Technology
Highlighting Cyber Threats Before They Darken Your Business
A
dapting to polymorphic IT security threats requires not only a 360-degree view of cyber threats, but the adoption of innovative technologies such as AI, without disrupting existing systems, argues Adrian Jones at Gatewatcher. According to ‘The Cost of Cyber Crime’, a report in partnership with The Office of Cyber Security and Information Assurance in the Cabinet Office, the estimated cost of cyber-crime to the UK is £27 billion per annum. A significant proportion of this cost comes from the theft of intellectual property (IP) from UK businesses, which is estimated at £9.2 billion per annum. The real impact of cyber-crime is likely to be much greater. Financial institutions are particularly vulnerable. According to the Covid Crime Index 2021 Report, three-quarters (74 percent) of banks and insurers have experienced rise in cyber-crime since the Pandemic began. Indeed, 42 percent said that the remote working model due to COVID-19 makes them less secure and that IT security, cyber-crime, fraud, or risk department budgets had been cut by almost a third (26 percent) in the past 12 months. The UK’s financial regulator has recently told banks to strengthen and test their defences against the threat of Statesponsored cyber-attacks as the conflict in Ukraine deepens. Systemically important lenders in the UK have also been 46
contacted by British security services, such as the National Cyber Security Centre, with a similar warning. The imperative is to check their ability to identify an attack when it happens and to quickly restore any IT systems that are disrupted. Cyber-crime is a global phenomenon that affects every organisation, from smaller local companies to American Internet giants. Real-time multi-vector detection Private and public organisations have long recognised the need for protection systems such as antivirus software, firewalls, and infection prevention to respond to the ‘classic’ cyber-attacks well-known to the security community. Yet too many are exposed to the threat of advanced targeted attacks that we call advanced persistent threats (APT). A broad term, APT is used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data. With these attacks increasing in both frequency and aggression, the threat to corporate systems and networks is not as simple as a lack of protection. The greater issue is complacency and the ‘wrong’ kind of protection. The increased sophistication of cyber-attacks, which often focus on ‘endpoints’ as easier targets for infiltrating a network, have contributed to the rising adoption of
endpoint detection and response (EDR) technology that detects and investigates suspicious activities on hosts and endpoint devices such as laptops and tablets. They employ a high degree of automation to enable security teams to quickly identify and respond to threats. Increasing sophistication However, for the global banks and financial institutions that we work with, EDR coverage is not enough by itself. Enter network detection and response (NDR) which is a natural complement to the extended detection and response (XDR) platform. While EDR is based on a software requirement on each of the monitored systems, NDR analyses a copy of the monitored network traffic. Chief Information Security Officers would never choose between two senses - sight or hearing. We use all five senses and our brains to constantly construct a ‘situation’ thanks to information from the various sensors that are our senses to make thousands of decisions, often good ones, thanks to this information and its context. Whether it is with our brain or in the context of attack detection, the quality of decisions will depend directly on the information sent by the sensors. First, we must trust and understand this information, and build knowledge through contextual data to drive the step choices in the plan or process
