Defending Against Unknown ThreatsStaying steps ahead of cybersecurity threats in a hyper-connected, adaptive environment By: Jon Ramsey
Navigating the dos and don'ts of information security can be daunting for business leaders who are tasked with staying secure without constraining the ability to innovate and grow. It is a challenge compounded by an evolving threat landscape and mounting pressure to prevent breaches. When it comes to security, what can often be most tenuous for organizations – and most challenging for security leaders – is not knowing what we don't know in a world where cyber criminals have capabilities like never before.
Defending Against Unknown Threats: The Pre-Knowledge Problem
The way we defend today is by enriching our tools with threat intelligence – understanding what tools malicious hackers are using and analyzing indicators for the presence of a threat; we use this intelligence to create signatures to detect threat activity and inform incident response. While it can be a very cost effective way of dealing with threats, it requires knowledge of the indicators, and it has a very short half-life of effectiveness. Threat actors purposefully adapt manually and automatically, causing known indicators to become irrelevant. The real challenge lies in having advanced knowledge of the threat to identify indicators. Ask any security researcher how many threat actors there are and you're unlikely to get even a ballpark figure. We don't know; and if we can't count the bad guys, how can we come close to understanding what they are doing when we can't see indicators of compromise?
Diversifying your security tactics is one place to start. Make sure you have strategies in place to protect your network and endpoints and that you are providing your employees with ongoing awareness training programs.
Ultimately, if we want to defend against the unknown threat actors and zero-day tactics, we have to shine a light on them and make them known. It's a complex problem that requires the right people and technology. Hire the best researchers. Give them environments to work on. Give them tools and procedures. Build processes and let them loose finding the adversaries. Here, we have also invested in technology that uses sophisticated algorithms, such as the discovery discipline of data sciences, to find malicious things we didn't know about before. So our people and systems are learning from each other.
A New World: Interconnectivity Between the Virtual and Physical
What further complicates today's threat landscape is that adversaries can now physically manipulate the environment. Smart devices – the “Internet of Things” – might seem innocuous, but hackers can more easily manipulate the physical world through cyber means.
It's not all doom and gloom, however. The good news is that this level of interconnectivity is so new, there's not a lot of legacy we have to retrofit. Many companies are entering the space and hopefully addressing vulnerability management from the onset. And users who enjoy the conveniences smart devices provide should make sure their technology providers are taking precautions to prevent things outside the network from connecting to things inside it.
Security is a Risk Balance
There's no denying that we all face serious cyber-threats and that these threats are evolving. When it comes to defending against breaches, we often advise taking a “when, not if” approach to planning. But in an ever-changing landscape, there's no one-size-fits-all solution to eliminate all risk. Bad guys are creative and will always try to find a way in. Organizations must assess their risk factors to ensure a solid security framework, and individuals must adopt connected conveniences cautiously. As for the unknowns, they will continue to keep me and my colleagues working with the right mix of people and technology, focused on what's ahead.