In October, over 19,000 debit and credit cards from 22 Pakistani banks were stolen, making this the biggest of its kind to hit the country’s banking system. Shortly after, more than 10,000 cards were put up for sale on the ‘dark web’, ranging from US $100 to US $160 apiece.
This attack resulted in over 200 accounts being affected and millions of rupees lost. Responding to the attack, all compromised banks have temporarily suspended the use of their cards outside the country while investigations are under way. This is evidence that we no longer live in a world where amateurish attacks are carried out to probe vulnerable systems on a small scale. In a world teeming with digital information and data, cyber criminals are getting organised and systematic. Equipped with technical know-how and innovative technology, they are after bigger targets. You ought to ask - how can companies protect themselves better?
Here are four simple steps you can follow to strengthen your security posture:
Prediction - Staying a few steps ahead
Aircraft pilots, particularly those flying at night, can often fall victim to what’s called the false horizon effect. They mistakenly think a series of lights in the distance as the horizon, become disoriented and endanger their passengers – if not for the aviation instruments that tell them otherwise.
Similarly, the enterprise security cloud can act as the instrumentation for companies looking for cybersecurity. The level of visibility and connectivity of the ‘Cloud’ allows it to pool various shapes of data from across a business, and channel this data to AI (artificial intelligence) components to detect patterns and predict possible future outcomes.
Through predictive analysis, businesses can better assess risk, anticipate threats and be more informed in their decisions, making prediction a necessary pre-emptive component to any business’ security strategy.
Prevention - Better than cure
Research shows that the average cost of a security breach to an organisation totals to almost US $4 million while the average zero-day exploit remains undetected for 118 days, giving hackers and cyber-attackers plenty of time to scope things out and hit businesses where it hurts the most.
But, two strategies can help prevent unwarranted attacks: system hardening to eliminate the number of entry points accessible by outsiders, and network isolation, to ensure that a compromise in one sector will not affect the entire system.
On top of that, an analytics-driven system run on the Cloud should be able to detect threats on the fly and engage automated real-time protection, fending off attacks before they penetrate even the first layer of defense. Prevention may seem difficult but will ultimately pay off, as businesses come under pressure to stay resilient and protect their networks.
Detection - Powered by AI
Research has shown that it takes over an average of 99 days before targeted attacks are detected, with over 53% of these attacks being discovered externally. For many businesses, this time to detection is way too long - but employing teams to constantly comb networks to detect intrusions is a costly and timely affair.
Automated cloud solutions- like Trend Micro’s Hybrid Cloud security leverage constant monitoring, analytics, AI and Machine Learning algorithms to watch networks and workloads across multiple cloud or hybrid cloud systems, detecting anomalies and attacks even as they happen.
Not only is detection faster and more accurate, such security platforms also track the riskiness of user behavior across the network and alert teams to any potential breach.
This reduces detection time, allows teams to confirm and prioritise threats, and provides the means for more accurate containment – resulting in stronger risk management throughout the business.
Response - Swift, effective and AI-supported
But more than anything, businesses need to ensure that they have policies in place that prioritise the execution of their cybersecurity strategies, and processes to address weaknesses within and without after an attempted attack.
The best method to combat cyberattack, at the end of the day, is still awareness, and businesses must make it a priority to educate and remedy flaws within departments, parties and networks within their organisation – or remain hampered in their ability to protect their networks.
As more and more data points and networks of a businesses are connected digitally to the cloud, the effort it puts into prediction, prevention, detection and response to cyberattacks will ultimately determine its effectiveness in combatting today’s digital menaces. How many steps have you taken to secure YOUR business?
The writer is the Vice President, Asia Pacific, Middle East and Africa (AMEA), Trend Micro. He was a keynote speaker and a panellist at the Cybersecurity Conference organised by the Sri Lanka Computer Emergency Readiness Team in Sri Lanka recently.