Cisco UK & Ireland Blog
Share

Be threat-centric and think like a hacker


June 5, 2015


A report commissioned by the Government has found nine in 10 businesses have suffered a cybersecurity breach in the last year.

Yesterday I spoke at Infosec, the biggest IT security conference in Europe, and this is an issue at the front and centre for a number of people in the industry.

Let’s first look at mobile. Corporate decision makers understand its importance with Gartner listing investments in mobile technologies as a top priority for CIO. On top of this, 73% of the same group believe that mobility will have as much impact or greater impact than the web, according to the Accenture Mobility Survey.

But with this surge to mobile and working across numerous devices, there comes the added security considerations that IT professionals will already be incredibly well-versed on.

Can you enforce policies that allow only your employees to enter the network? Will these ensure they have access to only the data and applications for which they are entitled?

Obviously, you don’t want intruders prowling about the network, but you also don’t want unauthorized employees accessing sensitive company data. You may have policies in place for the LAN and WAN, but can you enforce them when a user is a thousand miles away?

On top of this, mobile devices are stolen or lost every day. Can you risk having confidential communications, proprietary assets, and financial and medical data on your employees’ devices? You might be taking this risk right now.

The evolution of the hacker is just as serious in threat terms. Today’s cybercriminals are more sophisticated than ever before. They are backed by a multi-billion dollar industry where data and malware are commoditised. With this their tactics have changed: they are not looking for quick wins, but long-term pay-outs.

Moving away from attacking an individual computer or person, hackers now aim to capture the full power of your infrastructure, in order to gain a long-term return on their investment.

Adversaries are no longer lone wolves. Instead, they have become a community which knows each other, trades intellectual property, and sometimes even work together.

Most importantly, the speed of attacks has accelerated. Many do their damage in days or hours, while it may take months for victims to discover they’ve been attacked and respond.

In order to be truly effective, defenders must approach real-time abilities to detect and respond to attacks.

This is why we need to be threat­–centric, and think like an attacker. Why? They are using advances in technology, changing business models, and user behaviors to their advantage.

In my view this dynamic threat landscape is demanding an ‘adapt or die’ strategy.

On top of this, the complexity of the threat vector cannot be matched deploying mutually exclusive products and solutions – you can forget the ‘fit and forget’ model.

I believe the Network as an Enforcer is the biggest trend in security right now – and a powerful weapon in the fight against cybercrime.

For everyone, a vital consideration is to know everything you are defending. This is becomes even more important as we move towards the Internet of Things, with more devices being connected than ever before. You can’t protect what you can’t see.

When, not if, a breach does occur, you need the means to defend against it. And after an attack it’s just as important to understand where the threat came from, the impact it’s had, and how to clean-up in the aftermath.

That knowledge has to be fed back to the start of the process, to help reduce the risk of future breaches.

Here’s my latest video blog on the three big things that need to change in cybersecurity right now – do you agree? Leave a comment below and let me know your thoughts.

 

Leave a comment