“The sophistication of attacks is increasing. The impact of attacks is increasing. The diversity of attacks is increasing. The chances of major attacks being successful are increasing.”
GCHQ Director, Robert Hannigan’s warning about the cyber-threat landscape, in a speech this month, is not new and yet bears repeating. Cyber security continues to dominate business pages, two years after hackers took the New York Times website offline, since Edward Snowden stole classified documents from the NSA. Last summer, GCHQ dealt with 100 cyber national security incidents per month in the UK. This summer, the same number was 200 per month. There is no denying the speed and size of the ‘cyber’ problem.
The issue persists, of course, because the very tools and technologies that make our countries, societies and businesses grow and prosper are the same ones that make us vulnerable. The benefits of an open internet and global networks are clear, and we are not about to give them up. Yet, at the same time, we expect to be able to keep information safe within these flexible structures. This is not an easy task, and we are faced with a whole range of adversaries who are constantly trying to get the better of our information systems to steal data, disrupt services and undermine confidence.
Indeed, businesses face human-driven, intelligent and constantly-evolving threats on a daily basis, whose behaviours we cannot predict in advance – try as we might. Tomorrow’s advanced threats will look nothing like those of yesterday. Potential attackers manifest themselves in various forms: criminal gangs seeking direct financial gain, competitors looking to debilitate businesses, ideologues with destructive intent.
Company directors are starting to wake up to this fact. The status quo of security is clearly not good enough. The whole idea that you can protect data by building a big wall around it has been blown out of the water, following regular hacks that we read about month after month, when perpetrators have often been active inside their target’s environment for weeks or months prior to the attack being discovered. The fatal inadequacy of traditional defence mechanisms has been proven, together with the persistent inevitability of ‘internal threat’.
The reality is that our companies, national infrastructure and most critical information are at risk – and always will be, as long as they are valuable. Accepting this uncomfortable reality may be hard, but it enables us to take an extremely positive step forward. By assuming that we have intruders or ‘unusual’ activity going on inside our organisations, we are forced to confront what is happening inside our busy, messy and noisy networks. We are more inclined to pay closer attention to this activity, and detect early indicators of threatening behaviours, including by employees or other insiders.
Organisations that are best-placed in this new era of threat therefore take for granted that they will, at some point, suffer infiltration or even become vulnerable due to the actions of a trusted insider. Instead of trying to stop this point-blank, they focus their resources on spotting potentially dangerous entities early enough to stop damage occurring. This new approach to cyber defence is based around the same principles of the human immune system, which protects us so cleverly because it is capable of continually identifying new threats, based on its unique understanding of an individual body.
The value of a self-learning technology approach is to detect threats you didn’t know you didn’t know about, in real time, whether that is a highly-skilled, criminal hacker exploring your email servers, or a payroll administrator sending large files to a file transfer site. It enables companies to intervene early and curb threatening behaviours, before irrevocable damage is done. It helps towards the ultimate goal of striking a workable and effective balance between supporting a connected, flexible and modern enterprise and ensuring that our data systems and reputation are robustly protected against the plethora of cyber-threats we now face.
If recent events have taught us anything, it is that we have to start planning for ‘when’ and not ‘if’. But just as there is no simple formula for national security, the cyber world is too complex to be adequately protected by one-dimensional systems that obsessively look for specific types of threats, to the exclusion of others. Organisations must steel themselves for continual defence and arm themselves with an ‘immune system’ that will enable defence in the right places. Your immune system may not protect you from every common cold, but it may well save your life – in fact, it probably already has.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…