Interviews

Cyber-security solution

by Mark Rowe

Mark Weir, Director of Cybersecurity, Cisco UK and Ireland, looks at why increasing investment in advancing technology could combat cyber-threats

What if security teams could see into the future? If they knew an attack was coming, they could stop it, or at least mitigate its impact and help ensure that what they need to protect most remains secure. The fact is, while attackers are becoming smarter than ever, defenders can’t see what’s on the horizon. There are many clues out there — and obvious ones too. In 2018, one of the biggest risks associated with a security breach will centre on the financial consequences; attacks cause real economic and reputational damage to organisations, damage that can take months or years to resolve, which is why they need to implement the right security tools to overcome threats today.

One of the key questions for all organisations today is whether they are prepared for a cyber security attack? Not to mention, how quickly they can recover from being targeted, as it is more commonly a case of not if, but when. Artificial intelligence (AI), machine learning and automation will form part of the answer for security teams who are under-resourced, but there is no one silver bullet.

Evolution of malware

In 2017, the evolution of malware was one of the most significant developments in the attack landscape, with attackers constantly evolving tactics to keep malware fresh and effective. Following thousands of businesses being targeted by the WannaCry attack, there is a strong case for ramping up security to ensure business continuity – as well as building customer confidence. In fact, WannaCry could have been prevented, or its impact muted, if more organisations had applied basic security best practices such as patching vulnerabilities, establishing appropriate processes and policies for incident response, and employing network segmentation.

But in reality, budgets and skills shortages often prevent this. Before the rise of self-propagating ransomware, malware was distributed in three ways: drive-by download, email, or physical media such as malicious USB memory devices. All methods required human interaction to infect a device or system with ransomware. With new vectors being employed by attackers, an active and unpatched workstation is all that is needed to launch a network-based ransomware campaign. Attackers are making their malware even more potent by combining it with “worm-like” functionality to cause widespread damage; self-propagating malware is highly dangerous and has the potential to take down the Internet.

Hidden in encryption

The rapid rise in encrypted traffic is also changing the cyber-threat landscape. As more businesses become digital, a significant number of services and applications are using encryption as the primary method of securing information. On the whole, encryption technology has enabled much greater privacy and security for organisations to communicate and transact business online. Mobile, cloud and web applications rely on well-implemented encryption mechanisms, using keys and certificates to ensure security and trust.

However, it’s near on impossible today to detect malicious content in encrypted traffic without breaking encryption. Organisations lack the security tools and resources to implement a solution that can be deployed throughout their network infrastructure without slowing it down. Traditional threat inspection with bulk decryption, analysis and re-encryption is not always practical or feasible, for performance and resource reasons.

However, the arrival of advanced analytic techniques can be used to identify malicious flows for further inspection using decryption techniques. Behavior analytics tools are also considered useful when locating malicious actors in networks; according to Cisco’s 2018 Annual Cybersecurity Report, 92 percent of security professionals said these tools work very to extremely well, highlighting the increased reliance on AI to help defend against threats.

On any given day, no one knows how much of their digital business is in the clear versus compromised when it’s encrypted. If traffic is encrypted, it is typically done to meet compliance requirements that mandate specific security policies. Security teams need to deploy effective tools to prevent, or detect, the use of encryption for concealing malicious activity. Machine learning has the ability to detect these threats – whether they’re previously seen, or unseen variations of known threats – the technology can learn to identify unusual patterns in large volumes of encrypted web traffic and automatically alert security teams to the need for further investigation.

Necessity versus luxury

In the modern threat landscape, adversaries are adept at evading detection, making it a necessity – not a luxury – for organisations to keep on top of their security. With more effective tools, and more advanced and clever tactics, such as the abuse of legitimate Internet services, attackers can cover up their activity and undermine traditional security technologies.

Even threats known to the security community can take a long time to identify – one reason defenders struggle to rise above the chaos of war with attackers, and truly understand what’s happening in the threat landscape, is the sheer volume of potentially malicious traffic they face. To keep pace, organisations will need to incorporate more technologically advanced tools, including automation, machine learning and AI to complement threat prevention, detection, and remediation.

Looking to the future, AI will be an effective mitigation strategy. After all, when organisations can’t orchestrate and understand the alerts they receive, legitimate threats can slip through the cracks.

Cisco’s Annual Cybersecurity report can be viewed here.

Related News

  • Interviews

    Cyber threat reality

    by Mark Rowe

    Jonathan Wood, pictured, CEO of cyber risk management firm C2, covers four common mistakes that organisations need to overcome. In a recent…

  • Interviews

    Fraud consultation

    by Mark Rowe

    The Insurance Fraud Bureau (IFB) has launched an industry-wide consultation on its strategic direction. The consultation calls on the insurance industry to…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing