#1280309: Tomorrow’s attacks today: How to defend against next-generation cyberattacks
Imagine sitting at the end of a fishing pier staring at the ocean on a fine summer afternoon with hardly a breeze in the air. The sea is flat and quiet while you hear the lapping of waves on the beach. You know that beneath that calm surface might well be sharks, jellyfish, eels, manta rays, the Atacama Snailfish, or any number of predators. The sea might look quiet but it is anything but.
The same could be said for an IT security staffer as he or she looks out over a calm and quiet office while all the time knowing hidden just outside its network are cybercriminals, hackers, and script kiddies who are trying to force their destructive ways on a company’s critical business systems.
For IT security teams, that constant battle is made even more difficult because no one knows for sure what type of attacks will be next, meaning security workers have to be ready for anything at any time. Like the Atacama Snailfish, apparently an ancient predator that was only recently discovered nearly 27,000 feet deep on the floor of the Pacific Ocean, cyber predators have a knack for keeping themselves well hidden, only coming into the light if they are identified accidentally.
CISOs and security teams use many types of cyberdefenses, ranging from antivirus and antimalware to threat prevention software; identity and access management software to security appliances such as firewalls, universal threat management systems, and gateways; to a plethora of other hardware and software tools. But with new attack vectors being unveiled by the bad guys all the time, IT security leaders must always be thinking and looking ahead for the next potential security vulnerabilities and attack targets so they can prevent or minimize successful attacks against their businesses.
The questions the cybersecurity leads ask themselves tend to fall within a common set of priorities: Where should IT teams start today? How can IT security leaders prepare themselves and their systems for new kinds of attacks, some of which they’ve probably not imagined before? How can they fight back effectively and protect their company’s key IT assets? How can they stay a step ahead of the bad guys, no matter what shows up at their firewalls and digital doorsteps? In many ways, these are the same questions CISOs ask themselves about zero-day attacks. The difference is, here there are many more variables to consider.
Attacks today are often masked as valid data transmissions or come in as simple emails or messages, fileless attacks that take the form of queries that ask a user to take an action, which if initiated will unknowingly create a breach. This makes some of the latest attacks even more treacherous because they can unleash something that a company’s standard security software and hardware defensive measures fail to identify as malicious.
The threat landscape has been changing especially quickly in the past few months, says Alessio De Luca, a security consultant and digital transformation manager for Florence Consulting Group in Florence, Italy.
“The most important trend that IT security pros need to recognize is the evolution of malware against signature-based, traditional antivirus systems,” says De Luca. “From fileless malware to zero-day attacks, the traditional analysis of fighting threats already known by antivirus systems is not enough anymore. Unknown threats are the real issue nowadays.”
The clear pattern being seen in IT security today is that static defenses are no longer a reasonable way to protect companies, he adds. Worse, due to the evolving methods used by attackers, the most dangerous new threats will come from apparently valid system processes that take advantage of the trust or familiarity of users.
“Every endpoint should be protected,” says De Luca. “Threats are increasingly moving from the core to the edge of the network.” And to make those endpoints most effective, they should include strong artificial intelligence (AI) and machine learning (ML) features that use algorithms that change and counter in real time when threat landscapes change, he says. “It’s the best option we can choose at the moment to protect companies’ infrastructures.”
AI and ML are powerful and essential up and coming tools in the fight for more secure IT systems because instead of just comparing network activities to a static list of known threats, ML and AI examine user and application behaviors in real time, recognizing suspicious activities even when threats are unknown or processes are masked as valid, says De Luca.
Using AI and ML tools, IT security teams will gain many innovations in the fight against cybercrime. “The growing number of attacks won’t be manageable without the computing power of AI and ML,” he says.
Another nascent trend is the inclusion of more security features at the hardware level, rather than just through software barriers, De Luca says. A breached hardware component will block itself to protect the rest of the network, making it an important tool in a company’s security perimeter.
“There’s no such thing as 100 percent security, which is a truth that IT pros often fail to recognize,” says De Luca. “All that we can do is compartmentalize the company systems into smaller sections and apply the latest innovations to improve the overall security.”
Not everything in IT security involves hardware and software, notes Steven Durbin, the managing director of the London-based Information Security Forum (ISF), an independent, non-profit global authority on cybersecurity and risk management.
Anticipating tomorrow’s IT security attacks also means understanding human behavior in the workplace, says Durbin. “We know that IT security guys are always trying to just keep the wheels on to keep things going. I think they’re relatively okay with being able to deal with it provided they can anticipate it. The piece they’re not so good at involves the people-centric area, the humancentric security needs. It’s really about trying to understand how people act, respond, and behave.”
In that case, what is needed is a new approach for IT — understanding more about the psychology of their users, says Durbin. That means educating users so they do not continue to click on phishing emails from people they do not know and other common security gaffs, despite constant lectures about avoiding such behaviors.
“That is the root, the really challenging piece, because those skill sets are not natural for an IT security guy or for the CISO,” says Durbin. “Some of the smarter organizations I’m aware of are doing things like hiring psychologists to help them understand how users react and to get a better handle on what might be implemented from a security standpoint in order to get a better level of acceptance from the user community,” he notes.
Emphasizing the point, Durbin adds: “Yes, I mean having such staff in the security department — a trained psychologist,” he says. The ISF is conducting research on this topic along with several universities because it is an issue that more and more companies will likely begin to address, he adds.
That’s right. Durbin thinks more businesses need to hire psychoanalysts to help change the poor IT habits of their users.
“Before you roll out any new piece of a security program, you need to be positioning it with the people who are going to be receiving it and understand how to position it so you get their emotional buy-in,” he says.
The idea, he says, is that users react best to security lessons if the lessons really hit them hard emotionally, like when the lessons relate to protecting their children from online threats. If IT departments provide training in that context, the lessons will hit with much more impact for users and they will remember the lessons and even share them with others at work, he says.
“The whole thing that we’re missing is that people in business are also people in their homes,” says Durbin. “So, if you teach me, or if you give me guidance on how to keep my kids safe online, I will remember that.”
Those connections will help corporate workers bridge that gap between what happens in their workplace and at home and will help achieve a much higher degree of security effectiveness than those that focus solely on the business environment, according to Durbin.
Read rest in the link
|Date added||Oct. 9, 2019, 4:16 p.m.|