Cybersecurity Events Becoming More Predictable ?
With the advancements in cybersecurity science, mathematics and physics, and, of course, a good dose of luck, there is light at the end of the tunnel regarding predictable cybersecurity capabilities.
In the early 1990s, the Internet industry needed to move packets as fast as possible because some marketing genius came up with the idea that everyone could have “Unlimited Internet Access” for $9.95 per month. Those people belong in the Internet Hall of Fame.
That is like throwing free beer into the crowd at Yankee stadium during a Red Sox series!
Overnight, Internet traffic under the Dulles access road in Northern Virginia virtually blew up and became “well over subscribed.” Answer: More capacity! Make it faster! What about the cybersecurity threat? Later! Phishing attacks? Consecutive attacks occurring every second of the day? Not yet!
Truth be told, AOL made the Internet, the Internet. With sweeping speed, users across the world grew in the millions thanks to Mr. Steve Case and his team. Without that spark and growth, many of us would have never landed a job at Cisco during the Dot.com era. (Including Me:))
Years later, with SNORT becoming an accessible open source code, the notion of “intrusion detection” made its way inside of networking and upcoming untrained security teams. The average predictability factor improved because of the new detection capability.
The Livingston firewall rapidly became replaced with Checkpoint running on Windows NT server, (Stop laughing, I actually set one up once). However, it did not take long for the bad actors to take notice and target all Microsoft products, including Windows 95, NT, and Microsoft Mail.
Cisco came to market with the PIX firewall, Netscreen came to market with the ASIC based firewall, and suddenly, security had a voice.
Even with these slow adoptions, security still continues to be an after-thought because “security is killing our workstations and applications, shut it off!.” Yes, that really happened back in the day.
Thanks to the TV Show and clever marketing by Cisco, the idea of “Self-Defense Networking Initiative” ended up on the airways during an episode of “24.” Somehow, something that didn’t really exist yet in real-life saved Jack Bauer with predictable security analytics and algorithmic decision-making along automated adaptive controls. This was in 2005!
With the advancement by BitDefender to come out with machine learning with the Anti-virus in 2006 along with Cisco, FireEye, Checkpoint, etc.. Coming to marketing with “Intrusion Prevention” capabilities, these advancements helped drive industry reform and revolutionize the cybersecurity market. Yet, these solutions came with overwhelming complexity to deploy, monitor and manage.
Security continues to strengthen with investment in startups and global collaboration. Predictable recovery after cyber attacks helps organizations with lessons learned along with driving a business case for more investment from the board of directors.
With the advancements with CrowdStrike, Sentinel One, and Microsoft through XDR and EDR, are we finally there in predicting, prevention, and blocking attacks before they happen?
There are four fundamental realities that we all could agree on:
1. There are simple patterns in the timing and location of cyberattacks.
2. Attackers repeat themselves.
3. Attacks happen at predictable times and places.
4. Predictable patterns of cyberattacks could help us expect and prevent future attacks.
Even with the advancements in network isolation, containment, and prevention at the endpoint, hackers will still bypass predictive controls to execute malware attacks, ransomware exploits, account takeovers..etc.
Going back to the 1990s, the need to meet the market demand for security dominated the moment. Today, with so many complex privacy laws like CCPA, POPIA, GDPR, and HIPAA, organizations need to have enhanced security capabilities, process, monitoring, and business resilience. This all comes at a cost.
Cybersecurity insurance in recent years has become a modern day stopgap for corporations looking to offset their losses for attacks. Insurance carriers will offer a variety of different policies and coverage, including:
- Costs associated with an actual data breach, including letters to all affected victims.
- Cost to repair victims’ credit report and cost for external communications to the media.
- Fraud investigation services related to any damaged related to a specific event.
Cyber insurance will not cover the cost for security remediation, the purchase of new security technology, or any 3rd pen testing, auditing, or installation of any security products.
For organizations seeking cyber insurance, the road for predictable security runs in parallel. Below is a list of adaptive controls needed for cyber insurance. Many of these investments also align well with a predictive security strategy.
- Critical — Multi-factor Authentication (enabled) — Least Privileged (Predictive)
- Anyone with privileged or admin access
- Critical — Endpoint Detection and response (EDR solutions) (Machine learning and AI — Predictive)
- AV with machine/AI capability
- Behavior analytics capability
- Exploit prevention and mitigation
- Critical — 24/7 logging, monitoring and notification of alerts — (Reactive and Predictive Modeling)
- Critical — Updated and validated governance and policy program — (Proactive)
- Proven employee training on a scheduled basis
- Having deployed incident response and awareness plans in case of outbreak
- Critical — Secure EDP/VPN access- (Predictive)
- Critical — Proven patch management system — (Proactive and Reactive)
- Critical — Proven and reliable email phishing security solution deployed. (Proactive, Predictive, and Reactive)
Zero-Day attacks will stay with us for years to come, even with tracking deterministic attack pattern data. Organizations seeking investment from the board of directors could leverage the need to lower insurance premiums by deploying predictive technology.
Zero-Day is here to stay. Social engineering through LinkedIn still works. Phish emails are getting harder to detect, and of course, those pesky users (who never finish their cybersecurity training on-time) will always be a challenging link.
Yet, the industry advancements are making the task harder for global hackers to get in and steal the corporate data. Yet, breaches still happen every day.
The investment in cyber will continue to grow, become smarter, harder to manage(sadly), yet the need to be better, quicker, and more nimble to meet the organization’s compliance, governance, and security requirements is a challenge of every cyber warrior.
Until Next Time,
*** This is a Security Bloggers Network syndicated blog from Stories by John P. Gormally, SR on Medium authored by John P. Gormally, SR. Read the original post at: https://jpgormally.medium.com/is-the-cost-of-predictive-cyber-security-worth-the-investment-668a6facb96b?source=rss-160023698d42——2