For many years, cybersecurity was considered to be the responsibility of IT and security teams alone. Yet with data breaches, ransomware and nation-state attacks becoming a part of the everyday vernacular for businesses and consumers alike, organisations know the need for a robust cybersecurity and risk management strategy is a business-wide concern. The extensive implications of poor defences could have a catastrophic effect on business operations.
As any CEO will attest, for all business-based decisions you need to weigh up the pros and cons and make a judgement call on the variable degree of risk attached. The question that each executive needs to ask is: what level of risk to my business am I willing to accept?
This will then be swiftly followed by: how do I quantify this risk?
The goal is to strike the optimum balance between enforcing enough security measures and maintaining a sufficient level of business functionality. Prioritising one over the other could lead to devastating consequences. While there is no simple fix to this dilemma, all areas of the business need to work together to achieve the ideal balance and deliver a tangible ROI.
Changing risk appetites
With the forecasted cost of ransomware incidents set to be $265 billion by 2031, the rise in these types of attacks has triggered a significant change in risk appetite. When assessing the prospective financial damage and repercussions of incidents, many are well aware of the cost they will need to shoulder should they suffer a data breach and get hit by GDPR or another regulatory fine. Some organisations are also setting funds aside should they be hit with a ransomware attack.
Other potential consequences that need to be considered are the impact of an attack on the share value of a business if they are publicly listed on the stock exchange and the slightly less measurable impact on the organisation’s reputation and the erosion of customer trust.
With new technologies being adopted by cyber gangs, including using machine learning and artificial intelligence (AI) against organisations and their defences, cybersecurity is demanding increasing attention from all company departments. Employees are already concerned that sophisticated adversaries will deploy AI to trigger a global incident in the next 12 months. But if managers panic and line their network perimeters with more restrictive security solutions, how will this affect business operations?
Worth the risk?
While upping security measures is a must in the face of overwhelming cyber threat levels, they have to work symbiotically with business operations so as not to trigger a decline in productivity. For example, it may be decided to not allow employees to attach or receive documents on emails to or from external email domains to reduce the risk of some email-based threats and employees accidentally opening potentially malicious files. You may immediately feel more secure, but you’ll likely see employee productivity plummet to zero as staff can’t do their jobs, leading to them finding (unapproved) workarounds – meaning your organisation’s risk profile has shot up and is out of your control.
As a first step, boards should carry out a risk assessment and understand what their entire IT estate looks like – this should include every asset, device or solution they’ve deployed both on-prem or virtually in the cloud and then look at who has access to what. This task will help the business understand where the potential weak spots or entry points are for attackers. Unfortunately, many organisations have default access rules in place, meaning every member of staff can potentially access any document or network location. This risk is compounded further when adding in third parties that have also been granted access.
There are several areas of business that boards should seek to address from the outset. First is the reduction of false positives. We all know that false positives have detrimental effects on the productivity of teams. Our June 2021 survey revealed that 62 per cent of respondents agreed that threats in their company could get missed due to the overwhelming volume of false positives. Further, each cybersecurity professional could spend 9 hours, 40 minutes each week dealing with alerts caused by false positives, which is an inefficient use of their time.
Another area of bigger risk than people may realise is in how documents are being copied and shared within a business. For example, over 1 billion people currently use Google docs worldwide. For each one user, documents can be shared with more than 100 people at a time, meaning the owner can very quickly lose control of where the original document has travelled. If these files contain potentially sensitive information, the level of risk can skyrocket. There is also the chance that the files could in some way become corrupted or intercepted and replaced with a malicious file.
Other focuses could include limiting the amount of patching required and the prevention of zero-day attacks. Whatever the decision, the top priority for boards will be finding the equilibrium between strengthening security and maintaining business operations.
Adopting a prevention-first mindset
To combat these threats, organisations need to take a proactive stance to shield themselves from the risk of a data incident and develop a strategy that focuses on prevention. All too often, businesses focus on the ‘response’ part of an attack, but the key is to consider the ways to stop an attack before it’s entered the network, by which point it is often already too late.
Deep learning (DL), a subset of machine learning that takes inspiration from how the human brain works, is the next step in preventative security solutions. Using raw data, DL machines distinguish malicious data from benign without intervention from human workers. By working independently, DL allows employees to focus on other high-value tasks. For example, applying DL can reduce the number of alerts a security team is reviewing every week by as much as 25 per cent.
We know that attacks need to execute and run before they are picked up by detection technologies and checked to see if they are malicious, sometimes taking as long as 60 seconds or more. When dealing with an unknown threat, 60 seconds is too long to wait for analysis. By using technology based on DL principles, a sub-20 millisecond response time can be delivered to stop a ransomware attack pre-execution, before it can take hold. The preventative nature of DL reassures business leaders that both known and unknown attacks are stopped from entering the network quickly and accurately.
Striking the perfect balance is no mean feat. It requires discussions, planning and a full understanding of a company’s security priorities. By quantifying the risks and breaking down the network by importance and value to the business, boards can make an informed decision about where security improvements should take place. A prevention-first mindset is key. With the risks of sophisticated attacks growing exponentially each day, cybersecurity must remain a business-wide priority to ensure enough protection is deployed without impacting business productivity.
To find out more, visit deepinstinct.com
By Brooks Wallace, VP EMEA, Deep Instinct