Keep Your Eyes on the Threat Horizon to Improve Incident Response
The ever-growing list of cybersecurity threats looks like something out of a 21st century version of “The Wizard of Oz” — but instead of lions and tigers and bears (oh my!), today’s security professionals must contend with Internet of Things (IoT) data leaks, fragmented cloud infrastructures due to regulations, augmented intelligence (AI)-powered malware and trusted professionals creating a new type of insider threat. This is just a small sample of the emerging threats looming in the shadows of cybersecurity.
Why should you care about tomorrow’s threats today? If you have a better idea of what’s coming over the threat horizon, you can create a better incident response plan to limit or prevent these threats from affecting your data, business and customers. Luckily, forward-looking studies such as the Information Security Forum (ISF)’s “Threat Horizon 2020” report allow business leaders and chief information security officers (CISOs) to better strategize and develop a proactive security system.
Threats Are at an All-Time High
It’s not a stretch to say that we are at a breaking point in cybersecurity. In fact, the final quarter of 2017 saw threat levels at an all-time high. One reason for this surge is that the bad guys are constantly recreating the threat horizon itself, developing new tactics and upgrading strategies for old tactics.
The ISF report noted that technology is outpacing security controls and the pressure to keep up with threats is skewing security professionals’ judgment. Let’s take a closer look at how these two themes fit into the threat horizon, and explore how organizations can overcome these hurdles and improve their incident response and security control systems.
Technology Outpaces Controls
A few years ago, the average person knew nothing about the IoT, and clouds were still just fluffy white things in the sky. Now, everything in your house can be connected and controlled by an app on your smartphone through cloud computing architecture.
Many vendors are more concerned with introducing their technology into the market as quickly as possible than they are with securing those apps and devices. The bad guys know that security controls are an afterthought and take advantage of this lack of awareness to spread malware in novel ways that catch security teams off guard. Take the Mirai botnet, for example, which used IoT devices to infect networks and take down popular websites with a massive distributed denial-of-service (DDoS) attack.
Pressure Skews Judgment
All these new technologies can put a serious strain on your network. Couple this with ever-changing regulations and the growing burden on employees to be diligent about threats, and you have an environment that is filled with pressure, which can affect security professionals’ judgment. They know they have to provide good security platforms, so they may be tempted to focus on quantity and not quality — adding all the bells and whistles of a top security system but not covering the basic areas that need higher levels of protection. They may put a lot of emphasis on perimeter security, for example, when the greatest risk area is actually privileged access management.
Scoping Out the Threat Horizon
Security incidents occur largely because organizations are unprepared. Cybersecurity has long been reactive rather than proactive, focusing on response before prevention. By the time a threat is addressed, the damage is done. This is only going to get worse given the increasing sophistication of the attacks looming on the threat horizon.
“Over the coming years, the very foundations of today’s digital world will shake — violently,” said Steve Durbin, ISF’s managing director. “Innovative and determined attackers, along with seismic changes to the way organizations conduct their operations, will combine to threaten even the strongest establishments. Only those with robust preparations will stand tall.”
Yet, surprisingly few companies have robust preparations in place. A solid incident response plan requires more than just a security platform or a security operations center (SOC). It should take into consideration the scope of business operations and where the greatest risk lie. For example, what kind of incident would constitute a catastrophe for the organization versus a mere inconvenience?
If security professionals don’t understand the company’s risk tolerance, they cannot institute the right type or level of response. The response plan should also designate who is in charge and who has authorization to address potential threats. Finally, incident response requires teamwork. Business leaders must determine when the legal team should be brought in and who will act as the voice of the company in a worst-case scenario.
By keeping their eyes fixed on the threat horizon, security professionals and business leaders can develop the right incident response strategy and put the organization in a better position to fend off the lions, tigers and bears looming in the shadows of the cybersecurity landscape.