The complexities of today’s cyber-security environment aren’t lost on anyone. It’s increasingly difficult to spot threats, detect intrusions, and thwart hackers and cyber-thieves.
“A cruise through the latest headlines about breaches is sobering,” says Lisa O’Connor, managing director and leader of Accenture Cybersecurity Research. “The sophistication level and the amount of data that folks are going after is frightening. Many of these events are concerted efforts to steal data, undermine organizations, and monetize information and intellectual capital.”
To be sure, it’s a critical time for businesses, government, educational institutions and others. Despite years of ratcheting up security and plugging holes, cyber-crooks continue to break into systems and steal data. A list of recent breaches includes prominent companies such as Equifax, Hyatt, Deloitte, Whole Foods and Pizza Hut.
Ponemon Institute reports that the average cost of a data breach now stands at $3.62 million. In 2017, the average number of lost or stolen records resulting from data breaches rose by 1.8 percent over the previous year. The mean time to identify and contain a breach now stands at 191 days.
Studies show that about 80 percent of organizations are affected by cyber-attacks. The takeaway? Cyber-security isn’t only the job of a chief security officer (CSO) or chief information security officer (CISO). It’s something that must span all corners of the enterprise—and beyond its walls.
While it’s important to focus on fundamental security tools and solutions—as well as practices and processes that protect digital assets—it’s also vital to tap next-generation technologies, such as blockchain, artificial intelligence (AI), automation and security-as-a-service solutions.
Automating Activities and Tasks
How can an organization adopt a more advanced and innovative approach to cyber-security? How can security teams mitigate threats in a world where there are no borders for data and connectivity? Basic firewalls, malware protection, intrusion detection and packet filtering are no longer adequate.
“You have to look for ways to automate activities and tasks,” explains Paul Hill, a senior consultant at SystemExperts, an independent security consulting firm. “You can’t shut down a set of IP addresses every time an attack occurs without interfering with the business or completely shutting it down. You can’t depend on whitelisting and blacklisting when the same attacks stream in from different machines and IP addresses.”
Various automation tools, solutions and technologies—along with well-conceived processes—can help security teams move beyond a reactive mode. Organizations are suddenly able to collect and correlate data rapidly, and from a wide variety of sources, while maintaining confidentiality of data, Hills explains.
These automation systems can rapidly identify the source of an attack and can aid in deploying critical patches, updates and other remediation tactics faster than attacks can spread. Likewise, they detect infections or intrusions faster than attackers can exfiltrate data.
AI is a crucial piece of the automation puzzle, Hill adds. Emerging deep learning and machine learning tools can spot abnormal or suspicious behavior in log information and network flow data. This typically includes firewall logs, load balancer logs, operating system logs, application logs, and other data that often wind up in a traditional System for Cross-domain Identity Management (SCIM) system.
In addition, Accenture’s O’Conner advises keeping an eye on an emerging area of machine learning that revolves around data classifications. “Many organizations have no idea what value their structured and unstructured data have, and yet they have to apply the right security to the data.” Other emerging areas for AI include penetration testing and spotting social engineering attacks.