Alan Platt, COO of data breach detection product company CyberHive says major companies must accept the inevitability of breaches, stop focusing on border security and protect themselves with rapid detection technology.
Surely it’s time we all recognised it’s no longer a question of if an enterprise suffers a hack, but when. Only this month it was revealed that 617 million records were up for sale on the dark web, having allegedly been stolen from Dubsmash, MyFitnessPal, MyHeritage, Animoto and other companies. Some of these breaches were previously unknown but they are in good company. They join list of more high-profile victims that includes the Marriott International hotel chain (500 million customer records compromised), Ticketmaster, Under Armour, British Airways, Dixons Carphone and T-Mobile.
All these companies must have invested substantially in advanced firewalls, sophisticated anti-virus technology (AV) and two-factor authentication. Yet still they were breached with predictable damage to their reputations. With virtually every type of business now dependent on technology, cyber criminals are increasingly targeting companies that would not normally be regarded as experts in the field.
Can anyone seriously believe conventional security alone will protect their company?
The new reality is that conventional defences are no longer adequate against the expertise of cyber criminals. Hacking groups, whether they are activists, arms-length agencies of unfriendly governments or gangs of criminals, are they devising new malware on a massive scale and constantly reshaping their methods of delivery. Conventional security such as AV and firewall technology will work against basic threats but is incapable of defending an organisation’s data from the bespoke attacks launched hourly by criminals. Security experts G Data calculate a new malware variant is created by hackers once every 4.2 seconds. This is too numerous to be assigned the “signatures” on which the anti-virus industry depends. Without the ability to recognise the signature, AV cannot block viruses at a company’s cyber perimeter. As soon as the AV industry identifies and blocks one type of attack, the hackers have moved on.
It is folly for companies to rely on their staff to protect them.
Another significant reason why perimeter security fails is that most cyber-attacks originate from human errors within an organisation. An employee may open a malware-laden phishing email that makes a document with a malicious link seem familiar and convincing. It is now relatively easy for criminals to infiltrate supply chains and replicate invoices and other routine business documents that dupe even the most senior executives. Infiltration takes a human form as well. Criminals can suborn employees in data centres to insert unauthorised software on servers that may go undetected for months, all the while siphoning off valuable information.
Breaching is inevitable
With breaching inevitable, being able to detect an incident as quickly as possible is essential. It’s no good having security staff stuck at the door of a nightclub if trouble has kicked off inside.
Ponemon, in their 2018 Cost of a Data Breach Study, point out that a breach detected within 100 days, costs on average $1 million less than one that takes longer to find and remediate. The average cost of breaches also went up by more than six per cent over the year to $3.86 million. Given that the EU GDPR legislation is now in place, the potential cost of hacks and data breaches is huge, quite apart from the longer-term reputational damage. Ponemon also found it took an average of 197 days to identify a data breach and 69 days to contain it, which is a very long time for malicious software to be working inside a major organisation’s systems. In the Marriott breach, the hackers gained illegal entry to the chain’s Starwood reservation system in 2014.
Detect breaches in seconds, not days and months
It is now possible to detect breaches within seconds, however, if board-level decision-makers and their security professionals change their approach. A combination of hardware-based cryptography and whitelisting technology enables super-fast identification of any unauthorised activity on a server, whether data is held in the cloud or on-premises. It is a technology that uses the power and integrity of the chips found on the motherboards of every server and checks status every few seconds, which is impossible with conventional technology. Impervious to hacking, it ensures no person or organisation can interfere with servers, falsify verification data or bypass server security. By eliminating any single point of human weakness it also protects against insider attacks.
Innovation
Of course, there are no panaceas in cyber security. Staff training and the retention of a defence-in-depth approach using anti-virus and associated technologies remain important. Organisations must also take cyber security more seriously and appoint experts in the subject to their boards. Above all, it is imperative that major organisations recognise the inevitability of being breached and implement technology to detect incidents within seconds rather than days. Then they will avoid the huge damage of a major data theft.
