The costs that cyberattacks pose to both companies and consumers have predictably prompted governments to develop regulation and compliance procedures to provide a measure of protection against companies that have a lax approach to cybersecurity.
GDPR was the major regulatory bombshell of 2018, but enterprises will need to stay abreast of further regulatory developments in 2019 and beyond. Ignoring regulation can prove expensive, as early GDPR fines have shown. IT must be both secure at a practical level, and compliant on a legal level.
That said, as much as compliance provides a solid layer of security, enterprises must understand that compliant IT is not the same as secure IT. Compliance and regulation are extremely reactive, and we are likely to see the cybersecurity threats of 2019 and beyond rapidly evolve beyond even the most recent regulatory measures. CISOs must therefore stay ahead of cybersecurity trends.
What organisations don’t know about their operating environments is one of the fastest-growing threats to those operations. First up: shadow IT, the internal use of hardware and software that is not declared to technology teams. Consider the use of personal data storage accounts for company data, or SaaS that is evaluated, purchased and used without the knowledge of IT teams.
If technology leaders are unaware of what’s in use on their networks, it rapidly becomes difficult to counter security threats and to maintain regulatory compliance. The Internet of Things (IoT) presents a similar problem: the total installed base of the Internet of Things (IoT) connected devices is projected to amount to 75.44 billion worldwide by 2025. A significant amount of these devices are uncatalogued and uncontrolled.
It is essential to uncover shadow IT while closely monitoring IoT use, and cataloguing devices where possible. However shadow IT and IoT is so pervasive that a watertight approach is almost impossible, so enterprises need to take a holistic approach. You need to obtain complete environment visibility, establish strict access control, and implement security monitoring to detect suspicious events.
A mix of user awareness and effective anti-spam systems have rendered classic phishing schemes ineffective, but attackers have adjusted, smartening up and making attacks more personal. The result is that while phishing attack volume has reduced, phishing has become more targeted.
Notably, targeted phishing aka spear phishing is responsible for 95% of successful enterprise cyberattacks, according to the SANS Institute. Spear phishing involves a manipulative email that is targeted to a specific employee, often at senior or CXO level. Just as with classic phishing attempts, targeted attacks aim to steal credentials or data often as part of a larger attack.
It is challenging to counter the intensive reconnaissance, preparation and emotional language used by attackers. However, user education is paramount, including the promotion of cyber hygiene practices and the introduction of the preventive processes where users report suspicious emails for a fast response. Furthermore, security features, including multi-factor authentication and authorisation that requires the involvement of multiple individuals, can help.
With growing threats from uncontrolled IoT and from more intelligent attack strategies – including advanced persistent threats (APTs) – traditional “prevent and detect” approaches are no longer relevant. Therefore, the mindset of many organisations is shifting towards an adaptive security approach for continuous monitoring and remediation.
Typical cybersecurity defences used to involve setting up a strong perimeter to prevent attacks, alongside rules-driven security including signature-based detection methods. However, companies no longer fully control their technology perimeter thanks to cloud migration, amongst other factors.
Instead, an adaptive approach to security involves pervasive monitoring and the ability to anticipate attacks by using machine learning and AI. Responses must change too, by incorporating a strong post-incident breakdown that leads to policy changes and improved preparedness. A re-think around prevention is required, while companies must also build attack containment strategies.
Gartner predicts that, by 2020, 40% of large organisations will have established a “security data warehouse” to support advanced security analytics.
With AI automation, you can boost the efficiency of security teams and respond to incidents faster. It becomes much easier to tune and train your algorithms using your data, use cases and scenarios for reviewing and responding to alerts. AI can support security operation centres in decision making and threat hunting, facilitating risk assessment and threat modelling.
Intelligent cybersecurity measures can act as horizon scanners, monitoring networks and flagging emerging threats. Automated cybersecurity is also less error-prone while delivering response times that are far faster than human experts can achieve.
Comprehensive, effective cybersecurity requires an extraordinary degree of non-stop coordination, continuous awareness and in-depth security knowledge. Even large enterprises can struggle to keep ahead of changing, morphing cybersecurity objectives day in, day out.
Involving a security partner is key, not only to build on existing knowledge but also to freshen up thinking, stepping outside of cybersecurity groupthink. ELEKS offers an unbiased, informed evaluation of your enterprise processes, products and systems to industry standards, with compliance in mind.
Our security team will help you implement the advanced, automated security controls that ensure that your business is resilient in the face of an endlessly changing cybersecurity landscape. Contact us today!
The breadth of knowledge and understanding that ELEKS has within its walls allows us to leverage that expertise to make superior deliverables for our customers. When you work with ELEKS, you are working with the top 1% of the aptitude and engineering excellence of the whole country.