Page 22 - Cyber Warnings
P. 22
Big data, security analytics turns the tide against attackers
Intro
The sophistication and volume of insider threats and targeted cyber-attacks is greater than ever.
Despite significant security investments, companies are increasingly at risk for catastrophic
breaches. These breaches impact business operations and result in both direct and indirect
costs. Recent publicized breaches have shown these costs range in the hundreds of millions of
dollars when mitigation, fines and brand value impact are considered. As a result, CEOs and
corporate boards are now contemplating issues historically reserved for CISOs and CIOs.
As we’ve seen in numerous, high-profile breaches, we’re losing the fight against attackers
because our defenses are increasingly obsolete. Traditional security technologies are incapable
of addressing today’s targeted threats. Time and time again adversaries demonstrate their
ability to slip past the most hardened perimeters. Cybercriminals are morphing malicious
behavior in never-before-seen ways; learning a company’s people, processes, technologies,
and supply chains; and impersonating authorized users - sometimes using no malware at all.
These practices allow hackers to pass through perimeter defenses, dodge detection
technologies like IDS, IPS and NGFW, and bypass configuration monitoring, compliance,
vulnerability and patch management controls. They can overrun SIEM and log analysis products
that fail to prioritize alerts and frequently miss critical security events, even when they have
already occurred.
None of today’s traditional solutions deal with one of the most harmful threats: the Insider
threat. Verizon surveyed large to mid-sized enterprises in its 2015 Threat Report4 and
determined that insiders accounted for 40 percent of acknowledged threats found. These are
just the known threats—most of these insider threats go undetected. The insider using their
own, or someone else’s, credentials typically knows where to look for data with the most value
and, if using legitimate credentials, will not be picked up by SIEMs, DLPs, endpoint solutions or
other traditional security measures. Clearly, cyber security is at a tipping point. To win against
today’s and tomorrow’s threats, enterprises must employ a new way of thinking. This means
analyzing the situation from the attacker’s perspective, understanding their goals, tactics, and
techniques, and letting this new vantage point inform company defenses.
The Issue
While big names such as Anthem, Sony, Scottrade, ETrade, Home Depot, JPMorgan Chase,
and Target have garnered national headlines following extensive data breaches, the truth is that
more than 80 percent of U.S. Corporations experienced a successful insider or cyber-attack.
Attacks have become so prevalent that virtually no industry is immune.
Simply put, adversaries are outpacing security teams and their current security measures.
Security experts expect the number of attacks to continue growing. For now and the foreseeable
22 Cyber Warnings E-Magazine – April 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
