The title of a 1974 mega-hit from the Canadian rock band Bachman Turner Overdrive speaks perfectly to where we are in the history of cyber terror: “You Ain’t Seen Nothin’ Yet.” This might jolt many who are of the mind that, in a world of adware, backdoors, rootkits, scareware and spyware, it can’t get any worse. But it can, and according to many, it will:
- Cybercrime damages will cost the world $6 trillion annually by 2021. This represents the largest transfer of wealth in recorded human history.
- The IoT market will grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025. One major player, meanwhile, sets the number at potentially 200 billion.
- The average cost of a data breach will surpass $150 million by 2020.
Without and within
Today’s cyber-threat is different. Modern threats are much more likely to be at the application layer as opposed to the network layer, and often originate not from without but from within the corporate perimeter. Today’s technology leaders need to worry not only about external attacks but also from internal “agents” in the form of internal staff who are (almost always) unwittingly spreading malicious code.
Corporate IT groups must keep an eye on the perimeter as there will always be externally sourced cyber-attacks. However, more and more companies are realizing that internal players — their own staff — are the biggest threat, and are starting to rethink their security policies and protocols going forward.
Big dilemma
It can be tricky for organizations to strike exactly the right balance between encouraging (and empowering) employees to use powerful collaborative applications — freeing them up to be wildly productive — and running a tight ship security-wise so the company’s valuable and thus much sought after data assets are not in danger of being stolen by bad actors.
The ISA white paper, “Cybersecurity Wake-Up Call: A pro-active approach can avoid catastrophic results for business,” explores an exploding cyber-threat landscape as well as a startling growth trend in multiple types of cyber-attacks. The paper also presents a six-step approach to incident readiness and response:
- Preparation – Review of existing security infrastructure, preparing identification and response plans, and implementation of incident response tools and processes.
- Identification and assessment – Timely detection of security incidents and determination of their nature and potential impact.
- Containment – Immediate action, using documented processes, to limit damage and prevent any further loss or impairment.
- Eradication – Evaluation of systems to ensure the security incident is fully remediated.
- Recovery – Restoration of data and network availability, as well as confidentiality and ongoing integrity.
- Lessons learned – Review and assessment of the events and processes that have taken place, and application of improvements to the plan.
While no network or device may have perfect immunity to being attacked, experience shows that an intelligent and proactive approach to the incident response lifecycle — from preparing defenses to effective remediation strategies to constant learning and improvement — is best.
