The Changing Landscape of Cyber Security

If attackers can make minor changes to their code to avoid anti-virus and other signature based technologies, tricking a user into executing malicious code may give attackers a foothold inside the network perimeter. Likewise, malicious actors may be able to trick an unsuspecting user into providing credentials to access an application or system. It is essential to have a security awareness program that educates workers. Employees must understand that in many cases they are the first line of defense.

To be effective, the information security organization should not only educate users regarding good security practices in the workplace, they should also work to provide additional value to the users and promote an “always aware” attitude. Security organizations should go the extra mile to provide useful information regarding how employees can stay safe at home and on their personal mobile devices. By adding value for users, the security organization fosters a positive relationship rather than being viewed as either an impediment blocking the employees from what they want to accomplish or as a “big brother” always watching over their shoulder waiting to correct or admonish them. Users should feel comfortable reporting suspicious items to the information security organization.

One of the key takeaways from the M-Trends 2015: A View from the Front Lines report by Mandiant is that: “Advanced threat actors continue to evolve their tools and tactics to reduce the forensic footprint of their actions and evade detection. Establishing a baseline of normal activity in an environment, and proactively hunting for deviations from this baseline, are essential to stay a step ahead of intruder’s efforts.” Mandiant also notes that the median amount of time that threat groups were present in a victim’s network before detection is 205 days. The organization must have skilled information security staff who not only partner with business areas and users to mitigate risks, but who can also regularly and effectively monitor the technology environment, recognize anomalies and respond to threats. As attackers become more sophisticated, security organizations are challenged to keep pace. While a malicious actor can concentrate on developing specific expertise needed to execute an attack, the defenders must possess the knowledge to combat many different attack vectors. Security staff must constantly be aware of new vulnerabilities and exploits. While the “bad guys” need but a few successful attacks, the defenders are expected to be successful 100% of the time. Security staff should not only receive regular training, but also practice their skills. This may involve white hat hacking of their own systems or the use of a cyber range. On a cyber range, security professionals can gain real world experience attacking or defending systems dedicated to the exercise. Participants are free to fully engage in this isolated environment without fear of impacting the real world. It is an excellent opportunity to experiment with security techniques, to make mistakes and to gain valuable experience.

Organizations with more limited information security resources may consider using a managed security services provider to supplement internal resources. A managed provider can provide expertise in a broad range of areas by leveraging the demands of multiple customers to maintain a larger pool of expert resources. The managed service provider can also compile threat intelligence from a much broader pool of potential targets due to monitoring multiple clients. An organization employing a managed provider benefits from the knowledge and experience the provider obtains when working with their other customers.

As cyber threats evolve, cyber security professionals must focus not only on perimeter defenses and breach prevention, but also on internal monitoring and incident response to address the increased threat from inside the private network. The information security organization must build relationships with the organization’s business leaders and users to work effectively to address security risks that pose a threat to the data and business operations of the organization.