New Cyberreality: How to defend against cyber-attacks
World development has become a synonym with technological development. There is no need to convince anyone that technology is everywhere nowadays: in the deepest bottom of the ocean, in space, and sometimes even in humans’ hearts. We are living in a cyberreality.
Thus, we talk about technology as a way to a simpler life, more profound knowledge, better tasks performance. Relatively recently, humanity has developed SMARTphones, has already settled in SMARTcities, and is confidently moving towards SMARTworld. We have made our life dependent on technology. And that’s not a bad thing. But a cyberreality is what we have to reckon with now.
By entrusting such volumes of information to technologies in our new cyberreality, we must make them reliable and confidently trust them. To do that, any company needs to be ready to fight against hackers and have advanced Incident Response service providers around to prevent cybercriminals from accessing the most valuable information of the business and its customers.
Development of cyber threats
Of course, criminals are also taking advantage of this cyberreality. Society already has a lot of countermeasures to this; a number of laws have been enacted to combat cybercriminals. But, let’s be honest, none of these methods of protection stopped the cybercriminals; they didn’t disappear as a social phenomenon, they didn’t think like “okay, since they enacted such cool laws, I won’t do this.”
The hackers make attacks more sophisticated in order to bypass the defences that were used against them. The number of sophisticated attacks has increased and become harder to deal with. Moreover, it looks like cyberattacks have now become an organized crime. Threats that they pose to targeting organizations mostly are no longer random in nature. The scale of attacks increases, the ambitions of hackers grow, and their targets become more serious. Now more valuable is not the money that an attacker can get, for example, in exchange for encrypted information, but the data itself. To effectively tackle these issues requires deep knowledge in the cybersecurity field and understanding the actors’ goals.
Businesses need to change the way they prepare, defend against and recover from cyber-attacks
1. Security by design
Usually, the security phase is skipped during IT development. The main focus remains on functionality, and taking care of security during the entire development period seems to mean slowing down the work process. But it is obvious that the work will go even slower (or not go at all) if the product is hacked, and you have to come back to the very beginning. But those days are over. Now, in the collaborative framework of DevOps (development and IT operations), security has to become an equal stage integrated from end to end – “DevSecOps.” In the past, the role of security was the responsibility of a specific team in the final stage of development. But those days are over because outdated security practices can undo even the most efficient DevOps initiatives.
2. The long view on the incident response
The average time to detect and contain a data breach is 280 days, according to Ponemon Institute. This is too long and means that methods used for detecting and containing are often not suitable. The reason is that most respondents to an incident seek to “clean up” as soon as possible and fail to conduct a root cause analysis. Attacks nowadays are too sophisticated for such an approach, and hackers’ aims are not so easy to understand anymore. The phases of a typical attack illustrate the fact that most perpetrators today have a long view, so the security team needs to have a long view of incident response to reach the roots. Think deeply. Focusing on the brushstrokes, you can’t see the big picture.
3. Network of partners
The requests for cybersecurity services is increasing every year (especially in 2020). The cybersecurity market has traditionally lacked experts. The (ISC) ² study reveals that the shortage of cybersecurity employees in 2020 consists of 3.12 million people. It is not profitable for small and medium businesses to spend resources on creating a whole cybersecurity team (for instance, the average annual cybersecurity salary in North America is $112,000). Most companies rely on internal resources (security engineers) and often have insufficient teams who lack the necessary skills as they are budget constrained and cannot identify and afford to hire experts given the scarcity of talent in a market. The wisest decision is to build a network of partners with digital, analytical, and cybersecurity experts to fill the gaps in capabilities, monitoring the network and detect threats before it causes critical damages.
4. Think about 3d parties
But while building the network of partners, it is worth keeping in mind that in such a hyper connected world, the business should be vigilant even with those whom they trust.
For example, a compromise and injection of the code through a third party provider (supply chain attack) will impact all customers who use its software.
This means the attack on a single company easily may spread to its customers’ network (like it happened with Solarwind). The only decision is to be “zero-trusted” and ready for an incident. Keep your business cyber reclinant: have 24×7 implemented monitoring for the network and individually developed incident response plan.
Keep abreast of the latest news
It is impossible to provide the business with solid protection in this cyberreality, staying in an information bubble of the only circumstances of the company itself. Any day, the one super-intelligent hacker may invent something you need to protect from. Have people who are ready to effectively fight against the most sophisticated attacks. And follow the trends in the industry of cybersecurity for not to fight windmills while missing the real threats.
