As cyber attackers increase their ability to innovate, so they are able to enhance their capacity to outpace state-of-the-art security technology, writes Paolo Campoli, head of global service provider sales: Middle East & Africa at Cisco.
Keeping up with the dynamic, ever-changing threat landscape is key to ensuring your defences are optimised in this cyber battle. Here are three things you need to know to ensure your IT security stays one step ahead of attackers.
Attacks are more sophisticated and disruptive
If enterprises aren’t evolving as fast as they can, then the attacking community is going to leave them in the dust. The recent Cisco2015 Midyear Security Report highlighted the latest threats, which include:
* The increasing exploitation of Adobe Flash vulnerabilities mean that they are being regularly integrated into widely used exploit kits such as Angler and Nuclear.
* Malware authors are amplifying their use of techniques such as sandbox detection to conceal their presence on networks.
* Criminals are once again using Microsoft Office macros to deliver malware and evade security protections.
* Operators of crime ware, like ransomware, are hiring and funding professional development teams to help ensure their tactics remain profitable.
* Criminals are turning to the anonymous web network Tor and the Invisible Internet Project (I2P) to relay command-and-control communications while eluding detection.
* Some exploit kit authors are using excerpts from Jane Austen’s novel, Sense and Sensibility, into web landing pages so that antivirus and other security solutions are more likely to classify these pages as authentic.
It is vital that companies remain aware of these hazards and ensure they keep abreast of the latest attack innovations, as these are becoming increasingly lethal. The seriousness of this threat to South African businesses was highlighted recently in the drafting of the Cybercrimes and Cybersecurity Bill.
An integrated solution means faster time to detection
Time to detection is the most important metric in security; we have to see it to stop it, and the faster we see it, the faster we can manage its implications. Speed means agility and adaptability and ultimately the destruction of threats.
Detection ideally needs to be done in minutes, even seconds. However, the current industry standard of threat detection is 100 to 200 days, which means that the hackers are winning. Cisco has managed to reduce threat detection to just 46 hours, which we believe is still too long, and needs to be continually improved upon.
Faster time to detection can be enhanced by introducing an integrated solution. A patchwork quilt of security products and solutions is impossible to manage. Simplicity is key. Vendors must be vigilant in developing integrated security solutions that help organisations be proactive and align the right people, processes, and technology. Organisations face significant challenges with point product solutions and need to consider an integrated threat defense architecture that embeds security everywhere, and will enforce at any control point.
Turn to trustworthy solutions, products and vendors
As the security industry addresses increased fragmentation, a dynamic threat landscape, and how to cope with a rising shortfall of skilled talent, businesses must invest in effective, sustainable and trusted security solutions and professional services. The technology industry, in turn, must provide reliable and resilient products and services, and security businesses must deliver vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks.
IT vendors have to up their game across their service offering to be defined as trustworthy. Companies want to buy from vendors they believe in, vendors who can prove they are transparent and who have a statement of principles that they follow. This includes everything from developing a life-cycle of a product that has security in mind, to making sure you have a secure supply chain, to the instrumentation of products which you can test.
In order to provide end-to-end security solutions to customers, Cisco announced its intent to acquire Lancope, Inc. Lancope, through its StealthWatch system, provides network behaviour analytics, threat visibility and security intelligence to protect enterprise networks against today’s top threats. As a result, we are embedding threat protection capabilities from the enterprise infrastructure to the data center, from mobile to the cloud, and through to endpoints.