How do you search for something that’s invisible? An increase in the sophistication of cyber attacks means that it takes an average of 146 days before a corporate hack is discovered. Modern breaches are a mix of chameleonic deception and clever automation, enabling malicious code to be concealed deep inside the corporate network. In the battle to fight cybercrime, discovering the undetectable is a challenge CISOs face every day. With this in mind, organisations must turn to new and innovative methods of discovery such as threat hunting, the process of proactively searching networks to detect and isolate sophisticated threats.
Hackers cloaked in camouflage
In the search for vulnerabilities cloaked in camouflage, a change in approach and perspective is key. In astronomy, for example, planets can often be hard to find because they are so much dimmer than the stars they orbit. To tackle this, physicists do not look for the planet itself, but instead measure shifts in the velocity of the planet’s parent star caused by the influence of its orbiting companion. In other words, they stop looking for the unseen object itself and look instead at the effect of its behaviour on the things they can see.
As the sophistication of cyber attacks grows, it is getting increasingly difficult to find hackers hidden inside the system. Most security products are good at detecting known threats, but can’t do much to spot malware that’s designed to be invisible. That’s why it makes sense to switch to a behavioural strategy, such as threat hunting. To spot the chameleon, CISOs must begin searching for the impact of the malicious code, and not just the code itself.
The spiralling cost of failing threat prevention
The implications of failing to spot a malicious intrusion can have disastrous effects to an organisation’s bottom line. From a loss of customer confidence and the potential theft of intellectual property, to corporate fines for the non-compliance of data security. The cost of dealing with the fall-out of security breaches can far outweigh the cost of preventative cybersecurity measures. In its annual Cost of a Data Breach Study 2016, the Ponemon Institute reported an increase in the average cost of a data breach from US$3.79 million to US$4 million.
However, this cost is set to spiral over the coming years, pushing the priority of prevention high up organisations’ lists. With the introduction of the General Data Protection Regulation (GDPR) coming into full effect in May next year, we will see a significant change to the regulatory landscape. From 2018, disclosure of a data breach will become mandatory and fines may stretch to 4% of revenue, posing significant cause for organisations to reconsider their security measures.
The introduction of GDPR will not only increase the pressure on organisations to keep personal data secure but, in the case of a breach, will also mean that CISOs will need to ascertain how and when defences were breached. This information could prove vital in determining the size of fine the organisation must pay if they haven’t taken adequate steps to prevent a breach.
Investing in resources
The threat of GDPR will make it tempting for organisations to throw extra resources at keeping criminals out, expanding the size of cybercrime teams and investing in new technology. The problem is that the combination of growing hacker sophistication and the complexity of existing systems is already creating more alerts than cybersecurity teams can handle.
The vast majority of these alerts are false positives, incidents that turn out to be harmless but which must nonetheless be investigated. These incidents suck thousands of hours out of already-stretched administrators. That’s why organisations are increasingly relying on automated security solutions – intelligent technology that can protect organisations from being attacked by hackers without the need for human effort.
Threat hunting: A combined effort
This is a promising start, but won’t be enough. If CISOs are to find the invisible, they must discover attacks that operate beyond the reach of automated protection and monitoring measures. In other words, they need to find the planets that can’t be seen.
Effective threat hunting relies on the combined effort of human and automated machines. It would involve human-driven behavioural analysis, complemented by the automated collection of data on unwanted changes to authorised programs and software. It is this collection of data that can be too time-draining and prone to error for humans to tackle. Instead, this combined human-machine approach reduces the risk of malicious code avoiding detection, enabling security teams to keep the organisation’s sensitive data safe.
A solution to the increasing threat posed by hackers is possible. What it requires is for organisations to re-think their approach. They must utilise the extent of human talent, and take advantage of the potential of automated technology. Stop asking humans to do the impossible, and halt the search for the invisible. By implementing threat hunting tactics in an organisation, CISOs use the best resources on offer to keep vulnerabilities at bay. With the introduction of GDPR only a year away and customer loyalty as important as ever, businesses must tighten their defences now to prevent becoming the next headline story.