The ever evolving security conundrum and how to solve it
By Edwin Yapp March 14, 2018
- CIO’s face challenge of balancing security with innovation needs
- AI plays role to improve accuracy of detection and efficiency
THE security threat landscape is characterised by a fast-growing number of threats targeting confidential information leading to data breaches and data ransom, all of which affect companies regardless of size, industry and geography.
This is part of the conundrum faced by chief information officers (CIOs) today. On one hand, they are challenged to secure and protect enterprises but at the same time are required to not impede innovation that is needed in today’s competitive business world.
According to the annual research dubbed Global Threat Intelligence (GTI) Report commissioned by leading IT services company Dimension Data, the top cybersecurity threats for digital business are phishing, social engineering and ransomware.
Among the findings, the 2017 report noted that phishing attacks topped the list at 60% of all incident response investigations, with ransomware coming in at 22% of all engagements. More alarmingly, incident response engagements relating to malware stood at 41% in 2016, up from 19% in 2015.
In terms of attacks by types, suspicious activity tops the list, making up 30% of all activity and is followed by web application attacks at 16% and distributed denial of service (DDoS) at 6%.
Asean countries are a hotbed of attacks by cyber criminals because they are the soft underbelly of the world, declares Neville Burdan (pic above), general manager of security for Dimension Data Asia Pacific.
“And Malaysia is not alone in this,” says Burdan. “What we’ve seen in our GTI report is that Asean businesses are twice more likely to be attacked especially in the financial services industry (FSI), government and manufacturing sectors.”
Burdan says Asean businesses are doing well and are easy prey for ransomware because of their large manufacturing base in countries such as Malaysia, Thailand and Singapore – all of which are targeted for intellectual property theft, which can be ransomed and/ or sold by cyber criminals.
But as disquieting as this sounds, enterprises can mitigate against this if they are prepared by having a formal incident strategy in place, Burdan stresses.
“This is where Dimension Data and our partner Cisco Systems can come together to provide an elegant security posture to our clients in Asia,” Burdan says.
One of the most challenging tasks is for CIOs to balance innovation and compliance. In the past, the practice was to implement what is known as the ‘zero trust’ approach – to simply prohibit people from using non-corporate issued devices and applications.
Burdan says the modern zero trust model should accommodate individuals’ personal preferences as today’s corporate environment is very different from the past. Today’s zero trust is focused on user centricity – the identity of the user and to protect the database access of that that user rather than the database of the entire company, Burdan explains.
In the past, when a person creates intellectual property and utilises the data, he/ she typically puts it in a file share environment, which anyone with access rights can get to, he adds.
“However, this model is untenable and needs to change because bad actors have used the weakest link via phishing and social engineering to gain entry, and if successful, they can access all to a smorgasbord of data and can hijack it.
“The whole idea of zero trust today is that it’s on a need-to-know basis and that users have access to data only relevant to them. If they need more data, they have to ask for it.
“So if a bad actor gains access, they can only find the data belonging to that person. This way, it doesn’t inhibit the business but only blocks bad actors,” he explains, adding that to do this effectively, enterprises would have to relook at their data classification and user base security.
Artificial intelligence security
Besides dealing with zero trust, one nascent area enterprises should be looking at is the use of artificial intelligence (AI) in security. As security is very much more at the edge of the network today, Burdan said AI can do things traditional security can’t.
“Today security is also about the speed of reaction – to be able to act on the vulnerability before it gets any worse. This can only be achieved by automation at speeds humans can’t possibly achieve.”
Cisco System’s country manager Albert Chai (pic above) concurs. “Besides being able to act quickly like shutting down the network when a breach occurs, AI can also improve the accuracy of detection and improve efficiency.
“Also, with the increasing skills need in the security business, which is in short supply today, AI can take on tasks that would otherwise be done by humans,” he explains.
But how does an enterprise go about incorporating AI in security?
Çhai advises, “Look at your security vendor and whether they are bolstering their capabilities in AI and advanced behaviour analytics. Then look at your partners to see if they are investing together with the vendor, to see if they’re able to make your security posture more secure.”
Burdan adds, “A lot of enterprises have the best security technology but breaches still happen because they don’t have the right playbook and understand what they need to do. So it’s imperative to be able to partner with the right vendor and service provider that is able to understand and complete the security processes.”