach a company’s networks.
This is done by routing the company’s Internet traffic via an external, cloud-based protection service. The service scrutinises incoming traffic at a granular level in real time, with the various traffic types being digitally ‘fingerprinted’ so they can be identified by unique properties, such browser data, user behaviour and its origin.
The solution builds up an index of both normal and abnormal traffic fingerprints. When known attack patterns are detected in a traffic flow, the attack is blocked immediately and automatically in the cloud – so that only clean, legitimate traffic reaches the organisation. However, normal traffic is still allowed, enabling business to continue unaffected, without users being aware of the filtering process.
The solution’s self-learning AI algorithms also help to automatically identify and block attacks for which there is no fingerprint within a matter of seconds, to minimise impact on the organisation’s website or web services, without need. This can all be done automatically, without the need for IT or security teams to intervene. It not only eliminates human error in identifying threats and attacks but also frees up IT and security teams, enabling them to focus on more strategic work – or threat hunting – without being distracted by DDoS attempts.
Driving agility with security
Security is often misperceived as a cost factor or a brake on agility, rather than a differentiating factor or competitive advantage. This is largely because of the time, effort and cost involved in the traditional approach of constantly having to react to new threats, and firefighting.
In contrast, by taking a preventative approach and blocking cyberattacks before they impact networks, organisations can release the security brake, be more innovative and deploy new services faster.
By not repeating the same old approaches and doing security differently, it really is possible to get a different result that drives real business benefits.