Cyber-attacks on businesses are becoming a daily occurrence, and with big companies like Home Depot, Target, eBay and JP Morgan falling victim and hitting the headlines, it would seem that no one is safe.
But what is particularly worrying about these attacks is that they were discovered months after being launched.
It‘s shocking to learn from analyst reports that over 90% of organisations with over 5,000 computers are compromised at any given time. Furthermore, in almost 9 out of 10 cases, security breaches weren’t discovered by the organisation in question.
This lack of visibility means that companies fall into two groups: those that are aware that they’ve been compromised and those that don’t know it yet.
It's time then for businesses to focus their attention on detecting current threats and minimising the damage rather than relying solely on trying to prevent attacks from happening in the first place.
Today’s cyber-attacks are more sophisticated, more specific and more targeted than in previous years, and prevention alone is no longer enough in the face of customised methods of attack designed to compromise a business’s IT environment.
Never before has it been so easy for hackers to take control of internal systems and sit silently for months, searching through them and extracting information. It’s usually only when that information is eventually exposed on the Internet or used as a means to negotiate a ransom that the organisation knows it has been compromised.
Whereas previously attacks were executed to prove a point, such situations now lead to major financial, reputational and legal impacts that are costly to recover from. Today, it’s not about ‘if’ an attack is going to happen, it’s ‘when’ and – once it’s too late – ‘how badly have we been affected’?
An initial intrusion can take only a few minutes. The real damage occurs much later, after the adversaries have spent weeks or months inside the target’s system, silently gaining more rights and access.
For hackers, it's like finding a gold mine. They take their time to study their victim’s internal network, compromising other systems to expand their exploration and extracting valuable data for months or even years before they are detected.
But an attacker will inevitably leave traces behind it during every step of the attack. For example, it can move through an organisation in a manner slightly different from what is considered normal. But all too often, when traces of its presence are detected, it’s too late and the information that companies want to protect has already been taken.
It’s important therefore to focus on those first few minutes of an attack. Having greater visibility at this initial stage of intrusion will mean that security teams can take a more immediate response to suspicious behaviour.
Although detection after an attack is not a new concept, the lack of visibility in traditional intrusion detection systems means that they’re largely ineffective because they do not sense or detect unusual activities and usage in today’s world of customised attacks.
Using a technology that provides this visibility will give security teams a real advantage when fighting an opponent, and open their eyes to security threats that were once invisible to them. By documenting and generating alerts about any abnormal activity, they will be in a better position to prevent the spread and damage of an attack before their entire system is compromised.
However, IT departments are inundated with hundreds or even thousands of alerts each day without a way to quickly validate the risk so that they respond to the threat as soon as possible. As a result, it’s hardly surprising that companies like JP Morgan, Target, and Home Depot missed the warning signs of their attacks.
It would be like trying to find a specific needle in a haystack full of other needles.
But, by analysing a variety of data at high volume and high speed, it’s possible to identify potential violations.
The fight against today’s sophisticated cyber-attackers is about using this data to understand the habits and behaviour of users, systems and applications; detecting targeted and complex attacks by analysing their effects.
The latest hacks in headlines each day are proof that prevention is no longer enough.
Businesses today need a sophisticated response to sophisticated, complex threats.
Better visibility in detecting suspicious behaviour and the ability to act before more extensive damage occurs will dramatically change the current situation, untying the hands and opening the eyes of IT security teams and allowing them to fight back against cyber-attacks.
Nexthink end-user IT analytics for security, ITSM and workplace transformation
