A New Approach Is Needed To Combat Evolving Cyber Threats

Cyber Threats

The more organisations become digitised, the more opportunities open up for unscrupulous individuals to infiltrate critical data. Employees’ adoption of consumer technology at work regularly outstrips the IT department’s ability to protect against security issues these devices introduce. Organisations had no sooner decided how to handle the introduction of smartphones and tablets before they then had figure out how to deal with new wearable devices like Google Glass and Apple Watch.

Along with the proliferation of data, devices and connections, malware is becoming increasingly sophisticated. Advanced Persistent Threats (APTs) – a network attack in which an unauthorised person gains access to a network and stays there undetected for a long period of time – are one of the most vicious examples of a modern threat, precisely targeting businesses and governments and their data. The new threat landscape is dynamic and malevolent, which means it is more difficult to protect critical information and related assets.

In a February 2014 report entitled ‘Malware Is Already Inside Your Organisation; Deal With It’, Gartner suggested that “organisations must assume they are compromised, and, therefore, invest in detective capabilities that provide continuous monitoring for patterns and behaviours indicative of malicious intent”.

The speed with which threats are advancing makes it increasingly difficult for the traditional anti-malware solutions to keep up. Moreover, existing security solutions such as firewalls, antivirus and intrusion detection systems only work for known vulnerabilities and are unable to detect and combat previously unidentified attacks. This is because traditional antivirus software relies upon signatures to identify malware, however a previously unknown type of malware, also known as zero-day malware, does not yet have a signature available.

Organisations need a new approach to combat this new breed of cyber risk, which includes APTs as well as zero-day malware, cybercrime and other evolving threats. They need a solution that works in real-time in order to detect and immediately defend against new threats. One reason that many organisations remain vulnerable is that most solutions aiming to combat the new threats are highly complex, costly and time-consuming to administer. New-age security systems must be designed to be the opposite: lightweight, cloud-based, automated and affordable.

What is needed is a non-intrusive approach that requires no additional hardware or software and uses data logs that most companies are already generating. This means that companies do not have to change the way they are currently operating, nor do they need to make large and costly purchases in order to implement appropriate protection and analysis. We believe such an approach is absolutely critical in ensuring that organisations of all shapes and sizes can protect themselves from the ‘unknown’.

For businesses today, a security breach is an ever present concern that often leaves IT managers with little idea of the best way to protect critical data. The intensity of cyber-attacks continues to increase with the use of advanced technology, tools and methods. With the growing complexity and diversity in the nature of attacks, enterprises need to adapt and evolve methodologies to secure themselves to ward off attacks from previously unknown threats. Such capability calls for a complete revitalisation of the traditional enterprise security framework along with the methods and means deployed to identify and protect against these new age threats.

Yiannis Giokas

Yiannis Giokas is the founder of security-as-a-service provider, Crypteia Networks, a PCCW Global company. He is a serial entrepreneur with over seven years' experience in the High-Tech and Security Industries. Prior to founding Crypteia Networks, he has been active in the fields of Telecommunications, Network Optimisation and Security enabling Telecom Operators to optimise their networks, expand their added value services and enhance their customers' experience. He holds a B.Sc. in Electronics Engineering and an M.B.A. from Athens University of Economics & Business.

  • Think Tech

    This article is correct in that if we are to defeat, or at least redice cyber crime, then we cant carry on expecting CIOs and IT to carry the responsibility. Enterprises need to realise that with APTs and other forms of sophisticated attack, specialist 24/7 help is required in the from of MSSPs and consultancy. #dell #idg http://bit.ly/1zo0KPC

  • Think Tech

    .There are at least 10 key topics that CIOs need to work on as we go into 2015. Actually the pressures are pretty much the same as those for 2014, but the intensity is if anything increasing. Look at increased legislation, look at cloud, look at APTs, look at BYOD – no-ones wants the company device anymore! But to cope CIOs may need to look beyond their in-house resources. #idg #dell