As cyber attacks become more complex, a lively debate has emerged on the best defense strategies
A 2013 scheme by Russian state actors compromised data from more than 3 billion Yahoo user accounts. In 2014, the Sony Pictures hack brought the studio — and several of Hollywood’s most powerful players — to their knees. Now, word comes that South Korean agencies charged with running the 2018 Winter Olympics were subject to an organized cyber attack that installed four different kinds of malware on target computers and stole data from their networks.
The takeaway: If even massive organizations with plenty of digital resources can be successfully invaded, what hope is there for smaller businesses? While most decision makers are now all too familiar with the importance of dedicating funding to their organization’s cyber defenses, they continually wrestle with difficult choices on how to deploy a successful strategy.
The question of how best to allocate limited funds to safeguard digital assets has sparked a healthy debate among cybersecurity specialists. Given the evolving complexity of hackers’ attempts to breach networks, some experts say the smartest use of cyber budgets is to expect and prepare for network intrusions with a focus on minimizing damage and recovering quickly. Other pros say a greater emphasis on attack-prevention research and spending to protect operations could cut cybercriminals’ success rates significantly.
“Most likely, someone’s already on your network”
“Hackers can get on to your network,” says HP Print Security Advisor Jason O’Keeffe, an expert on network vulnerabilities and hacking. “In a lot of cases, it’s a no-brainer for them — despite the best-laid defensive plans. When I tell a customer, ‘Most likely, someone’s already on your network, you just haven’t found them yet’ they either start shouting ‘impossible,’ or they understand and accept it.”
Jonathan Griffin, a senior security researcher for HP Labs, agrees with O’Keeffe that it’s hard for anti-malware applications to keep up with rapidly changing threats and adversaries who are strongly motivated by money or national interests. As well as installing anti-malware protections, businesses also need to deploy monitoring tools to detect when malware has gotten past their defenses.
“Malware is always getting into our infrastructures,” Griffin explains. “The challenge is to build monitoring systems we can rely on to spot a potential outbreak early, but without generating too many false alarms.”
To deliver on that goal, software engineers are building systems powered by machine-learning algorithms that watch data streams moving across a network and those heading out to the internet for signs that an attack is starting or that malware is operating within the network and exfiltrating data from it. Other developers are designing programs that recognize when PCs and other network-connected devices have been compromised and automatically purge malware before it can wreak havoc.
Evolve with the threat
Such post-breach weapons are important, says Daniel Kalai, the founder of cybersecurity-as-a-service company Shieldly. But he believes manufacturers and information-security professionals can do more to prevent successful attacks. The problem, he argues, is that most prevention approaches offer a single answer when the complexity of attacks now requires a portfolio of prevention tools that evolve with the threat.
“When I go to cybersecurity conferences, I see hundreds of vendors selling point solutions — anti-viruses for viruses, for example,” Kalai says. “But home users and small and midsize businesses need a managed solution that automatically layers on new answers for new problems as they arise. They need a cybersecurity service offering, not a product offering.”
Kalai says many of the tools required for better protection already exist — they just need to be made easy and affordable enough for users and administrators to take advantage of them. If these solutions are implemented and maintained properly, along with two-factor authentication and an effective anti-malware app, Kalai says, potential attackers will move along to easier targets.
The No. 1 weapon every company needs now
Both sides of the debate say network monitoring is now a critical component of any cybersecurity program. HP Fellow and Chief Technologist Vali Ali says monitoring is so important because it provides machines and networks with intelligence to understand if they’re clean or compromised by an attack.
Active monitoring is part of a more holistic cybersecurity approach Ali calls resiliency. It may just mean the difference between a catastrophic attack and one that can be navigated through as companies grapple with a landscape that is becoming ever more hostile and effective.
The idea of resiliency provides a layered security program that helps organizations survive attacks through deploying protective measures like managed anti-malware filters and diagnostic measures that watch for intruders. Such methods can minimize damage through insights that trigger a rapid response and recovery after a breach. They also create a feedback loop that enables intelligent shields to learn from past failures so they can avoid future events. “Survival means you have protection,” he says, “but you also realize that you’re going to be breached, no matter how strong your defenses are.”
Given the difficult reality of the modern threat environment, Ali has two questions for companies that want to ensure their survival: “Are you equipped to detect that you have been compromised? And are you equipped to recover at speed and at scale?”