Why organizations urgently need to outsource threat intelligence gathering
As cybercrime itself matures into an industry with its own software-as-a-service and highly organized underground professional networks, the task of adequately securing their systems against attack is already well beyond the resources of most enterprises. The major problem faced by CISOs today is how to identify which of the millions of cyber threats now attacking organizations across the world is directed at them. The dilemma is growing daily as more data is stored on more servers, as more businesses move their information onto the cloud and as the Internet of Things starts to connect almost every device on earth. Robotics, AI, 3D-printing, not to mention biosciences, will all be increasingly data-driven and will, therefore, form additional targets.
According to industry estimates, the global cost of cybercrime is set to grow from $500 billion in 2014 to over $1 trillion before the next decade. But even this mayturn out to be a gross underestimate as the world becomes increasingly data-driven and connected. The massive technological changes taking place over the next five years, sometimes known as the Fourth Industrial Revolution, will not only mean more connected devices but also more reason to break into them. It is already hard to think of any aspects of our lives that are not data-driven – in five years’ time, it will be impossible to name one.
But a fully-connected world is a Utopia for every type of hacker, cyber-criminal, spy, terrorist and ‘rogue’ nation-state on earth. And there will be even greater reason to break into data networks in the future when the stakes will no longer merely be confidential customer information or new product designs but whole financial systems, national power grids, airlines, drones, driverless electric cars, smart factories, and smart cities, not to mention armies, navies, air forces, and their entire supply chains. All will be considered fair game for hackers and cybercriminals.
Given that the stakes are becoming so high and our lives and businesses are so interconnected, cybersecurity is too vital a component of national prosperity, national security and, eventually, national survival, to be left to individual organizations. Many CISOs still rely on patches for well-known viruses while taking precautions against well-publicized threats such as Wannacry. Enterprises attempting to pursue this traditional type of security strategy into the next decade will risk not only severe financial losses and compromised customer confidence but are also potentially liable for swingeing fines of up to €20 million or four per cent of turnover, whichever is greater, under the GDPR for failing to take precautions that were available in the marketplace.
The only really effective way to safeguard data is for organizations to extend their security perimeters well beyond traditional boundaries in order to encompass areas such as the Dark Web, where organized groups of highly professional cybercriminals orchestrate increasingly sophisticated cyber-attacks. Over the last few years, the Dark Web (DW) has also become a training ground for relatively unskilled and inexperienced cybercriminals. Some DW vendors now offer notonly off-the-shelf malware- as-a-service but also have 24-hour helplines to offer assistance with complex cyber-attacks. Over the last 18 months, a string of major organizations has exposed their ignorance and vulnerability by only realizing that they had suffered a major hack far too late and only once someone informed them that their customers’ confidential data was being sold openly on the Dark Web. Major airlines, banks, and retailers have also been unaware that cybercriminal gangs operating on the DW are selling kits that allow even relatively unskilled criminals to clone corporate websites in order to elicit credit card details and other personal data from the brand’s existing customers. Customers who have been defrauded in this way are likely to avoid the brand in the future, even though the company was unaware its website had been cloned. Domain- jacking software being sold on the DW also now enables even inexperienced hackers to break into corporate IT systems.
Had those organizations which have been named and shamed for poor cybersecurity practices over the last year and a half been able to gather crucial forward intelligence of the cyber-attacks threatening them as they were being orchestrated across the Dark Web and social networks, they would have been forewarned and forearmed in time. They could easily have avoided the damage that the successful breaches have done to their reputation and customer and investor confidence in addition to the significant financial losses incurred.
Buttoaccomplishthiswouldrequireorganisations to commit thousands of man-hours on the part of expert researchers to patrol the DW forums and monitor the organization’s brand across all platforms including social media. The cost would be prohibitive and the results would be likely to be patchy as few organizations can fully grasp the sheer scale and number of the cyber threats now looming in 2019 and beyond. And even if they were in possession of such a vast amount of data, it would be virtually impossible for them to sift through millions of incoming threats to single out those aimed directly at their own organization.
Resecurity’s own meta database of upcoming cyber threats is currently growing at an accelerating rate and Resecurity’s CONTEXT™ now offers organizations of all sizes access to a comprehensive platform with a growing meta database of over 300 million DW records, 8 billion compromised credentials, 9 million threat actors and over 30 million indicators of compromise (IOCs).
In order to assist organizations of all kinds in identifying those cyber-attacks that are heading straight for them and to enable them to spend their cybersecurity budget in the most effective manner, Resecurity has developed machine-learning technology capable of cross-referencing vast volumes of data. It is extremely important for all organizations to have a proactive and reliable solution for timely risk mitigation. Resecurity Risk™ is a cloud-delivered solution that protects against both external and internal threats, safeguarding the company brand, employees, network devices (IoTs), critical business applications, processes and services, cloud environment and the company’s entire supply chain.
As more companies shift data storage to the cloud, new vulnerabilities also begin to emerge. Companies therefore also need around-the-clock security monitoring of cloud workloads in AWS Amazon in order to prevent data breaches at an early stage. Effective and early identification of insider threats also requires expert and up-to-the-minute knowledge of the latest cyber scams. This is also crucial when determining whether the insider threat is the result of a dishonest or disgruntled employee or whether a member of staff’s terminal has been hacked externally.
Effective intelligence gathering and the contextualization of such vast volumes of data is now beyond the simple remit of most internal IT departments. This disparity is set to grow as the fourth industrial revolution gathers pace this year and then starts to create a truly data-driven world in the early 2020s.
CISO’s can no longer be expected to gather their own cyber intelligence or gauge its importance relative to their own organizations. Just as enterprises universally outsource the manufacture of their hardware and the running of their external communications networks and power supplies, they will increasingly need to use third parties to supply sufficient contextualized threat intelligence to provide 24/7 360-degree protection against all incoming and insider threats in 2019 and beyond.
About the Author
Tony Glover is the senior consultant at TGPR. He heads a London-based international public relations consultancy based in London representing cybersecurity companies across several continents. Until becoming a PR consultant three years ago, he was an award-winning journalist specializing in IT and international crime and has been writing about IT security issues since the dawn of the internet. His articles have been published in Time Magazine, the Financial Times, Institutional Investor and many other newspapers and magazines. He has also made numerous TV and radio appearances on networks including the BBC and NBC. His current mission is to help the cybersecurity industry communicate effectively with those organizations that are most in need of its services. Tony can be reached online at firstname.lastname@example.org.