Cybersecurity pros won’t be facing the threat of bio-engineered replicants in 2019, but attackers taking full advantage of existing tech innovations will certainly cause more headaches in the coming year.
Are you ready for 2019? You can bet the attackers are…
The 2019 of Ridley Scott’s Blade Runner envisioned some technologies that are coming eerily close to reality (flying cars, off-world travel/colonization, and the aforementioned replicants), and some that are now as commonplace as they are in the movie (video calling, artificial intelligence, those huge TV screens in Times Square).
Sensato CEO and cybersecurity expert John Gomez tells us that AI, cognitive learning, deep analytics, correlation technologies, and maybe even quantum computing are just a few ways attackers can have you reaching for the aspirin in 2019.
The question for CISOs and everyone else involved in protecting digital assets is, how do we align our cybersecurity threat preparedness with the reality of the emerging threat landscape?
Fingerprint and prioritize
According to CybersecurityVentures, by the year 2020, the world will need to cyber-defend 50 times more data than it does today. That’s a lot of data to protect, and you can’t protect what’s most important if you don’t have a clear idea of what that is and where it is. Use AI-assistance to “see” every asset, device, application, and person connected to your network. Analyze traffic patterns to establish a baseline for “normal” as well as to help in determining which systems can absolutely, positively, never go down. And then use that information to prioritize the deployment of your limited cybersecurity resources, securing, tracking, and segmenting those assets and systems of highest priority.
A sort of next-gen version of setting honeypots, deception technology doesn’t just want to catch intruders; it wants to buy you some time by taking them on a wild goose chase. Breach detection is still, on average, slower than the time between breach and exploit. “Attackers using AI will compress that timeline even more, so defenders should use AI to set a better mouse trap. Actually, many mouse traps,” says Gomez “Deception involves generating a lot of traffic from what appears to be many databases, keeping attackers busy chasing down potentially high value targets. These are not only dead ends, but traps that trigger alerts when unexpected traffic appears.”
Engineer out risk (aka: trust no one)
Privileged access accounts for most damaging cyberattacks, which means all people and applications that have been given privileged access must be monitored and protected. Multi-factor authentication, biometrics, segmentation, and microsegmentation should all be leveraged proactively to help engineer risk out of your network
All your security apps, devices, threat intelligence, threat analytics, and automated security tasks should be integrated into a single platform, allowing for a coordinated, fast, and agile response to any suspicious network activity. In a Ponemon Institute survey, 71 percent of respondents said it’s difficult to prioritize threat intelligence without an integrated platform, due to the sheer volume.
Knowledge is power. Learn how to harness it here.
Make security your culture
Every person who works for or contracts with your organization should be a trained and active member of your company’s security culture, from the board level down. Too often, we look to cybersecurity technology and forget that the people using the computers, laptops, tablets, phones, and other devices connected to the network are both our most vulnerable attack vectors and our best hope for preventing an attack. By industry estimates, 91 percent of cyberattacks begin with spear-phishing email. Employees trained in how to recognize suspicious emails and how to report suspicious activity are your first and best line of defense.
Mobilize to combat mobile threats
Convenience and the sheer proliferation of mobile devices have thwarted security-minded efforts to keep them off of organization networks, so you should be doing everything you can to secure them. Any device that is going to connect to your network should meet minimum security requirements established by your cybersecurity team. Segment devices and include mobile device traffic in your network baseline so you can spot anomalies and quickly halt traffic and/or segregate the device.
Harness new tech
Attackers aren’t the only ones who can play with new technology. Explore AI and machine learning to not only aid in identifying and analyzing new threats, but also generate algorithms and automated responses to protect network assets. “We always prefer to hack the attackers before they can find a way to attack,” says Gomez. “In cybersecurity, we always have to be trying to get into the minds of the attackers, understanding their motives and tactics. AI and machine learning take our ability to do that to the next level.” AI can also help by exponentially speeding up the threat analysis, mitigation, and response processes.
Initiate a merger
Security is security, but cyber and physical have long operated on separate tracks with little coordination or collaboration. However, as the NotPetya and WannaCry malware attacks so viciously illustrated, cyberattacks can devastate physical hardware and destroy critical systems and infrastructure. Physical security teams should be included and involved in cybersecurity incident response planning, threat intel, and tactical response teams, at the very least.
Add cyberattack playbooks to incident response planning
Your threat intelligence feeds give you ample information about the current threat landscape. Use that intelligence to anticipate particular types of attacks, how they might progress, and what responses are most likely to prove successful. Include these “playbooks” in your incident response plan, along with response protocols for training and drilling.
Develop your incident response plan for the realities of current day cyber warfare.
Fending off cyberattackers in 2019 and beyond will require an integrated, unified approach with a partner that sees cybersecurity as a life-and-death proposition.
Sensato built its cybersecurity platform and solutions to meet the requirements of those who provide critical services that impact human health and safety: healthcare, law enforcement, emergency services, and critical infrastructure.
Sensato Nightingale is an agile unified threat management platform that helps you keep up with threat intelligence and defense in the emerging threat landscape:
· Deception technology—Sensato’s Nightingale started out as a BDA solution, designed to detect a breach as quickly as possible; now it can keep attackers busy while giving you time to analyze and respond.
· Continuous threat intelligence—A stream of threat intelligence from a variety of sources is critical. Sensato designed the Nightingale Agile platform to include an Open Intelligence Feed of open source intelligence from government defense agencies and other sources.
· Network intrusion detection—This is a given, but the NIDS is one piece of a UTM that simply cannot fail. Sensato’s Nightingale is built on a telecom-grade platform to ensure reliability.
· Asset management—Organizations often don’t know what’s on their networks. A robust UTM like Sensato’s Nightingale provides a system that builds a complete accounting of all assets, similar to how attackers scan and inventory a system they’ve breached. Nightingale also incorporates a social graphing model to determine and locate an organization’s most important assets—those systems that can absolutely never go down.
· INFOCON protocols—Speed is of the essence when you’re under attack. INFOCON protocols allow you to move your entire organization to a higher defensive posture with a single command. Much like the protocols practiced in hospital trauma centers every day, these standing orders trigger action informed by training and preparation.
· Unified dashboard—One of the biggest obstacles to effective management of cybersecurity attacks is the decentralized nature of an array of siloed products. Nightingale brings the entire cybersecurity operation into a single feed, where IT security professionals can see the current risk level, receive alerts, launch response protocols in the event of a breach, run forensics on the breach, and shut it down.
· Journaling—In the midst of an attack, it can be difficult to document every action taken to protect assets. Nightingale automatically keeps a time-stamped journal for future review and auditing.
· Reminders—Keeping track of everything you need to do to stay in compliance with government regulations can be a daunting chore. Nightingale includes reminders to help organizations maintain public policy compliance as part of the natural workflow.
· Forensic analytics—You need to be able to quickly see where an attack is occurring, the timeline of an attack, and the history of an attack. Nightingale gives you a full picture of every step of an attack so you can respond in real-time and perform a full analysis later to address system vulnerabilities.