As the war between the black hats and white hats continues to escalate, cybersecurity necessarily evolves. In the past, black hats were rogue individuals. Now they're hactivists, crime groups, and hackers backed by nation states.
"Hackers have gotten a lot more sophisticated," said Sanjay Goel, a professor in the School of Business at University of Albany. "It used to be they'd break into networks, do some damage, and get out. Now they have persistent attacks and targeted execution."
Hackers are automating attacks to constantly search for vulnerabilities in networks. Meanwhile, fraudulent communications are getting so sophisticated, they're fooling even security-aware individuals. Analytics can help, but nothing is a silver bullet.
Moats Are Outdated
Organizations used to set up perimeter security to keep hackers from breaching their networks. Since that didn't work, firewalls were supplemented with other mechanisms such as intrusion detection systems that alert security professionals to a breach and honey pots that lure hackers into a place where they can be monitored and prevented from causing damage.
Those tools are still useful, but they have necessarily been supplemented with other methods and tools to counter new and more frequent attacks. Collectively, these systems monitor networks, traffic, user behavior, access rights, and data assets, albeit at a grander scale than before, which has necessitated considerable automation. When a matter needs to be escalated to a human, analytical results are sent in the form of alerts, dashboards, and visualization capabilities.
"We really need to get away from depending on a security analyst that's supposed to be watching a dashboard and get more into having fully-automated systems that take you right to remediation. You want to put your human resources at the end of the trail," said Dave Trader, chief security officer at IT services company GalaxE.Solutions.
Predictive analytics analyzes behavior that indicates threats, vulnerabilities, and fraud. Slowly, but surely, cybersecurity budgets, analytics, and mindsets are shifting from prevention to detection and remediation because enterprises need to assume that their networks have been breached.
"All the hackers I know are counting on you not taking that remedial step, so when there's a vulnerability and it's a zero-day attack, the aggregator or correlators will catch it and then it will go into a ticket system so its three to four days before the issue is addressed," said Trader. "In the three to four days, the hackers have everything they need."
Why Break In When You Can Walk In?
Fraudsters are bypassing traditional hacking by convincing someone to turn over their user ID and password or other sensitive information. Phishing has become commonplace because it's effective. The emails are better crafted now so they're more believable and therefore more dangerous. Even more insidious is spear phishing which targets a particular person and appears to be sent from a person or organization the person knows.
Social engineering also targets a specific person, often on a social network or in a real-world environment. Its purpose is to gain the target's trust, and walk away with the virtual keys to a company's network or specific data assets. Some wrongdoers are littering parking lots with thumb drives that contain malware.
Behavioral analytics can help identify and mitigate the damage caused by phishing and social engineering by comparing the authorized user's behavior in the network and an unauthorized user's behavior in the network.
Breaches are bound to happen. The question is whether companies are prepared for them, which means keeping security systems up to date and training employees.
Far too many companies think that hacking is something that happens to other organizations so they don't allocate the budget and resources they need to effectively manage risks. Hackers love that.