Is it Time to Resuscitate Prevention?

According to recent research by Kapersky 86% of CISOs now believe that data breaches are inevitable. This kind of thinking means that most security teams are focusing their efforts, and budgets, on palliative measures, damage limitations, risk offsets, and securing back-ups to restore areas that have been damaged.

This unfortunate perspective was born out of the 2013-2015 “big breach era”, and has effectively constrained the strategic dialogue around reactive, after-the-fact focus. Meanwhile, we’re ignoring the possibility that we can respond to security issues in real time and in the process prevent both data breaches and today’s destructive incidents at the same time. 

Inevitability of data breaches? 
The overwhelming speed and velocity of todays’ cyber attacks  is one of the main reasons breaches have come to be seen as inevitable, and has contributed to the prevailing understanding that security incidents are indistinguishable from data breaches. If we look more forensically at what a data breach is, we can begin to see where the opportunity lies for intervention.

All data breaches begin with an incident, but not all incidents lead to data breaches. An incident occurs every time the security systems are compromised, a breach only occurs when data is taken out. 

The majority of impact to organizations today is in the form of fast-moving destructive incidents, and not in the form of “low and slow” drawn-out attacks focused on espionage and exfiltration; a marked change from five years ago when breaches ruled the headlines.

When a security provider talks about stopping breaches, it’s because they don’t have the core technology to prevent incidents, and are more tuned towards after-the-fact reactionary intelligence and capabilities often crown-sourced from other victims of previous breaches.

What makes attacks so difficult to defend against?
Whilst attacks happen at “machine speed”, attempts to restore systems or repel attacks must all be done manually, often taking days, if not weeks. It’s easy to see how any kind of defense against data breaches seems pointless.

Worse, it is even less viable for such legacy technology to be able to defend itself against even faster-moving, destructive threats on the heels of the WannaCry and NotPetya worms of 2017, and attacks today such as Dopplepaymer and Maze

There is a hyper-imperative to shine a spotlight on the runtime, the microsecond-by-microsecond machine speed of attacks. Solutions need to offer deep visibility and high levels of automation, as well as autonomous self-defense, to surgically remove threats as they are happening and return to a trusted, unaffected state of operation. 

What’s the true cost of “inevitable” data breaches?
In data breaches becoming increasingly publicized within the IT security world, why are they now seen as “inevitable”? 

The answer lies in data recovery becoming a knee jerk reaction to data breaches rather than implementing adequate prevention methods to mitigate the threats in the first place. For the last five years, industry pundits have exclaimed “it’s a matter of when, not if” when it comes to breaches.

As we head into 2020, this doesn’t need to be the case. As defenders, we can now dominate and take control of what happens on our own devices and do so at machine speed and with full AI-powered contextual awareness.

As defenders, we are becoming increasingly alerted to the cascading costs of security incidents; the downtime as production grinds to a halt, the time it takes to restore from backups, and not to mention the almost impossible to quantify reputational damage to the organization. If we are building our defense correctly, we, the defender, only need to be right once to effectively stop any attack in its tracks.

What can we do about it?
Fortunately, we have the technology now to respond to incidents, at machine speed, as they happen. Using adaptive auto-defending technologies, and contextually enriched intelligence, we can keep up with attackers in the microsecond-by-microsecond steps they carry out on traditional and cloud or virtual endpoints. Technology can rapidly identify malicious actions and start to tackle them, surgically removing them and the risk they pose.

Intelligent, autonomous, self-healing computers, capable of detecting threats even when IoT devices are introduced to the eco-system, allow us to anticipate and outpace the speed of attacks in this new era of “code-on-code” cyber warfare we have now entered.

By first changing our thinking about cybersecurity and being more ambitious about prevention, we can lean into new technologies to match cyber-attacks blow for blow, moving at the same machine-speed they operate with.

As long as we continue to invest in new technology and anticipate the velocity of the threat landscape, prevention will remain better than cure, no matter whether we are still focused on just stopping breaches or whether we are leaning forward to prevent today’s fast moving destructive attacks.

What’s Hot on Infosecurity Magazine?