- Build a 10ft wall, and the hackers will use an 11ft ladder
- Insider threats just as dangerous as external threats
DATA breaches have consistently appeared in the news over the last couple of years, from the Target and Sony hacks, to the US Office of Personnel Management breach – and those are just the high-profile cases.
It would seem that companies have learned nothing from these, but that might not actually be the case, according to Darktrace’s Asia Pacific managing director Sanjay Aurora (pic above).
“Companies are learning – probably the hard way, but they are learning,” he told Digital News Asia (DNA) in Singapore recently.
“This goes back to the fundamental issue, where we work with the belief that we can stop the bad guys from coming in,” he added.
Investment has thus been poured into technology to protect the perimeter, but the threat actors of today have the motivation, resources, technology and backing to break through such barriers.
“Organisations still think they can build 10-foot walls, but they [cybercriminals] can bring in 11-foot ladders,” Sanjay said.
He said that a lot of businesses are coming to the realisation that a strategy to prevent cybercriminals from getting in is no strategy at all.
Finding the gaps
The Bring Your Own Device (BYOD) trend, where more personal devices are being plugged into corporate networks, is bringing with it new gaps that few are monitoring.
“The way we work today, our personal and professional lives are getting intertwined and it is clearly a complex problem,” said Sanjay.
“It is a tough job for the CISO (chief information security officer) to educate and discipline employees,” he added.
There is a big gap between conventional security and the way people work now, one that cybercriminals have taken advantage of.
“Mobile devices, air-conditioners, printers – anything that is connected to the network brings in a new level of risk today,” said Sanjay.
“We just found, in a trial with a company with a hygienic network, that their videoconferencing device was not patched because the guys who bought it didn’t think it needed it, and the device sits on their network,” he added.
Enter the machine
Security experts and vendors are saying that one needs visibility into the network as part of a layered security strategy, but with petabytes of data moving at the speed of light, human monitoring is no longer viable.
Enter machine learning technology that uses analytics to flag unusual behaviour, thus signalling the need for human intervention.
But while many security vendors have talked about it, machine learning still lies along the perimeter rather than sitting internally to analyse threat intelligence and signatures – something that Sanjay believes will change.
“The adoption rates [for machine learning in security] are going to be accelerated, irrespective of technology, industry, or company size,” he said.
“The fastest growing segment will be in detection, and we will see a lot more action in this space,” he added.
CISOs are seeing the importance of not just securing their perimeter, but being able to see their network traffic as well.
“CISOs are definitely converted … moving towards insider and unknown threats, and zero-day issues,” Sanjay said.
Having a machine within a network to learn what is normal and flag unusual behaviour – whether it is from users or data traffic itself – can decrease the time taken to detect a breach, which stood at 205 days on the average last year.
Not boxes, but layers
There are some steps companies can take to ensure that threats are detected early.
“The fundamental thing would be to acknowledge the vulnerability … the ‘checking the box’ mentality has to go,” Sanjay said.
“Just because I have invested in A B C D E, I’m secure or I can sleep well – that has to change. A layered approach, with more eyes and ears, is better.
Companies also need to realise “that insider threats are equally or more important than external threats,” he added.
Privileged accounts and insider threats
Digital transformation initiatives = greater risks
The threat landscape runneth over, here’s what we need to do
RSA CTO on risk, changing mind-sets and staying ahead
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.