TRENDING
for organisations in this potentially
chaotic environment while not forgetting
the need to meet the appropriate
regulatory obligations as well as
maintaining customer security from both
a physical and data perspective.
Clearly communicating any changes to
business and security requirements, policies
and procedures are essential, as is providing
employees with a means to flag anything
that might obstruct their route to effective
collaboration and workflow.
Rory Duncan, Security
Go To Market Leader
UK, NTT Ltd
code execution (15%) and injection
(14%) attacks were the most common
techniques observed in the report globally.
And in most cases, due to continued poor
practice by organisations in relation to
network, operating system and application
configuration, testing, security controls
and overall security hygiene, these attacks
continue to be effective.
There’s also been a re-emergence of
Internet of Things (IoT) weaponisation, with
a resurgence of Botnets such as IoTroop and
EchoBot who have reared their heads again
but this time, with advanced automation
and improving propagation capabilities.
Unsurprisingly, attackers revert back to
those attacks where they have the greatest
success and that’s with vulnerabilities, such
as HeartBleed, which may be several years
old, but they haven’t been patched by
organisations. It is attacks of this nature that
make OpenSSL the second most targeted
software with 19% of attacks globally.
The route to cyber-resilience
It’s clear that the only way that
organisations can keep up is to beat
attackers at their own game by leveraging
automation to help them become more
secure and cyber-resilient and keep pace
with the changing threat landscape. Assisted
by machines and data scientists, it’s now
possible to predict when an attack is going
to happen – and fast. For example, in NTT’s
Security Operation Centres (SOCs), around
“
THE ONLY
WAY THAT
ORGANISATIONS
CAN KEEP UP
IS TO BEAT
ATTACKERS AT
THEIR OWN GAME
BY LEVERAGING
AUTOMATION
TO HELP THEM
BECOME MORE
SECURE AND
CYBER-RESILIENT.
75% of the threats detected are now
identified by supervised Machine Learning
and threat intelligence.
Organisations need to ensure they’re
fully equipped to be able to address the
multitude of challenges that lay ahead.
COVID-19 demonstrates just how fast
things can change, so much so that it has
brought about fundamental changes to
the entire functionality of businesses. Being
able to support employees is a pre-requisite
Using proactive intelligence capabilities
to identify and quickly make decisions
to manage risk will support business
agility. Having full visibility across the
information and communication technology
environment should also be a priority so that
you can manage risk and mitigate threats
and ultimately, make fast decisions on how
you can deal with those threats.
Penetration testing activities, including
application testing and social engineering,
should be regularly undertaken and being
able to leverage intelligence services
also adds a realistic approach from an
attacker’s perspective. Governance, risk and
compliance should be reviewed frequently,
along with technical and non-technical
assessments, to identify any potential
areas of weakness.
Secure at every level
The current crisis has demonstrated the
willingness of cybercriminals to take
advantage of any situation, further
emphasising the need for organisations to
focus on security that enables their business
and ensures that it’s cyber-resilient and built
on secure-by-design initiatives.
Taking a secure-by-design approach
will help to better protect organisations
from innovative attacks. In short, it’s
about focusing on what’s critical in
the organisation and putting the right
protection in place right from the beginning
– across business process, technology,
services and people.
Secure-by-design means being cybersecurity
conscious at every level of the business,
right up to board strategy level. This
involves security being core to the overall
26 INTELLIGENTCIO www.intelligentcio.com