By David Blumberg
Nation state hackers and cybercriminals. Rogue employees and hacktivists. Social engineering and insufficient employee training or compliance. The threats to your company’s security have never been greater, and the pace is accelerating. Cyberattacks are already estimated to cost businesses more than $400 million a year, and they are projected to top $2 trillion globally by 2019.
If you run a cyber-savvy company, you’ve likely already implemented best practices to safeguard sensitive employee data, confidential client information and proprietary IP. In today’s parlance this means taking precautions such as patching your software applications, running anti-virus software, installing firewalls, deploying hardened security software, encrypting data and ensuring employees are trained to practice good security – and spot social engineering scams – that put your company at risk. In fact, some security experts have contended for years that your employees were your first and best line of defense.
Those traditional safeguards may have been adequate in the past, but they are probably no longer sufficient. New viruses and zero-day threats emerge almost daily and reactive security software simply can’t keep up. Meanwhile, social engineering scams are more sophisticated than ever, and it’s unrealistic to expect that employees will always take security measures as seriously as they should. Does that sound too harsh? Take a look at this disturbing statistic from a recent survey we commissioned to measure Americans’ attitudes and behaviors around cybersecurity: A mere 10% of respondents said they would inform their employer if their computer or phone were hacked. Think about that for a minute. Your employees’ phones, on which many conduct company business, could get hacked and the vast majority of them wouldn’t bother to tell their managers. Moreover, 45% said they wouldn’t even realize they’d been hacked unless contacted by a vendor or law enforcement. The risks are obvious and in the age of BYOD, this clearly demonstrates the inadequacy of relying on your employees as your first and best line of defense.
So what is the best path forward to review your security needs in light of the increasing threats? You may have sufficient in-house knowledge to do your own audit or you might choose to engage a reputable large consulting firm such as Deloitte, Accenture, or KPMG to help review your needs and craft a plan. Alternatively you could engage a cyber-security boutique advisor – names too numerous to mention. In our case, we asked security experts among our Blumberg Capital portfolio companies and among our Chief Information Officer Council. Some of their recommendations include to think like an attacker and focus on what are the most valuable things to protect in your enterprise and on your network. Second, make sure your security analysts are well equipped, well trained and empowered to take action. Third, try to consolidate vendors and use overarching dashboards that integrate data from multiple sources.
In addition, experts suggest a combined approach of defense in depth that employs trusted policies from the past, augmented by the adoption of new technologies and procedures. A critical component is to leverage the power of important emerging technologies such as artificial intelligence, behavioral analysis, automation and others that can adapt to increasingly complex security threats, scale to meet the growing volume of attacks, and keep costs down. This new type of software is proactive rather than reactive; it can learn and adapt to new attacks, so that over time it will be able to predict and prevent threats even before they appear. And because it can self-learn, it will be easier to continuously update security software.
This new generation of security software is helping security managers to defend against zero-day attacks, which are virtually undetectable with many legacy security platforms. For example, Deep Instinct uses advanced deep learning techniques to instantly distinguish malware from good code regardless of its origin or novelty. Cybellum protects against zero-day attacks at the crucial, initial stage of memory corruption.
What about the growing problem where a business doesn’t realize its information has already been stolen? When stolen information appears on the open, deep or dark web in an illicit auction or other nefarious plot, IntSights automatically identifies and locates these compromised assets and instantly remediates the threats. Such threat intelligence and remediation solutions can be delivered in a growing variety of options, including traditional on-premise enterprise installation – direct or from channel partners such as Check Point Software Technologies or WIPRO, or via SaaS and finally through MSSPs such as Optiv or UST-Global’s CyberPROOF.
Another key advance is that this new software often works behind the scenes, reducing the burden on employees, simplifying workflows and cutting customer services costs. Let’s imagine that one of your employees mistakenly reveals his or her password to a social engineering scammer. Or perhaps a hacker is able to gain access to an employees’ or a customer’s account through a “man-in-the-middle” attack. With traditional defenses, the attacker could use those valid credentials to ill effect. Fortunately a new class of defense based on behavioral biometrics is being deployed to immediately detect a changed pattern of user interaction and send an alert. BioCatch is a pioneer in this field. Additionally, if an employee with legitimate credentials goes rogue, like Edward Snowden, new techniques for network behavioral analysis are being developed by companies such as Fortscale to detect aberrant anomalies on the network and notify the security team. And finally, you need to watch the watchers, or at least check their privileges ;-). CyberArk, which recently had an IPO on NASDAQ, helps security managers monitor and manage their super users.
Even customers may become threat vectors when they unwittingly use compromised apps and browsers that could inject Java code commands into a website. Namogoo automatically blocks those Java code injection attacks, without impacting your customers’ intended user experience on your website.
After years of playing a game of whack-a-mole against the ever evolving proliferating and more dangerous security threats, we’re reaching a crucial milestone at which point self-learning, behavioral and predictive technologies can be embedded to provide better security and better user experience. Ultimately, we may reach a point at which employees and customers will no longer need to use passwords, captcha, tokens, thumbprints or iris scans, because security mangers will use embedded behavioral analytics to monitor authorized users using authenticated devices on a continuous basis throughout duration of the transaction. Advanced AI such as deep learning and other technologies will help the Security Operations Center (SOC) to block malware, zero day attacks and Java injections – with little or no user training or behavioral change. When it’s out of sight, there will be greater peace of mind.
David J. Blumberg is the founder and managing partner of Blumberg Capital. Follow him on Twitter at @davidblumberg