Why big data protection is actually a team sport
FYI, this story is more than a year old
For businesses trying to fight the cybersecurity war, increasingly sophisticated security threats like ransomware and attacks on Internet of Things (IoT) devices are tough opponents.
Across the globe, backdoors in IoT systems provide hackers with millions of unprotected gateways into IT infrastructure, while cybercrime syndicates are structuring a value chain for ransomware tools.
Locally, almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis. DDoS attacks and the Mirai botnet have recently proven how vulnerable the connected devices and online properties are to exploits. It’s not only breached businesses that are affected.
Organisations with data held by those businesses are also compromised. For example, the Dyn botnet attack brought down several popular online services including Airbnb, Amazon Web Services and PayPal, all of which store personal and financial customer information.
With this in mind, it’s easy to see how a team mentality is required to combat security threats, especially when it comes to protecting data. The Australian government, security vendors and their customers are three key players.
The Turnbull Government has responded by announcing a plan to create a mandatory data breach notification scheme for business and government organisations, which is set to come into play as early as this year.
Under the new legislation, organisations that realise they have been breached or have lost data must immediately report the incident to the Privacy Commissioner and notify affected customers.
Companies or agencies that fail to do so face penalties of up $1.8 million. Individuals can be fined up to $360,000.
The Australian Government’s sharpened focus on data protection will put security and privacy breaches in the spotlight like never before.
As Australia transitions to a digital economy, we’re seeing a huge amount of data gathered and stored. Gartner expects there will be 21 billion connected ‘things’ worldwide by 2020.
While this level of connectivity offers plenty of benefits, it poses security risks to users and external organisations, and the cost of security breaches to local organisations is only going to increase.
While many businesses have a security policy in place, they’ve traditionally relied on point security solutions when a multi-vendor environment is required to gain end-to-end threat visibility.
However, data protection and recovery requirements have moved beyond traditional security solutions. Businesses need to streamline security infrastructure and drive threats out of their organisation at every opportunity.
The quicker businesses detect anomalies in their infrastructure, the better. Attacks are often months or years old by the time they are discovered, as many security point solutions only store a few days or weeks’ worth of data.
Findings from FireEye M-Trends Report 2016 show that the average number of days to detection is 146, and that 53 percent of attacks are detected externally, on average at 320 days. This is why having an analytics platform that can store and retrieve years’ worth of data is critical to ensuring organisations meet the Turnbull Government’s proposed regulations.
As a result, we’re seeing security vendors up their game plan. They’re collaborating with one another, rather than competing on offerings, to help businesses strengthen their security posture.
ForeScout is a good example. The enterprise security company provides joint customers such as Brown-Forman visibility and control of devices connecting to its network in order to detect threats and execute a response very quickly.
Unlike traditional, single point approaches, ForeScout is using an adaptive response model which combines alert and threat information from multiple security technologies.
With this collective insight, security teams can make better-informed decisions across the entire kill chain, especially when validating threats and applying analytics-driven responses to their security environment.
For customers, this collaborative approach improves the speed and strength of threat detection and response by connecting intelligence across security domains such as endpoints and networks.
While traditional security products are still essential for the frontline, they’re not designed to work well together out of the box.
An adaptive, connected nerve system enables organisations to analyse and correlate a wide range of data across a multi-vendor environment, helping their security team to work faster and with more agility.
And as the Turnbull Government takes a step forward in the escalation of data protection, now is the time for local businesses to do the same.
By leveraging the industry’s unified defence against attacks, organisations across public and private sectors have the opportunity to strengthen their security operations, and avoid striking out in the cybersecurity game.
Article by Simon Eid, Area Vice President, Splunk ANZ