AI Trinity [Data * Design * Security]
June 20, 2020
Every organization - no matter who they are, how large they are, or where they are in the world - is at risk from cyber attackers. More than $125 billion each year is spent on information security worldwide and the spending is increasing. Cyber attackers are, however, evading the defense, breaking in, remaining undetected for months, and finding the Crown Jewels.
The Crown Jewels are essential data, intellectual property and other critical assets. Cyber attackers are stealing or hijacking the Crown Jewels to disrupt operations, causing enormous financial and reputational damage.
First, the attack surface is getting larger for the attackers to exploit and there are too many doors, windows and entry points. It is not a question of IF but WHEN and here's why -
The latest include -
The Newton's first law is the law of inertia, it is also, alas, the first law of cyber attacked companies. It's not their fault since there are innate cognitive biases that bind us to the present while blinding us to long-term threats and opportunities.
Among them are availability and confirmation biases, which is our instinct to solve problems based solely on the information that we have immediately at hand and our tendency to interpret data in a way that supports our pre-existing expectations.
A one size fits all approach doesn't work since all cyberattacks are not made equal and most likely why companies are getting wrong today in terms how they approach cybersecurity. A malware is several standard deviations different than an advanced persistent threat (APT) campaign that isn't in the realm of a normal hack. Where a less sophisticated cyberattack might be dealt with by removing malware from compromised computers, fending off an APT requires analyzing attacker's behavior; a cat and mouse game that can take several months to analyze hacker movement and damage.
What's different in an advanced persistent threat (APT)?
The hacker is going to quietly study how the network and servers are connected for some time before preparing to conduct espionage leveraging a VPN (Virtual Private Networks) or equivalent to mask their location and presence.
How you mitigate advanced persistent threat (APT)?
Here are some techniques for consideration among a long list of them -
It's a big effort for any company that suffers an attack. It is far more effective to invest in detection and prevention than remediation.