Hacks have become common and their threat is growing. The company no longer watches hacker movies, but hacks reality
Firewalls are a proven prevention strategy, but many companies with world-class firewalls (such as expensive ones) are also “affected”
As the holidays approach, online merchants, banks and government watchdogs are emphasizing the need to be ‘cybersecurity aware’ – but is there anyone in the connected world who is not aware of the dangers of lax cybersecurity?
Approaching this on a one-to-one basis, 40% of the world’s population fell victim to the infamous Yahoo data breach in 2013. New revelations indicate that some 3 billion accounts have been compromised – nearly 100% of those. in the world who have Internet access. Of course, that doesn’t mean everyone had a Yahoo account (some users may have two, three, or more) – but there’s no doubt that the breach made many, many people understand the importance of to protect yourself. online and the vulnerability of our collective online identities.
But as with many other plagues, mounting damage is not noticed because it is incremental; it’s only when you step back and look at the whole picture that you realize the enormity of the problem.
> See also: Hackers: who are they and what motivates them?
Almost 1,100 major data breaches (and god knows how many minor) were reported in 2016, 40% more than a year earlier, according to the Identity Theft Resource Center. 2017 is on track to beat that; this year’s high-profile hacks included the compromise of huge amounts of data from River City Media, Dun and Bradstreet, IRS, OneLogin, Verizon, Equifax, SEC and many more.
A study by Ponemon and IBM indicates that data breaches cost companies around $ 4 million each; by 2019, losses from cybercrime will exceed $ 2 trillion, according to Forbes. And as the frequency – and costs – of cyber insecurity increases, spending on cyber defense is increasing and is expected to reach some $ 90 billion in 2018.
Why is this happening? Why do hackers always seem to have the upper hand? There are only two possibilities; Either hackers are smarter, smarter, and smarter than the people who protect systems from their attacks, or victims are taking the wrong approach to protect themselves. The first can be rejected out of hand; a review of the requirements of the many open cybersecurity positions available on a large online job site indicates that applicants should have advanced degrees, a multitude of certifications, experience, management skills, leadership skills, the ability to work as part of a team, autonomy – in short, they are expected to be very professional, certainly as competent (if not more) than the “genius” hackers they are supposed to face.
> See also: Cyber security from a hacker’s perspective
If so, then it must be the latter; The design and execution of the concept of “cybersecurity” is missing an important element, the absence of which is hampering our efforts to stem the rising tide of data breaches. What that factor might be is for everyone to guess – and I think it would take us a long time to make that guess. Instead of looking at the trees, we should look at the forest. The “tree” in this case is the concept of “detection” that many companies use to prevent attacks.
The detection / response model has been in use for years, and for many it is the primary approach to cybersecurity. And as such, given the poor state of cybersecurity, it’s fair to say that technologies like antiviruses, sandboxes, and even EDR (Endpoint Detection and Response) may be in need of a bang. inch, or even a replacement. By definition, an attack can only be detected and / or responded to once it has occurred – and sadly, this opportunity to attack is all sophisticated hackers need today.
An antivirus system, of course, needs to be aware of malware in order to prevent it, and even with a sandbox in place, there are new strains of malware that can hide their true “intentions” while in the process. sandbox (by detecting an environment where non-standard activity is taking place), and then activate when they enter a functioning network. EDR is a major improvement over both of these approaches, but even here there are drawbacks; In an EDR system equipped with sophisticated tools that sift through data and intelligently analyze it to determine if a specific connection is a threat, zero-day threats can still pass if the malware is sufficiently designed. And the likelihood of false positives that consume RSSI resources increases.
What will work then? An enhanced prevention approach, coupled with the application of artificial intelligence and machine learning, could go a long way to keep hackers at bay. In a prevention approach, hackers are kept away from opportunities to attack systems; if they can’t get in, they can’t compromise security.
> See also: Nation-State Hacking: A Long History?
A good example is web isolation, where web content is rendered in an isolated area before being passed to the endpoint. According to Gartner, “Information security architects can’t stop attacks, but can limit the damage by isolating end-user Internet browsing sessions from endpoints and corporate networks.”
CDR – Content Disarm and Reconstruction – which dissects and analyzes the components of files before they are passed to the endpoint is another prevention technology that could prevent bad actors from entering altogether. If any malicious code is found, it is removed, then the files are rebuilt and delivered to the system, keeping all functionality intact.
On the detection side, machine learning could be used to improve anti-virus systems; many zero-day attacks are derived from existing malware, so a system capable of detecting the similarities between a new attack and an attack that occurred in the past could form its own “opinion” and determine that new malware is a threat – without having to wait for someone to update their signature file.
Currently, antivirus companies collect data from users and evaluate it for anomalies to determine if a zero-day attack has been discovered. At this point, they will be added to the anti-virus signature file and distributed to clients.
In a machine learning scenario, the server would collect this data and automatically learn anomalies, self-learning each time new data arrives at the finer points of anomaly activity.
After a few passes, the system will be smart enough to immediately update the connected clients based on a possible virus that has manifested itself even on a single computer in its network. Microsoft is working to build a network like this.
> See also: Nation-State Hacking: A Long History?
Firewalls are a proven prevention strategy, but many businesses with first-rate firewalls (such as expensive ones) are also “affected”. This can be due to common administrative issues, such as failure to change default passwords, inability to patch firewall systems with the latest vulnerability updates, or even the wrong one. configuration of files, which could compromise a firewall.
An artificial intelligence-based survey could help solve these problems; there are too many details in any security system for a high level administrator to track, and besides firewalls there are probably a dozen other security systems that IT teams must keep track. Here too, AI will be able to identify anomalies and strengthen perimeters in real time, analyzing the small details that could allow breaches while learning what attacks and anomalies look like on a network.
Ditto for detection / response systems. EDR was mentioned as an emerging security solution that has some drawbacks, but an EDR system that incorporates machine learning – making it easier to detect business patterns and intervene to thwart attacks before they do. they cannot take off – could prove to be an effective obstacle to pirate activities. These are just a few ideas on how the security industry can turn the tide against hackers. Current tools, processes and strategies are not working.
Source Itay Glick, CEO of Vôtiro