Historically, cybersecurity has been about higher walls and wider moats but this strategy no longer works. There is no better evidence than the constant barrage of massive data breaches and other cyberattacks like ransomware exploits, making headlines month after month. And that doesn't even touch the data breaches that go unreported or that involve intellectual property (IP).
But, now that most of corporate and everyday America is at least aware of the threat data breaches pose, the question is what to do about it. There are many technical answers, but the only one that really matters is how security spending on these solutions is allocated. According to a 2016 SANS report, the majority of spending today is still focused on prevention in the form of perimeter defense. This is followed closely by monitoring/detection and response.
And while all three of these areas are important, there is a school of thought that says a more equitable split between prevention, detection, and response is needed. If spending is not rebalanced in a way that gives equal weight to each area -- not only will it become increasingly difficult to detect data breaches, but slower response times will -- not could -- lead to catastrophic losses when breaches do occur.
This is because today's threats are fundamentally different than those of even a few years ago. They are more sophisticated, have money as the main motivation, and, with the onset of net-new technologies like mobile and the Internet of Things (IoT), have almost unlimited attack vectors. Attacks today are also very targeted and often take the form of advanced persistent threats (APTs) that typically use custom malware or spear-phishing to target individuals or groups of employees. Attackers are organized and goal-oriented, seeking specific data sets or confidential documents.
To counter these new threats, there needs to be a new response. Less time needs to be spent trying to keep attackers out (a near impossibility today); focusing instead on detection and response to stop an intrusion as soon as it begins. The goal is to reduce the amount of time hackers are in the network, the “dwell time” of the attack. The overall goal today needs to be not just prevention but ensuring that hacks do not result in business damage or loss.
The good news, according to PwC, is CEOs and boards of directors are listening. Although still below 50 percent, many boards now receive regular cybersecurity briefings that are resulting in bigger cybersecurity budgets. There is also a spending shift occurring away from perimeter defense and towards more advanced forms of cybersecurity such as data loss prevention (DLP) and cloud monitoring solutions.
"Interest in security technologies is increasingly driven by elements of digital business, particularly cloud, mobile computing and now also the Internet of Things, as well as by the sophisticated and high-impact nature of advanced targeted attacks," said Elizabeth Kim, research analyst at Gartner. Kim said investments are going into emerging solutions such as endpoint detection and remediation tools, threat intelligence, and cloud security tools, such as encryption and monitoring.
It is clear that as threats evolve, so too must the response. While they’re a bit late to the game, it does appear that many (but not most—at least not yet) companies are rising to meet these challenges. They will have to. If not, cybercrime can and will put many of them out of business.
Read more about reducing dwell time and data loss with behavioral analytics