IT Security Landscape - Then and Now
The scale, complexity and impact of cyber-attacks have changed significantly over the past decade. Computer worms and viruses were the earliest types of cyber threats. These were followed by distributed denial-of-service attacks, critical infrastructure attacks, spearphishing campaigns, wannacry ransomware attacks and other types of disruptive cyber-attacks.
The Morris worm in 1989 was one of the first recognised worms that infected the cyber infrastructure. It was a self-replicating worm which spread around computers in the US, making the devices nearly unusable. In the mid- 1990s, with the growth of the Internet and the commercialization of cyberspace, the community of online users increased manifold and so did the volume of security threats.
Later, in the early 2000s, we observed hackers specifically targeting and exploiting security flaws in the system software. The best examples would be the denial-of-service, internet incursions faced by the Estonian government networks and the serial data breach of credit card numbers in the US.
The past decade has also seen a rise in state-backed cyber attacks. Dozens of nation states around the world have begun actively deploying cyber weapons to collect confidential military, government and diplomatic information.
Today the most common security threats come from financially-motivated cybercriminals. Criminals are honing their tactics and increasingly turning to targeted attacks and extortion to yield larger paydays.
From the first widespread worms and objectionable traffic to new malware threats and advanced targeted attackers, cyber threat actors have come a long way. Broad, scattershot attacks designed for mischief are still around, but now organizations also have to contend with more sophisticated cybercriminal and nation state attacks.
Modern cyber-attacks are often conducted across multiple vectors and stages. They target specific individuals and organizations to steal data. They use multiple vectors, including web, email, and malicious files and dynamically adapt to exploit zero-day and other network vulnerabilities. These next generation attackers have a plan to get in, signal back from the compromised network, and extract valuable data despite network security measures.
Traditional defense-in-depth security measures, such as next-generation firewalls, antivirus, web gateways and even newer sandbox technologies only look for the first move—the inbound attack. Signature-based technology is no longer enough and they cannot protect against single-use malware. These conventional methods of protection often fail because they are incomplete and have a lot of loopholes that can be easily exploited by advanced threat actors.
As the threat landscape has evolved considerably over the last 10 years, the security solution has also developed in response. Most organizations now opt for well-designed security architecture that helps them detect sophisticated attacks and even handle unknown, undetected threats.
The remediation scenario has changed dramatically. For years, incidents rarely reached the remediation stage because organizations weren’t aware they were breached. They are learning about intrusions much earlier – admittedly, sometimes still months too late – but much earlier nevertheless. Our Mandiant team is now able to deploy into organization very quickly. They conduct a forensic investigation, collect indicators of compromise, match those against a vast intelligence set, and eventually remediate the intrusion and re-secure the network. The scale and scope of these responses has grown dramatically. Investigations which reach tens of thousands of systems are becoming much more commonplace.
Advanced Persistent Threats
Advanced persistent threat actors can sidestep cyber security efforts and cause serious damage to organizations. These groups are able to succeed because they plan carefully, approach their mission methodically, and they have the resources to continue until their mission is accomplished.
Security experts should not only determine the risk associated with a validated threat, but also determine how the threat got into the environment, how it spread and what can and should be done about it. These insights are delivered as contextual intelligence that helps client organizations quickly prioritize and effectively respond to critical sophisticated threats.
Security-as-a-Service may be the Key
Today organizations constantly struggle to protect their data and reputation from increasingly resourceful attackers in an ever evolving threat landscape. It is important to understand the challenges and complexities that organizations face while trying to protect themselves against ever-evolving threats such as a shortage of security experts, inefficient processes, complex technologies and multiple siloed point products.
Security exists to protect your business whether you operate in a cloud, on-premise or hybrid environment. Security as a Service is a new mindset that delivers effective, efficient security with the value and scale an organization needs, when it needs it, so that it can stay focused on the core business. The technology and expertise delivered through this approach can improve detection, investigation and response time to minimize the impact of a breach. Given below are the four elements of future-proof security.
Engaging in a security-as-a-service model helps security teams overcome these issues. It’s more than cloud security – it’s a new way to think about security.