5 minute read
Highlighting Cyber Threats Before They Darken Your Business
Adapting to polymorphic IT security threats requires not only a 360-degree view of cyber threats, but the adoption of innovative technologies such as AI, without disrupting existing systems, argues Adrian Jones at Gatewatcher.
According to ‘The Cost of Cyber Crime’, a report in partnership with The Office of Cyber Security and Information Assurance in the Cabinet Office, the estimated cost of cyber-crime to the UK is £27 billion per annum. A significant proportion of this cost comes from the theft of intellectual property (IP) from UK businesses, which is estimated at £9.2 billion per annum. The real impact of cyber-crime is likely to be much greater.
Advertisement
Financial institutions are particularly vulnerable. According to the Covid Crime Index 2021 Report, three-quarters (74 percent) of banks and insurers have experienced rise in cyber-crime since the Pandemic began. Indeed, 42 percent said that the remote working model due to COVID-19 makes them less secure and that IT security, cyber-crime, fraud, or risk department budgets had been cut by almost a third (26 percent) in the past 12 months.
The UK’s financial regulator has recently told banks to strengthen and test their defences against the threat of Statesponsored cyber-attacks as the conflict in Ukraine deepens. Systemically important lenders in the UK have also been contacted by British security services, such as the National Cyber Security Centre, with a similar warning. The imperative is to check their ability to identify an attack when it happens and to quickly restore any IT systems that are disrupted.
Cyber-crime is a global phenomenon that affects every organisation, from smaller local companies to American Internet giants.
Real-time multi-vector detection
Private and public organisations have long recognised the need for protection systems such as antivirus software, firewalls, and infection prevention to respond to the ‘classic’ cyber-attacks well-known to the security community. Yet too many are exposed to the threat of advanced targeted attacks that we call advanced persistent threats (APT). A broad term, APT is used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data.
With these attacks increasing in both frequency and aggression, the threat to corporate systems and networks is not as simple as a lack of protection. The greater issue is complacency and the ‘wrong’ kind of protection.
The increased sophistication of cyber-attacks, which often focus on ‘endpoints’ as easier targets for infiltrating a network, have contributed to the rising adoption of endpoint detection and response (EDR) technology that detects and investigates suspicious activities on hosts and endpoint devices such as laptops and tablets. They employ a high degree of automation to enable security teams to quickly identify and respond to threats.
Increasing sophistication
However, for the global banks and financial institutions that we work with, EDR coverage is not enough by itself. Enter network detection and response (NDR) which is a natural complement to the extended detection and response (XDR) platform.
While EDR is based on a software requirement on each of the monitored systems, NDR analyses a copy of the monitored network traffic.
Chief Information Security Officers would never choose between two senses - sight or hearing. We use all five senses and our brains to constantly construct a ‘situation’ thanks to information from the various sensors that are our senses to make thousands of decisions, often good ones, thanks to this information and its context.
Whether it is with our brain or in the context of attack detection, the quality of decisions will depend directly on the information sent by the sensors. First, we must trust and understand this information, and build knowledge through contextual data to drive the step choices in the plan or process
Good protection models combine cutting-edge technologies with artificial intelligence (AI) to address all attack techniques by identifying the distinctive elements of each cyber threat. By analysing every single ‘packet’ of data, right across the network, organisations can benefit from a fully 360-degree view of the level of cyber risk by technology asset and user. These tools combine machine learning algorithms with various state-of-the art network traffic analysis methods to deliver insight rather than raw data and thousands of irrelevant ‘events’.
What companies want: Cloud, Interoperability, and Data Sovereignty
It is important to remember that not all EDR, NDR and XDR solutions are equal. There are dozens of companies claiming to offer these technologies, yet few have the full package. Organisations are rightly concerned about the risk of sending data to the Cloud, data sovereignty and legislation, as well as developing an IT stack that is ‘open source’ enough to work alongside other technologies, such as AI and machine learning. In today’s world, it is necessary to deploy secure products that are interoperable with other systems and network products, such as the EDR or the firewall, intrusion prevention system (IPS) and unified threat management (UTM).
Financial institutions should seek a flexible (cloud, on-premises, or hybrid), scalable and innovative approach that is compatible with new technologies. Multiple types of AI should be used as the sixth sense, supporting and advising the human element within the security chain not forcing unknown ‘AI derived’ decisions. And it must do this without disrupting the existing architecture. A stand-alone platform will allow the local management of customer data which works both in connected and disconnected mode for isolated and confidential networks.
Agility is a daily requirement in the face of a protean and constantly evolving threat. Hackers are very nimble and innovative. We must counter and confront them through the creation of an evolving technology platform that promotes an adaptive solution in the face of future threats.
It has never been more important to facilitate the operations of cyber security teams to enable them to be more efficient in prioritising their remediation actions.
Adrian Jones, Gatewatcher.
Source:
1
2
https://assets.publishing.service.gov.uk/government/ uploads/system/uploads/attachment_data/file/60943/thecost-of-cyber-crime-full-report.pdf https://www.baesystems.com/en-uk/article/covidcyber-crime--74--of-financial-institutions-experiencesignificant-spike-in-threats-linked-to-covid-19
