If you consider the general threat situation, the number of cyber attacks on companies and the reports of successful hacks, cyber criminals always seem to be one step ahead of IT security with their innovative attacks. A plea for building a long-term cybersecurity strategy.
No wonder - many CISOs and CIOs are mainly concerned with fending off the attacks that are taking place at the moment, instead of looking at the constantly evolving threat landscape in the long term. With a comprehensive and long-term cybersecurity strategy, companies would be much more effectively equipped against future attacks. Despite the multitude of attacks in the present, this is quite possible - because the future is by no means as uncertain as one might assume. Many new threats are sophisticated evolutions of existing attack vectors.
New threats, old attack vectors
In many ways, the security industry itself is to blame for the current "short-sighted strategy." Many technology vendors use customer fear and uncertainty as a sales tool, claiming that cybersecurity is evolving so rapidly that there is no telling what will come next. While this fear-mongering approach to decision-making practice may help sell the latest security products, it also actively encourages a short-term mindset. While it's true that new threats are emerging all the time, many of the attack vectors they rely on have changed little over the past few decades. While criminal organizations attacked mainframes in the XNUMXs and XNUMXs, today they are attacking cloud platforms - but using very similar tactics and techniques.
For example, almost all attacks on modern corporate networks are the result of successful spear phishing. The technique has been around for at least a decade, while phishing has been around since the 90s. Furthermore, social engineering is a key factor in almost all cyber attacks. These attack methods are by no means new, nor are the main defense strategies against them: regular cybersecurity training and the rapid detection of “abnormal” user behavior on the network.
Cybersecurity with automation and ML
Perhaps the biggest difference between then and now is certainly the benchmark. Over time, gigabytes have turned into terabytes and petabytes. The way people work in widely distributed organizations in a globalized world, often on the go or from the home office, has also changed significantly over the past decade. All of this makes it much more difficult for security teams to keep track of sensitive data and spot abnormal behavior.
Fortunately, data analysis and anomaly detection are an area where new technology evolved can really make a difference. Advances in automation and machine learning, for example, mean that companies are now building platforms that can relieve security teams of a lot of manual work. The costs for these technologies also decrease. While previously reserved for the largest companies, companies of all sizes can now take advantage of these new technologies.
The future is not as uncertain as some might think
Despite these advances, many providers in the cybersecurity industry continue to advertise the fear factor: They claim that quantum computers will be the next milestone for cybercriminals because it makes it much easier to crack encryption and passwords. Cybercriminals are also increasing the rate of their attacks thanks to automation and, for example, work together much more effectively through “Hacking as a Service” by sharing zero-day tools and username / password data, thereby significantly reducing the dependency on social engineering techniques .
While that may be true, there is still no reason to panic. Because even if criminals were able to gain access to networks without using social engineering, there are already technologies such as User & Entity Behavior Analytics (UEBA) that can counteract this. UEBA works by comparing the behavior of legitimate users and devices (entities) on the network over a period of time, setting parameters of “normal activity” based on key criteria such as geographic location, login times, and file access. If a user's behavior deviates too far from known normal behavior, such as logging in from China at XNUMX a.m. when they normally log into the network from Munich during normal working hours, this behavior is automatically reported as suspicious to the security team.
Behavior analysis instead of technology battle
Even if criminals used quantum computers instead of social engineering to crack a user's access data, their behavior in the network will quickly attract attention. The other significant benefit of using behavioral analytics is that all relevant activity data from other activity streams can be automatically aggregated into incident alerts. This gives security teams instant context about the risk level of an event, which helps to respond much more effectively and mitigate the consequences of the attack.
Conclusion: expand cybersecurity planning
Regardless of what certain corners of the cybersecurity industry may say, it is possible to plan for a much longer term than many organizations realize. New threats keep popping up, but when you take a closer look at them, you can see how amazingly similar they are to older attacks. At the same time, the technologies to defend against these attacks, which have remained very similar, have developed significantly thanks to advances in machine learning and automation. So there is no longer any reason not to worry or plan for the future. With this in mind, it is time to stop thinking about cybersecurity in standard budget cycles of three to five years, but rather to consider how to effectively extend planning to periods of more than ten years. While we don't know in detail what is in store for us, chances are it will look a lot more familiar than we think.
More on this at Exabeam.com[starboxid=17]