Every week we see more headlines in the press about new cyber-attacks and security vulnerabilities affecting millions of consumers and businesses around the world.
Massive data protection scandals such as Equifax – where 143 million individuals' personal data were exposed in a hack that could have been prevented by a simple patch – now seem to happen on a worryingly regular basis.
Meanwhile, the cybersecurity industry seems to be sitting pretty, with business revenues in the sector growing by an estimated 11% every year. A recent report from Cybersecurity Ventures forecast that global spending on cybersecurity is expected to exceed $1 trillion between 2017 and 2021. Given the ongoing list of high-profile security breaches, is the cybersecurity industry really offering its customers value for money?
The statistics would suggest that it is not. The number of businesses falling victim to attacks rose by 21% in the US last year, and doubled in the UK in the past two years. Figures show that there were 918 data breaches compromising 1.9 billion data records in the first six months of 2017, up 164% compared to 2016.
A primary cause is the rise in mobile and smart device usage within companies, with network perimeters becoming edgeless. This, in turn, means that there are more points of vulnerability, giving attackers an increasing number of access points.
Given that networks have evolved steadily in the past few decades – from wired to wireless – many long-standing cybersecurity methods simply are not up to scratch. Firewalls and anti-virus software, for example, are purely preventative tools and have become less effective over time.
Lockheed Martin’s Kill Chain Model – on which many businesses base their cyber defenses – focuses largely on malware and intrusion but, crucially, does not take into account the detection of threats that make it past the perimeter firewall.
In a world where businesses are becoming increasingly digitalized, detecting anomalies and defending a blurred perimeter is beyond human capability. A more effective approach is based on the principles of Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK), which can deliver better value for cybersecurity customers.
This model shifts the focus from preventing attacks to detecting threats once they have broken into the network. Spotting a cyber-criminal that has already made it inside is a better allocation of resources, considering how common cyber-attacks have become.
The ATT&CK model seeks to provide a detailed analysis of attacks that have penetrated the network, and provides practical information to cybersecurity specialists on threat behavior and remediation. By sharing the information with the wider cybersecurity community via a database, analysis can boost defenses and improve the anticipation, prevention, detection, and response to cyber-attacks worldwide, not just within a single company or country.
The key to effective cybersecurity lies in the ability to spot threats in every area of the edgeless, wireless network. But it does not stop there: the future of cybersecurity must turn its focus to detection-based anti-threat software that incorporate Artificial Intelligence (AI) and Machine Learning (ML) systems, capable of not only detecting suspicious behavior but counteracting it – and doing so quickly.
The use of AI and ML are crucial if response times are to be improved. When there is an active breach, every second counts. Research from Cyber adAPT and Aberdeen Group reveals faster cyber-attack detection can limit business impact by up to 70%.
This is evidenced by real life examples, such as Oracle, which responded to an application vulnerability as soon as humanly possible, but the attacker had already walked away with $226,000 worth of cryptocurrency in the time it took to discover the threat and create a patch.
To keep up with expectations and promises, cybersecurity providers need to place greater emphasis on the real-time detection of threats and response speed. Faster detection and intelligent, rapid recovery solutions reduce the impact of attacks, and will enable the $75 billion cybersecurity industry to offer better value to its customers – and rightfully so.