When I think of the ‘80s, the first things that come to mind are Alan Rickman taking a surprising tumble from the Nakatomi Plaza, Michael Jackson performing an improbable lean, Tom Cruise chasing down a fighter jet on a motorcycle, Martina Navratilova dominating the Wimbledon Championships for 6 years… and the game of Tetris.
I won’t lie, I spent an unfathomable amount of my wasted youth trying to ensure different sized shapes fit into a perfect line on a perpendicular screen.
And (as is so true in life) the better you did at it, the harder it became.
Hazel Burton- Cybersecurity Audience Expert & Storyteller, Cisco
There’s an uncanny resemblance with the game of Tetris and the state of cyber security today. Many organisations are working with a patchwork quilt of old and new technologies, with a significant amount of legacy IT (and legacy thinking in some cases), and multiple security vendor solutions.
All the shapes are effectively mismatched, the problem grows worse the more you add, and the pressure grows from other departments who want things to move quicker.
A lot of organisations have found themselves in this situation because security was always a reactive industry: “Something’s wrong; we need to fix it.” Rather than planning for a problem to occur.
The issue with that approach is that it creates a Tetris-style scenario of different products – none of which speak to each other. They all have different management interfaces, and they all generate an overwhelming amount of security alerts, including false positives.
We’ve found that 77% of businesses find it somewhat challenging or very challenging to orchestrate alerts from myriad solutions. And it’s because their security infrastructures – whilst they might be brand new – are living in the ‘80s from an architectural point of view.
This is happening simultaneously with a rising level of threat from the “bad guys”. Cyber-crime is expected to cost businesses $6 trillion in damages by 2021, up from $3 trillion in 2015 (the UK GDP was $2.8 trillion in 2018).
This growth is only compounded by a skills shortage of “good guys” to take down cyber-criminals: there’s a 2 million shortfall in cyber security employees worldwide.
Ben M. Johnson, CEO of Cisco partner Liberty Technology provides some context, “Many people think that if they go with a multivendor, best-of-breed approach, it will protect them better. But what we see is that it’s harder to manage, costs more, and decreases security effectiveness overall.”
These holes require more resources if firms are to manage and update vulnerabilities. The industry average is between 100 to 200 days to even find a breach; let alone deal with it and its potential consequences.
So what needs to be done to solve these challenges?
From a future perspective (i.e stopping ourselves from allowing history to repeat itself), cyber security vendors need to work with both governments and educational facilities such to help close the gap.
Cisco, for example, is working with the police to train all officers in cyber security. The Cisco Networking Academy will be providing specialised training and guidance to 120,000 officers across England, Scotland, Wales and Northern Ireland.
As part of the wider Networking Academy initiative Cisco has already given cyber security training to over 1,000 students.
Secondly, connected security needs to happen by vendors working together to ensure their solutions are working together in harmony.
Simplify security infrastructure, respond to attacks quicker
Connected security means we can help our customers simplify their infrastructure, remediate attacks more quickly, and also mitigate the skills shortage because teams will be managing less interfaces.
The crucial thing is to make sure that everything comes back to the problem you’re trying to solve. At Cisco we’re committed to third party integration so that our customers are better protected. The “bad guys” are working collaboratively and connected, so we need to make sure, as an industry, that we’re doing the same.
Otherwise we will always be playing the hackers’ game of Tetris, and having the rules dictated to us, by them.
Thirdly, we need to find a way of cutting the noise down and using technology in a smarter way to eliminate the volume of basic alerts (only half of which are investigated according to our research).
For a lot of organisations, the volume of security alerts is like having a never ending email inbox, filled with spam. You’re unable to work out the urgent requests, from the important.
For this, the time has come to embrace three technologies that once sounded more at home in a fictional sci-fi setting than in everyday business: Artificial Intelligence, Machine Learning and Automation.
Advanced capabilities in AI can enhance network security defences and, over time, “learn” how to automatically detect unusual patterns in web traffic that might indicate malicious activity.
Machine learning is useful for automatically detecting “known-known” threats—the types of infections that have been seen before. But its real value, especially in monitoring encrypted web traffic, stems from its ability to detect “known-unknown” threats (previously unseen variations of known threats, malware subfamilies, or related new threats) and “unknown-unknown” (net-new malware) threats.
Tools for automation which provide network context can also give security analysts insight into potential leak path issues. In addition, implementing appropriate segmentation policies can help security teams quickly determine whether unexpected communication between networks or devices is malicious.
Of course, it’s important to never overlook the basics. Organisations should consider their strategy to educate employees to use strong passwords and recognise phishing emails; since cyber criminals are stepping up their social engineering campaigns.
And of course nothing is more important than having a regular patching routine. Endless amounts of security breaches can be stopped simply by patching vulnerabilities.