According to Nextgov, federal government agencies reported almost 70,000 cyber security incidents in 2014 — a jump of 15 percent from the previous year. Private industry is under the same kind of pressure, with recent database hacks like those of ride-sharing service Uber and health care provider Anthem making headline news. The attacks prompt critical questions: What kind of cyber defense do companies currently have in place, and are they effective? In an evolving threat landscape, how do cyber security strategies keep pace?
As noted by a recent Forbes article, cyber security threats take several common forms. While it's tempting to point at malware for the top spot, it goes to something much more low-tech: users leaving mobile devices and laptops in vulnerable places and without encrypted hard drives. Number two on the list is weak passwords — things like Password123 remain popular and extremely dangerous.
Next is malware. This kind of malicious code comes from several sources, but most commonly appears as attachments in “spear phishing” emails which convince employees to download fake video players or navigate to infected websites. Employees can also fall victim to spoofed websites which seem legitimate — and may even have the correct URL — but which have in fact been compromised. Clicking a link or entering personal information into data fields may be enough to start the infection process.
To address IT security locally and in the cloud, organizations currently use several methods. Two of the most popular are behavior-based analytics and “sandbox” run-time environments. Behavior-based tools, which often use heuristic learning techniques to improve malware identification and decrease the number of false positives returned, focus on real-time analysis of code execution in the corporate network. If suspicious activity is discovered, these tools can either shut down the process altogether or simply notify security admins. Sandbox virtual machine (VM) environments, meanwhile, are used when malicious code is detected and companies want the chance to study its structure. Code is allowed to execute in a secure and separate virtual “bubble” with no chance of infecting the system at large.
And according to the Wall Street Journal, CFOs aren't afraid to spend on cyber security tools, with 67 percent of survey respondents indicating they've increased spending in the past 12 months. Almost half invested in external security consultants, while 90 percent opted for new security tools. But is it working?
An Evolving Landscape
Security firm Kaspersky Lab recently reported a new type of POS malware, called LogPOS. The malware can inject code into POS devices and then masquerade as a client, using technology known as Mailslots to record stolen credit card data and then send it off to a command and control (C&C) server. Many POS systems use Mailslots, but this marks the first time security researchers have seen them compromised for the purpose of a data breach. Or consider the recent Carbanak bank attacks, which used email-embedded malware to monitor bank activity and then strike once the hackers collected enough information on passwords and transfer protocols.
The bottom line? In both cases, “traditional” cyber security tools were unable to detect threats before data was lost and defenses were breached. For companies looking to increase their IT security, this necessitates a change.
The Rise of Cyber Resiliency
Addressing the new threat landscape starts with a realization: Breaches are inevitable. This forms the basis of cyber residency protocols, which focus on minimizing the impact of a breach after it has occurred. As noted by the National Law Review, the Federal Financial Institutions Examination Council (FFIEC) developed a handbook to help financial institutions evaluate their cyber resiliency, but many of their recommendations carry much broader appeal. For example, the handbook recommends that companies integrate a multi-layered malware strategy, segregate network access for employees based on project needs and use air-gapped data backups to ensure that information can be recovered even after a “destructive” attack.
So what does this all mean for your business? The traditional notion of cyber defense — keeping threats outside the gate — is no longer viable. Instead, companies must turn their attention to cyber resilience in the form of local and cloud-based security products designed with dual purpose: Detecting potential threats and helping businesses bounce back after an attack.
John Grady is the Senior Manager of Segment Marketing for XO Communications (www.xo.com), where he is responsible for marketing the Cloud products like AWS Direct Connect and Hosted Security. Prior to this, John served as a Senior Unix Administrator for XO for 6 years. He received his B.S. from the University of Richmond and his M.B.A. from George Washington University.
Sign-up for our free newsletter to kick off your day with the latest technology insights, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.