Recently IT Brief had the opportunity to talk to Rackspace ANZ GM Darryn McCoskery about the future of the cyber security industry.
How do businesses need to evolve in order to prepare companies for future cyber threats?
Given the rapid pace that technology is changing at, businesses can no longer rely on the ‘set and forget' approach to security of the past. Today, cyber security strategies need to focus less on preventing attacks from occurring – because they will occur, and more on increasing the amount of time that attackers are forced to spend within corporate cloud systems.
This may seem counter-intuitive to some but an approach like this accepts the reality of Australia's tech landscape wherein the time it takes you to identify (and then resolve) a data breach, another one could just as easily be taking place.
At Rackspace for example, we have moved beyond perimeter security measures to internal, host-based security controls. Known as Active Defence, this approach works by increasing the time it takes attackers to circumvent controls and exploit systems with the use of deceptive techniques such as honeypots.
This not only acts as a deterrent but also increases the time that a black hat must spend within the system, which allows us to create a thorough profile and gain valuable insight into what it is they are going after and how. Essentially, the more time it takes for an attack to occur, the more prepared for future attacks businesses can be.
There also needs to be greater collaboration with different stakeholders within the organisation. The best security experts and advanced security solutions won't protect you if your employees are not following basic security measures, or lines of businesses are using new technologies without informing the IT department.
This is why more and more companies rely on third-party experts, whose job is to identify security gaps within the organisation, educate stakeholders, improve collaboration, and chose the security solutions and strategies best suited to every single organisation.
What do security providers need to do to reassure their clients that they are prepared to handle future cyber threats?
The introduction of the national Notifiable Data Breaches (NDB) Scheme, and globally other regulations like the GDPR, have highlighted the need for improved cyber security processes and encouraged organisations to take more interest in their data security and notification.
As customers seek assurances about how their data is being shared and protected, and how their clients' data is being shared, it is important for security providers to be up-front and honest. Trust and transparency are critical.
Cyber attacks are getting more sophisticated every day, and the surface of attacks is constantly increasing, especially as the IoT expands. Keeping customers up to date and informed about cyber hackers' new techniques, and running attack simulations can be a great way to keep cybersecurity top of mind while raising awareness amongst key stakeholders. Education is always a key piece to this complex puzzle.
One of the ways we demonstrate value at Rackspace is through regular reporting on security activities that take place on our customers' accounts, including investigations that have resulted in false positives and remediation activities when a breach has taken place.
Immediate notification is absolutely necessary to maintain the trust relationship between customers and security providers. Ongoing training and support tools are also necessary to ensure customers are empowered to make cybersecurity decisions and feel a part of the organisations' overall security conversation.
How are we training our Information Security teams to be the expert across the exhaustive list of threat vectors?
Across the nation, there is an acute technology skills gap. This isn't news to anybody – you only have to take a look around to see the shortage in action. According to a recent survey by Intel Security, 88% of Australian IT decision makers believe that there is a shortage of cybersecurity skills both within the public and private sectors.
A successful cybersecurity strategy involves a combination of factors: proactive detection, and investment in the right skills that enable siloed teams to identify and respond to individual patch vulnerabilities. It's not about being able to defend against every type of possible threat.
Instead, the focus must shift to training Information Security teams to think like hackers (or whitehats), encouraging the team to constantly innovate and brainstorm ways of breaching current security measures… and to always think one step ahead in terms of active defence.
Other Australian businesses have realised the benefits of leveraging external security providers for this task, with the specialised knowledge and relevant experience to detect, respond and report in real-time on potential breaches.
Industry stats prove it still takes (on average) 99 days to detect a breach! How can businesses quickly adopt a “patch or perish” mentality?
Globally, the average time that it takes to identify a breach and then resolve is 99 days. Across the APAC region, this timeframe is closer to 170 days. 170 days! Realistically, breach detection should be taking 24 hours, not close to 6 months.
Businesses need to be taking a more long-term approach to cybersecurity by developing graduate programs that attract the best university talent and incentivising their current IT staff to upskill. Outsourcing through a managed services provider (MSP) is another option to close this skills gap and relieve some of the pressure on over-worked, capacity-strapped internal tech teams.
Do you believe that AI and machine learning are the future of 'full-proof' security?
While AI and intelligent machines have the ability to maximise and augment human capacity, these technologies will never be able to replace the human workforce. In terms of cybersecurity, for instance, skilled IT professionals can utilise cognition to think outside of the box – understanding how hackers work, how their strategies are evolving and how to actively defend the secure environment instead of focusing solely on prevention.
Under every cyber-attack there is a human, using technology. A “full proof” security approach needs to incorporate both elements: human and technology. Organisations using and combining the best of both worlds will likely be the ones able to get ahead of hackers when others – relying only on human skills or only on technology – will slowly lose the battle.