Article by Secureworks CTO Jon Ramsey
Speed and awareness are essential to combat cybersecurity threats that are facing the Australian business landscape.
To put this into context, according to the 2018 Secureworks Incident Response Insights Report, 50% of companies went more than a year without knowing it had a targeted threat on their system. Business Email Compromise (BEC) attacks, which make up less than 14% of breaches costing companies more than AU$5 billion over the last three years.
At the onset of the digital era, many organisations committed to transitioning important files and data into digital formats.
One of the latest technological efforts has been to store these digital files on a cloud platform, allowing data to be easily managed, thus increasing collaboration with offices and partners that are separated by geographical distance.
The flexibility of storing information in the cloud is accompanied by potentially avoidable risks if proper security parameters are not put in place.
Since Australia’s data breach notification legislation rolled into action in February this year, the Australian Government’s Office of Australian Information Commissioner (OAIC) has received more than 60 breach notifications.
Whether phishing scams, malware, or ransomware, hackers can arm themselves with various tools to infiltrate organisations for monetary gain.
Just last year, nearly 4,500 cases of malware and ransomware were reported in Australia alone per the ACCC, however, it is understood that countless cases go on unreported.
If businesses hope to avoid becoming another statistic, they must be proactive with their security programs, stay agile and react swiftly to a crisis to avoid the accompanying financial and reputational damage.
Threat actors will use sophisticated technology to wreak havoc on unsuspecting security teams, and organisations must understand their risk tolerance and have plans to safeguard against attacks.
If the worst is expected, then the most updated defensive measures can be put in place and IT teams can grow in confidence.
Mounting exploitation of the Internet of Things
Today a person may carry two or three dozen sensors on them – a modern home often has approximately 600 sensors.
All of these generate data.
If a threat actor manipulated the data that drove the production of a company's flagship product, the result would have an impact far greater on the company's reputation and financial wellbeing than most realise.
To guard against this type of compromise, IoT manufacturers must assume they are deploying in hostile environments and build devices to defend themselves.
Those managing the environments also need to presume the devices are easily compromised and perimeter owners must be prepared to prevent someone from getting to those connected devices. Ultimately it's imperative that IT professionals validate and make sure that the confidentiality, integrity, and availability of the data in the systems are intact from a cybersecurity perspective.
Increased reliance on data sciences
Speed is always a factor when it comes to security.
If hackers can outpace IT teams, they can outmanoeuvre them as well.
As online criminals seek to take advantage of security vulnerabilities, organisations must be better at understanding what the situation is, so they have the confidence to take action.
The IT department must be able to identify the signal through the noise.
This is why data science and machine learning will continue to play vital roles in security.
Sometimes, instead of humans telling machines what to look for, machines can tell humans what they think might be happening.
An example of this is if employees scan an ID badge to get into different parts of an organisation, a human could not tell the security team the details of the last 50 scans.
This is where machine learning can give insights into ground truth, processing large amounts of data to identify anomalies humans can't easily detect.
Fundamental shifts in how we deliver security
Traditionally, a software developer writes a piece of code, secures it, searches for vulnerabilities and reviews it.
DevOps is about continuous integration and continuous deployment, and DevSecOps is about attaching security to that process.
There's a perception that security and DevOps are a bad match, because of how security is delivered today, it is.
Like DevOps, security is all about speed, and IT teams now have to modernise how they deliver and support a DevOps process.
In the near future, security is going to experience more automation and will move earlier in the development process.
Security is not an IT issue – it's a business imperative, security teams need to start thinking like software developers to find ways to automate what we do in a way that allows us to assert that the code is safe.
Risk reduction relies on confidence
The old way of thinking is, “If it ain't broke, don't fix it,” but to be secure, organisations need to take a proactive approach - “Fix it before it breaks.”
Fear, uncertainty, and doubt have led to inaction, and if IT teams are not preventing or responding to threats, they are not reducing risk.
Orchestration and automation provide the ability to contextualise the data so IT teams have the confidence to act.
Businesses are moving beyond adding new security controls for each new threat and investing in data sciences and collaboration that act on observations instead of inferences.
Moving forward, organisations will face new challenges as they adopt technological advances that help automate their processes, with proactive thinking businesses will be better equipped to defend evolving security threats.