The increasing interconnected nature of business brings with it the risk of cyber attack, with individuals intent on stealing, selling or changing information. Motives are wide-ranging, from financial gain, political will, or simple personal desire. In this digital world, businesses must collaborate, and operate with speed and flexibility, in order to be competitive in the international marketplace. To achieve this, they store vast volumes of customer data required for targeted marketing – data that is at risk of compromise. As long as companies have something to protect, there will be someone wanting to take it. Hackers have succeeded regularly, targeting big names across various industries.
The effects of a data breach today can be devastating, impacting on a global level. In the wrong circumstances, a leak of a client’s negotiation strategy could send a law firm under, just as the theft of a customer database could irreversibly destroy trust. Last year, telecommunications giant TalkTalk were damaged when personal and financial details of four million customers were stolen. Its market share price fell by 20% and its CEO, Dido Harding, was on the receiving end of public outrage.
Harding may be fortunate to have held her position at TalkTalk – CEO of Avid Media Life, which owns adulterous dating site Ashley Madison, CEO of Target, and CEO of the Office of Personnel Management, all lost their jobs following cyber attacks. As well as damaging brand reputation, the C-suite is increasingly bearing the brunt of cyber breaches. Business leaders can no longer merely delegate the responsibilities inherent in handling customer databases.
With an increasingly complex threat landscape, what level of security can companies realistically achieve? Attackers have always been able to outpace our defensive capabilities, quickly sidestepping most security, entering networks without detection. While the traditional cyber security industry flounders due to a dependence on inadequate, outdated rules and signatures, the demand for a more advanced model of security is clear. Increasing the height of our walls no longer protects the city – the enemy may already exist inside the perimeter. A shift in focus is required from the entry of external threats, to potentially threatening internal behaviours. Companies must establish what represents normality within their IT systems and investigate activity that deviates from this pattern.
Next-generation approaches to cyber security are based on managing threat intelligently, as it cannot be completely shut out. New probabilistic mathematics and machine learning research applications lead the way in detecting suspicious behaviours, within large datasets, in real time. Unlike traditional security mechanisms, these approaches are self-learning – they do not rely on prior knowledge about threat characteristics, nor pre-defined rules and signatures.
The Enterprise Immune System is powered by this mathematical innovation. It is a fundamental step forward in the battle against cyber-threats. The technology is able to intelligently detect genuine anomalies within extensive and complicated information systems, enabling companies to locate major threats as they emerge, without exhausting resources by investigating numerous false positives. Companies adopting the ‘immune system’ approach are better positioned to deal with threats of the future which may have already infiltrated their networks.
In 2016, business leaders need to prioritise cyber security issues, and act on them more attentively. It has to be recognised as a boardroom issue, rather than delegated to IT. Improved communication is required between the technically-minded and business executives who may lack the ability to properly evaluate the efficiencies of their security systems. If the frightening headlines from previous years don’t prompt action, then the legislative proposals for disclosure of cyber breaches may warrant the required change in mentality. Cyber security is an ongoing problem, and there will be no easy solution. However, proactive engagement in a smarter ‘immune system’ cyber defence strategy is a vital and achievable step towards protecting businesses and customers in the future.
Written by Dave Palmer, Director of Technology, Darktrace