In this day and age, it would seem that security breaches are no longer possibilities, but inevitabilities. 2014 saw several large companies become targets of major security breaches, and six months later, the security breach at Sony Pictures continues to plague the media giant. A recent report by the Identity Theft Resource Center revealed that the United States has experienced over 800 reported data breaches in2014, an all-time high.
Worse yet, cyber threats are not only difficult to predict, but nearly impossible to preempt, as attackers continue to evolve, patiently unrolling increasingly sophisticated attacks against any vulnerabilities. Hackers are rewarded handsomely by competitors and, occasionally by governments to access companies and individuals. The more valuable the target, the more persistent the attacks. Worst of all, in the search for growth and agility, companies are opening themselves to more vulnerabilities. Mobility is a great example - security experts are starting to grapple with mobile users connecting to hostile networks and downloading malicious apps. These vulnerabilities will only continue to increase as Internet-of-Things connects more devices to the ecosystem.
Some believe that the best way to prevent vulnerabilities is training. Although training is important, a sophisticated attacker can engineer a spear phishing attack that even experienced people can miss (For example, an email from someone you trust on a topic that you are expecting). Firewalls and anti-malware softwares are also a good start. The analogy of having these is a house with locked doors and windows.
However, to be more secure, organizations need to start looking outside, in the bushes and taking into account neighborhood crime rates, if they truly want to gather the information necessary to protect themselves.
That is why I believe the next generation of security operations must be even more forward thinking – not only vigilantly looking at vulnerabilities, but proactively looking for threats, inside and outside the organization.
Predictive analytics makes this possible. For example, an advanced machine learning can now analyze events over extended periods of time to identify both patterns and where attacks may come from. It can gather external intelligence from social sites, deep web and dark web sources. As part of a complete security strategy, companies must leverage these technologies and deploy “intelligence trained” security analysts that can manage and spot attacks, as well as improve their algorithms. They must analyze user behavior as well as threat behavior assisted by learning algorithms, and consistently improve these algorithms using “intelligence-trained” security analysts.
With the dramatic increase in cyber security needs, cyber talent is in short supply. Companies I are finding it difficult to attract cyber experts as this talent is heading to cloud or security companies. Interestingly, where security was once the challenge to overcome for cloud and SaaS companies, it is now the reason to potentially move to the cloud. It is also the driving trend toward the outsourcing of security needs –or at least portions of the security needs.
A transition is more in line with how business is conducted today. Systems and devices with sensitive company information, travel beyond the corporate network. Thus, to get a complete view of a sophisticated attack, organizations must analyze outside information(For example, mobile devices, cloud systems and external intelligence).
All said security is now aboard room issue. Most CISOs are convinced that it is not “if”, but“ when” a security breach will occur– and having a complete program has become a must.