Five hurdles to effective cybersecurity
By Jen Dunham, Security Intelligence Practice, SAS, and Christopher Smith, Director of Cyber Strategy, SAS
Why rob a bank in person when you can do it from a coffee shop across the street, in another city or even another country? Cybercriminals can attack your organization without ever even entering your business location or offices. For this and other reasons, traditional crimes are shifting to cyberspace, and you have to be ready.
These digital thieves pose a real threat. A data breach can cost your company millions of dollars to rectify. And if consumer confidence is lost, it may never be recovered.
In the battle against cybercrime, it often seems that the threats are like tentacles of an octopus – as soon as you think you are safe from one, the other comes in to get you.
Using analytics for cybersecurity will help you think and act strategically – be proactive.
The obstacles to staying ahead of the threats are numerous. Let’s talk through five of the most pressing:
Hurdle No. 1 – Keeping up with the arms race.
As cybercriminals up the ante on their end, organizations have to apply more sophisticated tools. But these tools are often costly and complex to implement. Popular categories include:
- Intrusion protection systems (IPS). Firewall and antivirus software are examples of IPS. They not only monitor your network but also block anything suspicious from entering or exiting. These actions are based on rules.
- Intrusion detection system (IDS). These rule-based systems evaluate a suspected intrusion once it has taken place. If they see anything unusual, they send an alert.
- Security information and event management (SIEM) platforms. This latest protection platform gathers, analyzes and presents network data and activity from disparate sources.
IDS and IPS were the first systems on the market. But they don’t solve the problem of network intrusions because they are rules-based. And the rules – and rules-based signatures – produce massive amounts of alerts that overwhelm a security operations center. Additionally, because cybercriminals constantly change their tactics, keeping those rules up to date is almost impossible.
SIEM was the next wave of innovation. These costly, sophisticated appliances promised more visibility into the network. Instead, they ended up adding a new layer of complexity.
Hurdle No. 2 – Massive amounts of data
One of the biggest downfalls of these new systems – big data downpour! And the tools can’t keep up! So you stockpile the data for another day – when you have time and resources to deal with it. Big mistake.
Hurdle No. 3 – Making sense of what’s happening – fast
Proactive is good, reactive is painful. Once a hacker infiltrates your network, it can take months – sometimes years – before you can put it all together. Meanwhile, the losses continue to accumulate.
Take the case of RSA. The EMC-owned company makes SecureID, a system for securing access to sensitive information. SecureID consists of a PIN and password generated by a fob. The password changes at fixed intervals, usually every 60 seconds.
In 2011, an employee at RSA received a spear-phishing email. The email went into the junk folder, but the employee opened it anyway. The email unleashed a malicious remote access tool (RAT) that allowed hackers to burrow into the company’s network.
As a result, hackers stole information that could be used to compromise the security of SecureID, which 40 million people worldwide were using at the time. EMC spent $66 million dealing with the aftermath.
How did this happen? RSA was so focused on what was happening at its perimeter –that is, keeping malware out – that it neglected to see what was happening inside its own systems.
Hurdle No. 4 – Too many alerts
Existing network security systems require people to make too many decisions. These systems create logs, send out alerts and notifications, and then require people to decide what to do from there.
It’s like having several middlemen – all telling you the sky is falling! You need computing systems that can respond to what is happening – as it happens.
Hurdle No. 5 – Emerging threats
When a hacker realizes you’ve made changes to your network’s defense, he/she changes the type of attack to compensate. Staying on top of new threats is tricky, because you can’t know what you’re not aware of. That’s why information sharing is critical. If you see something in your organization, chances are you’re not the only one getting hacked. Other organizations are probably seeing the exact same thing.
You can no longer follow the outdated model of patching, plugging and putting out fires. The threats and attacks are growing too fast and sophisticated and the enemies are smart, resourceful and agile.
These obstacles are not insurmountable. Using analytics for cybersecurity will help you think and act strategically, be proactive in mitigating security risks, and defend your data and IT infrastructure. With analytics, IT security managers can become strategists who always look three or four moves ahead and play offense as well as defense.
- Read the full whitepaper, Trends in combatting cybercrime: Tips and techniques for defending your network.
- If your organization entrusts employees, partners, or contractors with access to sensitive data and resources, then you need to read Using Analytics to Proactively Detect Insider Threats.
Two cybercrime tactics
Spear phishing: An email appears to come from a trusted entity. The hacker's goal is to gain access to trusted information.
RAT: This type of malware contains a back door for remote administrative control over a target computer. RATs usually download invisibly when someone opens an email with an attachment.