Despite the $124 billion that Gartner estimated organizations would spend fending off cyberthreats this year, the frequency and severity of incidents continues to grow. A report by Nominet found that the majority of chief information security officers (CISOs) lack the necessary resources to defend their organizations. And an informal survey of 22 industry executives, chief technology officers (CTOs), security analysts and independent security experts last year by SiliconAngle found unanimous agreement that the cybersecurity problem is getting worse.
Is there hope of turning the tide? Many experts say yes. New technologies such as machine learning are showing promise, information-sharing consortia are springing up to enable better collaboration and organizations are finally taking cyberthreats seriously enough to apply more discipline to using the tools they already have.
Solid Processes Are More Important Than New Tools
I recently contacted a group of security experts to ask them one simple question: “What is our best hope to reverse the momentum in the fight against cybercriminals?”
Most organizations could blunt the vast majority of cyberthreats by making better use of the tools they already have and protecting their most precious data.
“We need to prepare our organizations for an attack rather than expecting frontline security solutions to prevent them every time,” said Adam Kujawa, director of Malwarebytes Labs.
Among the steps Kujawa recommends are segmenting critical data into a protected subnetwork, performing frequent backups of valuable data using versioning and encryption, giving users easy ways to report suspicious activities, and creating and rehearsing an incident response plan to quickly identify infected systems and restore critical data.
“Take the stance of someone who has been attacked and develop plans based on that stance,” he added.
Security journalist David Strom echoed Kujawa’s advice about preparing for the inevitability of cyberattacks. In addition to segmenting your network, “enforce least-privileged access, because hardly anyone needs to have administrator rights,” Strom said. “Vet your disaster recovery and backup procedures, and set up fallback communications plans like email, text and voice in case they are hit.”
Veteran CTO Jim Stikeleather, who is now a professor at the University of South Florida’s Muma College of Business, agreed that process is more important than new tools. According to Stikeleather, of the six critical elements of cybersecurity — anticipate, protect, detect, react, respond and repair — most organizations focus primarily on protection and neglect the other five. By thinking more holistically about the problem, organizations can change their focus from “cybersecurity to cyber resilience.”
“Resilience is even more important when you consider the increasing interdependence of systems across individual identities, organizations and governments,” Stikeleather said. “Systems need to be redesigned with humans integrated with the computer systems, while moving beyond a strictly perimeter approach.”
His comments validate research by Experian and Ponemon Institute, as well as others, that humans are the weakest link in the cybersecurity food chain, making a well-trained workforce one of the best defenses.
Technology Will Help Improve Detection and Response
There are also some bright spots on the technology front in the areas of both detection and response. The proliferation of connected devices has dramatically increased the volume of security data that needs to be monitored and analyzed, noted Mary O’Brien, general manager of IBM Security.
“Humans are drowning in the sheer volume” of this information, she said. Machine learning algorithms, which apply specialized calculations to large data sets to enable computers to discover patterns and correlations that might elude humans, can relieve the burden of dealing with the deluge.
“Using machines to pore over the vast quantities of data, organize it, analyze it and separate the critical indicators of cybercrime from the noise is our greatest hope,” O’Brien said. “The only solution is to get value out of artificial intelligence.”
Orchestration and automation tools can also cut down significantly on human labor by automating routine tasks and ensuring consistency and repeatability, according to Ted Julian, vice president of product management and co-founder of IBM Resilient.
That value can be amplified with better sharing practices. Enterprises have historically been reluctant to share security information for reasons that range from compliance to competitive advantage. However, with the advent of community services like IBM’s X-Force Exchange, collaboration is now simpler and safer.
“Information sharing can allow us to collaborate and collectively respond, and our adversaries already do this,” Julian said.
Start With Education, Preparation and Application of Best Practices
There are certainly some technologies on the horizon that have intriguing potential. However, the answers above suggest that education, preparation and rigorous application of existing best practices are better solutions than throwing money at the problem.