subscribe: Daily Newsletter

 

No silver bullet for cybersecurity

0 comments

In recent months, the cybersecurity industry has seen many organisations fall victim to global cyberattacks with the WannaCry and ExPetr ransomware attacks proving that it doesn’t always take a hugely sophisticated targeted attack to cause extensive damage. Consequently, businesses need to be aware of this, and understand that security must evolve together with the realtime threats occurring.

Says Riaan Badenhorst, GM of Kaspersky Lab Africa; “We are living in a world where the question isn’t whether a business will be attacked. Rather, it is a matter of time. So, businesses need to question how quickly and completely they can recover, should this happen”.

While Kaspersky Lab’s research shows that targeted attacks resemble only 1% of threats that occur today, they can still do a lot of harm. In fact, the average cost of a targeted attack for an enterprise is as high as $1,4-million. Furthermore, in 2015 and 2016, over a third of businesses (38%) globally were affected by viruses and malware, causing a loss of productivity. Further, one in five (21%) of businesses also experienced data loss or exposure due to targeted attacks.

“Although a few years ago it was enough to have a strategy to prevent infection, today businesses have to be able to detect when they are infected or hacked, predict hacker behaviour and most importantly, respond to attacks quickly,” continues Badenhorst. “However, protection is only as effective as the businesses ability to closely monitor the threat landscape and distil data into actionable security intelligence. A comprehensive set of solutions, along with multi-layered protection technologies, is therefore required. Complex attacks need to be detected, threat response is a must, and businesses need intelligence to predict future attacks. This is what Kaspersky Lab term a ‘True Cybersecurity’ approach — and this approach consists of four key elements for businesses to consider.”

The elements aim to provide a guideline to the IT security department of any business (no matter the size), to reach True Cybersecurity and ensure quality security for businesses in today’s unpredictable cyberthreat landscape.

The four elements include:
HuMachine intelligence — True Cybersecurity is powered by perfect HuMachine Intelligence — humans and machines uniting their expertise to fight against hackers. This type of intelligence can spearhead efficient detection. Such a detection process involves the use of innovative automated malware detection systems that are steered in the right direction by security experts.

Adaptive security — security processes must be adaptive to ensure the approach can be flexible and understands the needs of the business, in a certain situation, and adapts to these accordingly. An adaptive security policy should include four strategic aspects; threat prevention, the detection of targeted and complex attacks, incident response and the prediction of future attacks. IT solutions used in an adaptive security approach must therefore be able to reach everywhere in a corporate infrastructure; protecting all needs, even if they are temporary.

Agile security — the security process must be easy to manage and cost-effective for the type and size of the business. While businesses with small IT budgets face the same variety of threats as enterprises, they don’t have lots of resources (both budget and talent) to address them. Therefore, embracing modern trends, like cloud-based security management, matters.

Proven solutions – that deliver the best protection in class. When investing in security solutions as part of a cybersecurity approach and policy, it is critically important that these solutions adapt to the threat landscape (which is continually evolving), to effectively protect the business, not only today, but well into the future.

“There is no single perfect protection technology, or silver bullet approach to cybersecurity,” says Badenhorst. “However, following a True Cybersecurity approach, based on intelligence, will go a long way to ensuring a business has covered all areas of a good cybersecurity strategy. It is this approach that can ultimately save a lot of money and minimise reputational damage.”