FINAL WORD
of 2018 alone, while the number of
unique daily malware detections per
firm rose by 62%. Even worse, the
average time to identify a breach is 197
days and the average time required to
contain a breach after detection is still
a whopping 69 days. As a result, 73%
of organisations admit that they are
unprepared to face a cyberattack.
An increasing number of organisations
find themselves in a constant cycle
of clean-up and damage control, a
strategy that drains time, money and
resources. The more sensible approach
is to adopt a more proactive, zero-trust
strategy that starts with an assumption
of compromise. If you knew that your
network had already been breached,
what would you do differently compared
to what you’re doing now? What
resources would you isolate? What
control measures would you put in
place? Those are the things you should
be doing now.
2. You regularly find yourself one step
behind cybercriminals
Cybercriminals know how reactive
cybersecurity tools work – and how to
circumvent them by using malicious code
with the ability to constantly change
to evade antivirus (AV) detection. By
blending malware with seemingly
innocuous code, it is possible to bypass
an AV solution’s methodology.
Malware-for-hire is readily available to
multitudes of relatively unsophisticated
end-users over the dark web. The
actual producers of those scripts tend
to be much more professional. When
a business gets an update from its AV
provider informing it of the latest batch
of identified malware variants, the
authors of that malware have probably
signed up for the very same update
and are therefore prepared to launch a
‘new and improved’ version deigned to
evade detection. With purely reactive
security measures in place, organisations
constantly find themselves one step
behind the criminals.
3. Insiders are well placed to bypass
reactive security measures
Nearly half of data breaches come
from within an organisation rather than
86
INTELLIGENTCIO
framework that only responds after
an update or event occurs is not an
adequate strategy.
Paul Anderson, Regional Director UK &
Ireland, Fortinet
from an outside source. Of these, nearly
half are intentional, while the rest are
accidental. While most organisations
have some protective measures in place
to tackle insider threats – such as file
fingerprinting and usage monitoring –
they probably don’t contemplate how
to tackle privileged users. These are
the people who know precisely what
reactive measures an organisation has
in place. They know how to cover their
actions without triggering a reaction.
And they also know where the most
valuable data resides. When one of
these actors becomes rogue, it can be
impossible to respond effectively when
your security defence system is built
around a reactive model.
4. You’re unsure about whether
you’re compliant
With GDPR firmly in place in the EU and
similar legislation on the horizon in other
parts of the world, CISOs have to work
within a completely new data protection
framework where a data privacy breach
resulting from a security compromise
may lead to severe fines depending on
the account they are able to provide to
the investigating regulator. Were the
reactionary security solutions they had
in place reasonable and adequate?
Did the CISO regularly stress-test the
security infrastructure? Compliance
isn’t a one-off exercise – it demands
investing sufficient resources to meet an
increasingly complex threat landscape.
Sticking to a reaction-oriented security
5. You’re unable to identify and mitigate
threats before they harm you
Research conducted by The Economist
Intelligence Unit shows that
organisations that have a proactive
security strategy in place tend to
reduce the growth of cyberattacks
and breaches by 53%. In practice,
proactivity involves identifying and
mitigating any hazardous conditions
that can give rise to all manner of
threats. For example, a malicious insider
has numerous extraction options open
which will enable them to steal valuable
data. Purely reactive security measures
might pick up on a one-off illegal action
– but chances are that the insider will
be able to bypass them. A proactive
approach involves identifying the tell-tale
signs that something’s afoot: has this
individual’s behaviour recently strayed
from the norm? Have they been moving
files to new servers? Are they logging into
resources they normally don’t access? Is
data moving in unexpected ways?
Purely reactive security strategies
rely almost entirely on being able
to shore up your defences before
cybercriminals can target and exploit a
new vulnerability or responding to an
alarm that indicates that your network
has been breached. Of course, NGFWs,
antivirus, spam filters, multi-factor
authentication and a comprehensive
breach response plan all have an
important job to do. But these technical
solutions will only take you so far.
Organisations need to be able to
anticipate attacks by implementing
zero-trust strategies, leveraging real-
time threat intelligence, deploying
behavioural analytics tools and
implementing a cohesive security
fabric that can gather and share threat
intelligence, perform logistical and
behavioural analysis, and tie information
back into a unified system that can pre-
empt criminal intent and disrupt criminal
behaviour before it can gain a foothold.
This approach allows for greater control
over the network, thereby limiting
exposure if there is a breach. n
www.intelligentcio.com