Why Risk Detection Is Always One Step Behind
WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Detecting security incidents can often extend to years, leaving systems and data at risk for an unacceptable amount of time.
At this point, it's safe to assume that no system, device or database is completely safe from hackers and attackers. A seemingly endless stream of news stories about breaches—and the increasingly nefarious methods used by cyber-criminals and state-sponsored terrorists—is nothing short of alarming.
"The reality," says Jeremy Samide, CEO of security advisory firm Stealthcare, "is that bad actors are coordinating, communicating, selling information, and doing all sorts of other things in deep, dark places of the internet that nobody knows about."
He reports that an estimated 27 percent of all cyber-attacks today go undetected. Various studies, including research from Ponemon Institute, have found that detecting incidents can sometimes extend to months or even years. Meanwhile, systems and data are at risk—or they have been compromised.
And the problem keeps getting scarier and bigger. In recent months, United Airlines and Delta Airlines have both experienced system outages. While neither admitted that the problem is due to a cyber-attack, security experts believe that there's a reasonably good probability that these disruptions were caused by hackers.
In Delta's case, four days of canceled and delayed flights topped out at around $100 million in lost revenue. Overall, about 2,300 flights were cancelled.
There's also evidence that 911 emergency systems are at risk and that hackers have broken into election systems in Arizona and Illinois. CBS News reported that the Department of Homeland Security will soon send out an alert to election officials across the country about the intrusions, which may be originating from a foreign country.
The problem with today's environment is that it's a seemingly endless arms race. However, a blacklist can only catch what's on the list. "The vector and specific threat changes and, as a result, the underlying risks detection methods are always one step behind," Samide says.
The Enterprise Strategy Group has reported that only 29 percent of organizations monitor sensitive data access on a continuous basis.
AI and deep learning may offer some help but they remain in the early stages. For now, CIOs and other enterprise leaders must focus on a few key things. These include: keeping the board informed and involved; prioritizing data value and protecting it accordingly; using threat intelligence platforms that identify emerging risks in real-time; and educating employees.
The latter is absolutely critical. Employees open about 30 percent of all phishing e-mails, according to Verizon. Ponemon Institute research indicates that nearly two-thirds of breaches are caused by human error or system glitches.