Organisations in Malaysia urged to abandon reactive cyber-security posture
By Digital News Asia April 19, 2019
- Fortinet lays down five key considerations & recommendations to pre-empt cyber-attacks
- Only 23% consider cyber-security before the start of a digital transformation project
FORTINET, a leader in broad, integrated and automated cyber-security solutions, advised organisations in Malaysia to switch to a proactive approach in their networking and security strategies as reliance on reactive security alone can leave them more exposed than ever.
Based on a 2018 joint-study by Microsoft and Frost & Sullivan in Malaysia, more than half of the organisations surveyed have either experienced a cyber-security incident (17%) or are not sure if they had one as they have not performed proper forensics or data breach assessment (36%).
The survey also revealed key gaps in organisations’ cyber-security approach with only 23% of organisations consider cyber-security before the start of a digital transformation project while a majority of respondents (42%) saw cyber-security strategy as a means to safeguard the organisation against cyber-attacks rather than a strategic business enabler.
“A vast majority of organisations still resort to a reactive approach where they rely on shoring up defences before cyber-criminals target and exploit new vulnerabilities, or respond after a breach has been detected,” said Gavin Chow (pic), Fortinet’s Network and Security Strategist.
“Such an approach compels the IT teams to be in a constant fire-fighting mode. If an attack does occur, the IT teams will then need to resort to isolating and restoring damaged systems to sieve out who was responsible, followed by forensic investigations before establishing key-learning and then the entire vicious security lifecycle repeats itself.”
He pointed out that most organisations in Malaysia face challenges of cyber-security sprawl as networks expand and evolve rapidly in the face of thinning security resources.
“They only enhance perimeter defences after fresh rounds of cyber-attack, resulting in defence systems operating in isolation as they are specifically designed to look out for certain types of threats,” said Chow. Meanwhile, anti-virus and anti-malware systems are updated and patched progressively based on new active threats.
Fortinet outlines five recommendations for organisations in Malaysia to consider in shifting their cyber-security defence from reactivity towards proactivity:
1. Break the vicious cycle
Nearly half of all organisations globally experienced a cyber-attack in 2018. Smaller businesses, which typically have smaller budgets and staff, had it even worse, with 67% of SMBs experiencing a cyber-attack in 2018.
These breaches forced 60% of small businesses to close within six months of an attack. According to FortiGuard Labs researchers, 33,653 unique malware variants originating from 6,405 different families were detected in 4Q18. This translated into 13 variants per firm with 18% of them being crypto-jacking malware.
Clearly, a reaction-based security strategy simply does not work. Organisations end up being caught in a vicious cycle of clean-up and damage control which inevitably puts a strain on time, money and resources. The more sensible approach is to adopt a more proactive, zero-trust strategy that starts with an assumption of compromise.
2. Threat actors are always one step ahead
Cyber-criminals have long known how reactive cyber-security tools work—and they make it their mission to circumvent them. While malware-for-hire is readily available to multitudes of relatively unsophisticated end users over the dark web, the actual producers of those scripts tend to be much more professional.
When a business gets an update from its AV provider informing it of the latest batch of identified malware variants, it’s a safe bet that the authors of that malware are signed up to the very same update.
It’s their cue to launch their ‘new and improved’ version deigned to evade detection. With purely reactive security measures in place, businesses constantly find themselves one step behind the criminals.
3. Insiders are well placed to bypass reactive security measures
Half of all data breaches originate from insiders—whether through accidental or malicious actions. Such breaches also tend to be among the most difficult and costly to rectify. But one of the biggest problems you face comes in the form of privileged users.
These are the people who know precisely what reactive measures you have in place. They know how to cover their actions without triggering a reaction. And they also know where your most valuable data resides.
When one of those actors becomes rogue, it can be impossible to respond effectively when your security defence system is built around a reactive model.
4. Data compliance: Stakes are getting higher
Since the implementation of GDPR and with similar legislation in place around the world, CISOs are facing a completely new data protection framework—including severe fines for the most severe non-compliance violations.
A data privacy breach resulting from a security compromise does not automatically lead to a sanction. What happens depend on the account you are able to provide to the investigating regulator.
Are the reactionary security solutions put in place reasonable and adequate? Is your security infrastructure being tested regularly?
Maintaining compliance demands investment of sufficient resources to meet an increasingly complex threat landscape. Reaction-oriented security framework that only responds after an update or event occurs is no longer tenable.
5. A proactive threat-hunting approach pays dividends
Research conducted by The Economist Intelligence Unit suggests that firms with a proactive security strategy in place, backed by a fully-engaged C-suite, tend to reduce the growth of cyberattacks and breaches by 53% over comparable firms.
Proactivity involves identifying and mitigating hazardous conditions that could give rise to a vulnerability or compromise - in whatever form they may take.
“Getting out of the trap of reaction-based security requires organisations to rethink both their networking and security strategies. Organisations need to begin by anticipating attacks via implementing zero-trust strategies, leveraging on real-time threat intelligence, deploying behavioural analytics tools, and implementing a cohesive security fabric that can gather and share threat intelligence, perform logistical and behavioural analysis.
All the intelligence can then be tied back into a unified system that can pre-empt criminal intent and disrupt criminal behaviour before it can gain a foothold,” concluded Chow.