Medieval cities were often built as fortresses with impressive moats and ramparts to keep attackers out. At times of crisis the drawbridge could be pulled up and the citizens within the fortress protected. Yet, history tells us that attackers were still able to penetrate these defences, either by trickery, treachery or simply good climbing skills.
In more recent times, the fortress mentality of the Maginot Line or the Atlantic Wall was shown to provide only a minor obstacle against a determined opposition. Yet, many organisations adopt a fortress like mentality when it comes to protecting digital systems.
Cities once protected by walls and gates are now thriving modern metropoles with millions of people entering and leaving the city each day. In many ways, computer networks are similar. The value brought by computer networks is due to the ability to transfer data and to connect with many different systems both inside and outside the organisation.
The security of modern cities is not provided by perimeter defences but through vigilance, an awareness of threats, and a rapid response when an incident is detected. Eyes on the ground can detect and respond to emerging incidents. CCTV can identify trouble, track the progress of threats of incidents, and provide evidence for post-event reviews. Networks and digital assets can be protected in the same way.
Perimeter defences such as firewalls have their role in defending networks, but they cannot be assumed to provide an insurmountable barrier to attackers. Similarly, with the degrees of inter-connection between systems and services in a modern organisation, attempting to lift a metaphorical drawbridge to isolate networks may have severe and unforeseen effects on operations.
Security teams can protect digital systems by having visibility and analysing what is happening within networks and systems. Remaining vigilant for untoward behaviour, and rapidly reacting to an emerging issue, rather than concentrating on constructing a fortress to keep everything that is bad outside.
In less than a year, data breaches of the most important provisions could lead to fines of up to €20 million or 4% of a company’s global annual turnover. If the threat of a cyberattack doesn’t make business leaders take notice, General Data Protection Regulation (GDPR) will force them to. As part of the new regulation, businesses must prove that they are doing everything in their ability to protect their customer’s data, and report data breaches within 72 hours.
To achieve these requirements, security teams must ensure that defenses are in place, but also understand how data is used, and are able to spot when unauthorized access occurs.
Monitoring network activity, combined with the usage and storage of sensitive data, allows security teams to spot abnormalities to investigate further. Through adopting appropriate security tools, the majority of threats can be blocked automatically, freeing up security operations teams to spend more time on researching, investigating and analysing unusual activity.
It is in this unusual activity that the most devious and dangerous threats can be found. These are not the threats to be stopped at the perimeter. This combination of intelligence, analytics and technology is powerful. By using analytics, not only can businesses see what is happening in real-time, can learn from the past to help them make important cybersecurity related business decisions of the future.
Ultimately, the network needs to be seen as the hunting ground for the Sherlock Holmes’ of the cyber-world. This constant searching of threats needs to be adopted by businesses as not a luxury, but as usual practice and an absolute necessity in order to keep up with and combat today’s threat landscape.
This attitude needs to be embraced by businesses and infiltrated into not only the culture but the core of the organisation. From the board room, right down to the grass roots, everyone must understand the true velocity of cybercrime and the importance of taking today’s threats seriously.
Today, increased visibility, transparency and trust is a must to ensure we keep control of the cyber-storm. It needs to be understood that threat hunting isn’t a 9 to 5 job, threat hunting never sleeps. Today’s technology means businesses have the tools needed to ensure they remain one step ahead of the bad guys – it is ultimately a case of adopt security measure now, or pay the consequences.