The detection of cyber-attacks still remains a major challenge for many organizations. According to analyses recently performed by the Ponemon Institute, detecting cyber-attacks is still too slow, lasting on average between 3 and 6 months in the financial-banking and retail sectors.
Conducted on a sample of 884 IT professionals and specialists in the field of information security in North America and in 14 EMEA countries, the study on the rate of reaction among financial institutions revealed that they need, on average, 98 days to detect an advanced cyber-attack which took place already, and other 26 to fix its effects, which means a total of 124 days (more than 4 months). In the case of the retail sector, the results of the analysis conducted by Ponemon indicate a period of 197 days required for detection, in addition to other 39 for remediation, which means a total of 236 days (approximately 8 months) from the moment when the cyber-attack is launched.
A possible explanation of the extended duration needed to detect cyber-attacks is the major difference between the perception of the organizations on their security level and the actual situation. The gap revealed and confirmed by the annual Cisco security report, which revealed that although 75% of the 1,700 companies surveyed had evaluated their security tools and solutions as being “very” or “extremely” effective, only 50% of them actually used the standard update and patches installation tools to prevent security breaches and run the updated versions of the applications.
The confirmation of this false perception comes from a recent RSA analysis, whose conclusion was that 55% of the surveyed companies (170 organizations from 30 countries) do not have the capabilities required for the detection and monitoring of advanced cyber threats, although 90% of the respondents indicated that they used automated information update processes to reduce the chances of possible security incidents, 72% that they had advanced malware protection solutions, and 42% that they used complex network analysis tools.
The Maginot line reinvented
The last study mentioned highlights a second explanation, complementary to the first one: a low rate of response in the case of cyber-attacks is due to use of inappropriate technologies. A frequent situation, which is eloquently expressed by the FireEye people by analogy with the famous Maginot Line, proving that traditional security architectures and solutions are no longer able to cope with the new generation of threats.
In order to validate this verdict, FireEye conducted a series of test-studies aimed at verifying the level of protection in case of a targeted cyber-attack. The result of the latest analysis: 97% of the tested IT systems were compromised. (The test was conducted on a sample of 1,214 companies from 63 countries, and more than 20 industries.)
Conclusion: the new types of cyber-attacks manage to “avoid” conventional security tools.
The principle of action and reaction also works, however, in the case of information security – new security technologies are the response to the new models of cyber-attacks.
Thus, Cisco has managed to rapidly develop a wide portfolio of security solutions, able to provide complete protection in all phases of the attack. The strength of the new ASA generation of firewalls proposed by Cisco is that they provide not only a proactive approach to security and enhanced protection during attacks, but it also facilitates the post-incident intervention, enabling organizations to quickly identify security breaches and compromised equipment and systems, to isolate them and to rectify their effects in due time.
A different approach to security challenges is that proposed by FireEye, which provides, through its solutions, the possibility to detect in near real-time, cyberthreat by running the real data traffic from an organization in a completely isolated environment, which simulates the real working environment. The FireEye technology is designed in such a way as not to generate any latency in the operation of the IT systems and is able to offer superior rate of response in case of detection of a cyber-incident of any nature, blocking its development in the early stage.
These are but two examples of a wider and constantly expanding range, because the balance of forces rapidly changes in information security.
Solutions and technologies evolve continuously to cope with new types of challenges, but in order to capitalize them in an optimal manner, to their full potential, we need the intervention of the human factor, i.e. specialists with real skills and experience.
- Advanced Threats in Financial Services: A Study of North America&EME – Ponemon Institute;
- Cisco 2015 Annual Security Report;
- RSA Breach Readiness Survey – April 2015;
- Cybersecurity’s Maginot Line: A Real-World Assessment of the Defense-in-Depth Model; Maginot revisited: More Real-World Results from Real-World Tests – FireEye;
For more information please contact us at firstname.lastname@example.org.