From Reactive to Proactive: Does your Security Strategy Need to Evolve?14th of August 2018
As technology rapidly evolves, the complexity of protecting that technology increases exponentially. Threats and threat actors are becoming more sophisticated, while the number of IoT devices increases year on year, providing attackers with a greater pool of potential victims. All this change means that the cyber security strategies of organisations need to mature to keep up with their adversaries, ideally by moving from a reactive approach to a proactive one to ensure they stay one step ahead of the attackers.
More sophisticated threats bring increased risks
The sources of cyber attacks are becoming increasingly sophisticated, with highly-motivated and well-funded adversaries looking to exploit organisations’ weaknesses. Whereas in the past, threat actors were more commonly rogue individuals, now there are not only more sources of threats but they are more prolific and more organised. Businesses today face several key challenges:
- More frequent and more sophisticated cyber threats are harder to detect, prevent and mitigate: You can no longer depend only on traditional intrusion detection technologies, which can be slow to respond to this ever changing landscape as they rely on signatures and so require consistent reviews to ensure they are not outdated.
- Substantial time and cost to respond to incidents: Cyber security costs are rapidly escalating, with budgets being particularly affected by the field’s ever-increasing skills shortage. This impacts all areas of the industry, including maintaining surveillance, managing defences and responding to attacks, resulting in it becoming increasingly cost prohibitive for organisations to run in-house monitoring and incident response capabilities.
- Increasing financial impact of business interruption, loss of customers and damage to reputation: While preventative defence costs and the direct costs of responding to a breach are increasing, the indirect costs of a breach can be even higher. Suffering a data breach results in downtime for an organisation, as well as causing reputational damage that can lead to an immediate reduction in customers, from which it can take years to recover.
- New legislation and regulations: Governments and industry-specific regulators are placing more importance on cyber security and data privacy, with the EU’s General Data Protection Regulation (GDPR) being a key example of this. These mandates force organisations to not only detect attacks, but also report them earlier to protect customer data. The legislation itself imposes financial penalties, while mandated reporting publicly exposes an organisation’s cyber threat management weaknesses, potentially causing further reputational damage if their security posture was weak. This all results in higher costs and risks to an organisation. For example, NCC Group found that fines from the Information Commissioners Office (ICO) against UK companies in 2016 would have skyrocketed from £880,500 to £69 million if GDPR had been enforced.
The answer: Proactive threat management
To address these challenges, organisations must move from a protective, reactive approach to cyber security to a defensive, proactive one. It is no longer adequate to rely solely on technology. Organisations need to evolve their security monitoring processes and improve not only prevention but also detection and response.
This idea is supported by Gartner, stating that:
A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link - people - to do so. This means adapting your security setup to focus on detection, response and remediation. That’s where the cyber security fight is today. In the future it will most likely move to prediction of what’s coming before anything happens.
Being proactive and focusing on detection, response and remediation means getting ahead of your threat actor to know what they are doing before a cyber attack can cause any damage to your organisation. It is critically important to have effective cyber risk management strategies in place that enable the discovery and investigation of new tactics, techniques and procedures (TTPs), before applying them to top detection technologies and utilising human analysts who can interpret alarms.
Effective threat management must constantly monitor and evaluate your network for signs of threat actors attempting to bypass your defences, followed by investigations of the root causes when evidence is found so that learnings can be applied.
As discussed, there are many challenges organisations must overcome to ensure their cyber security strategies are suitable for today’s threat environment. A combination of threat intelligence, technology and people is required to enable truly proactive threat management, but all of this takes time and effort from experienced staff. Due to the cyber security skills shortage this resource is increasing in cost and becoming more difficult to maintain, particularly if you plan to monitor your networks all day, every day.
Managed services, such as NCC Group’s Cyber Threat Management (CTM), can support organisations through the provision of network sensors and endpoint agents, along with access to experienced security analysts and threat hunters to provide 24/7 monitoring, proactive threat investigations and incident response support. This helps to relieve the pressure placed on your team, while further defending your organisation from modern day threats in a proactive manner.