As we move forward to 2019, expect credit card and payment information theft to continue to rise. Yes, this isn’t a major surprise; however, if organizations can better address the reasons for the rise in cybercrime, they will be better prepared.
Bolder cyberattacks against digital businesses
The good news: advanced security technologies are constantly being brought to market. The not-so-good news: threat actors are not letting that get in the way; witness more intensified and ever more sophisticated attacks.
Businesses remain vulnerable for the following reasons:
- Third-party components used by many businesses within their digital business environment – shopping carts, for example – present many vulnerabilities that cyber criminals exploit to breach security walls.
- More sophisticated tools, tactics, and procedures (TTP) enhance threat actors’ abilities, resulting in more organized campaigns and attacks of greater magnitude.
- Lack of real-time monitoring and response brings on greater frequency of attacks, which will continue ad infinitum until real-time monitoring and fast mitigation are instituted.
- More script-based malware (like in the British Airways attack), instead of executable malware, means that attackers can easily bypass existing protection mechanisms and not be blocked. The malware simply looks like normal code to the defense system.
- Lack of CISO empowerment reduces his/her critical role in fraud prevention, reputation protection, GDPR compliance, and enforcement – all necessary to ensure the standard of due care required to protect information, customers and employees.
- More legitimate infrastructure (e.g., real addresses and domains) being used as platforms for attacks allows attackers to obscure bad behavior and cover up their tracks. It makes it harder to detect and block attacks.
Getting around this problem requires more targeted threat intelligence and more sophisticated detection and response platforms and, if need be, outsourced, expert-based managed services.
A different look at the next-gen security operations center
Experts looking at 2019s cyber security environment are predicting that the “next-gen” SOC will dominate. That is, security teams will start using more technologies to achieve detection and response versus simply relying on the SIEM alone. Deploying more and more technologies is not enough. In 2019, organizations will need to look at the SOC very differently.
Thanks to these pressing issues – convergence of brand protection with cyber security, CISO’s and CIO’s/CTO’s growing responsibilities (including preventing revenue loss due to fraud and brand infringement, detecting and mitigating attacks before they enter the companies’ perimeters), the critical need for real-time, automated, AI/ML-enabled solutions to detect and respond to attacks – companies will:
- Go over and beyond the SOC itself, appreciating more and more the point of view of a managed SOC that provides what a SIEM-based SOC by itself cannot in terms of effective detection and response.
- Move from the hyped-up AI and machine-learning technologies, which have yet to prove their value, and focus instead on collection capabilities, orchestration, and automation, which demonstrate ROI very quickly.
- Adopt Managed Detection and Response operations that are more focused on advanced threats and compliance than the SIEM.
Next step: Organizations who have reached “security maturity” don’t just need to monitor, they also need to detect, respond and, most of all, manage, i.e., orchestrate and automate all the threat alerts, intelligence, mitigation, and response. According to Enterprise Strategy Group research, just 19% of enterprises have now deployed security automation and orchestration technologies extensively. Has your organization begun?