The cybersecurity industry is well known for its rapidly evolving landscape, with new threats emerging on a near-daily basis. As a consequence, many organisations are reluctant to attempt any form of meaningful long-term cybersecurity planning for fear of those plans quickly becoming obsolete.
Instead, they rely on short-term, largely reactionary strategies that focus on trying to detect threats before a significant data breach can take place. Unfortunately, such an approach condemns these organisations to a lifetime of playing catch up against the perpetrators of attacks – which is exactly what the attackers want.
Old vectors die hard
In a lot of ways, the cybersecurity industry itself is to blame for the current predicament. Fear of the unknown has long been one of the cornerstones of cybersecurity sales techniques. After all, how can you protect against something you don’t even know about without the latest technology?
But while such an approach may be useful when trying to sell the new products and solutions, it actively encourages a short-term mindset amongst customers. It also ignores key trends within the landscape that could be used to build a viable long-term cybersecurity approach, such as the fact that the vast majority of emerging threats still rely on the same old attack vectors they have done for years.
For instance, 95% of attacks on enterprise networks today begin with a successful spear phishing attempt, according to the SANS Institute. Spear phishing is hardly new; it’s been around for more than a decade. Phishing itself is one of the oldest tricks in the cybercrime book, with the earliest examples dating back over 30 years. Nearly every modern cyberattack still utilises some form of social engineering too, a technique that criminals from all walks of life have been relying on for centuries.
Not only are these attack vectors old, but so are the most effective defences against them. Chief among them is the establishment and maintenance of a robust cybersecurity training programme for all employees, helping them to quickly identify and report any phishing/social engineering attempts they encounter. As any cybersecurity expert will tell you, employees are always your first (and most effective) line of defence against cybercrime, and a little investment goes a long way.
In this regard, while the ongoing game of cybersecurity ‘cat and mouse’ may have changed in its appearance over the years, the rules haven’t changed much at all. Many of the same criminals who were attacking mainframes back in the eighties and nineties are attacking cloud platforms today, using very similar tactics and techniques. This begs the question, ‘is it an outdated mindset that’s holding the industry back, rather than outdated tech?’
Scale is now the biggest challenge
Of course, this doesn’t mean the challenges facing modern cybersecurity professionals haven’t changed at all. Perhaps the most striking difference between then and now is the scale of the task at hand. Over the decades, megabytes of data have turned to gigabytes, then terabytes and soon many organisations will be dealing in petabytes.
The same evolution can be seen in data transfer speeds and in Moore’s law, of doubling data processing power speeds. Elsewhere, changing business practices (accelerated by the ongoing pandemic) have resulted in ever greater numbers of employees working outside a traditional office setting, making it harder and harder to keep track of data and/or spot tell-tale signs of a potential security breach.
Fortunately, data analytics and anomaly detection are two key areas where investment in modern security technology really can make a difference. Advances in machine learning and automation mean organisations can now build platforms that take much of the manual burden off analysts, saving time and allowing them to concentrate on areas of the security process where their input will be more valuable. Such technologies are also becoming much more affordable, meaning businesses of all sizes and budgets can now benefit from the advantages they offer.
There’s will always be something new around the corner
Cybersecurity vendors are now touting quantum computing as the next big thing to shake up the industry. Many claim it’ll give criminals the ability to crack user passwords and encryption keys much more easily, significantly reducing their reliance on social engineering.
While this may be the case, there’s no need to start panic buying new, unproven security tech just yet. Even if the emergence of quantum computing does lead to an upsurge in criminal activity, there’s already a wide range of established technologies, such as user entity behaviour analytics (UEBA), which can be used to effectively counteract it. UEBA works by monitoring genuine user’s behaviour over time and establishing benchmarks for ‘normal activity’ based on key criteria including the time of day, network folders accessed and geographical location.
Consequently, if any user’s behaviour deviates too far from their norms, such as logging in from Russia at 5 am when they usually log in from the UK during normal business hours, it will automatically trigger an alert for the security team. Behavioural analytics can also automatically stitch together data from multiple activity streams, quickly creating a comprehensive incident alert that gives security teams much needed context about an unfolding event.
The cybersecurity industry has long been driven by fear of the unknown, resulting in a culture where the concept of long-term planning has been all but abandoned. Yet despite ever-present concerns about emerging threats, a closer look often reveals a startling number of similarities between the old and the new.
With this in mind, organisations shouldn’t let uncertainty prevent them from considering how they can effectively extend their cybersecurity planning cycles to 10+ years over time. While the future may be unknown, chances are it will be more familiar than you may think.
Richard Cassidy is senior director of security strategy EMEA at Exabeam, a company that provides big data security analytics solutions.