Originally posted in Database Trends and Applications on July 1, 2019.
Nearly every week of 2018 featured headlines of a new cyberattack on companies that people trust with their data, such as Marriott and Facebook. In years past, the biggest concern for companies was being hit with hefty fines, but now, they risk reputation damage if they breach compliance mandates and regulations when they are attacked.
Due to attack pervasiveness and cost, cyber-risk is now a business issue with board-level visibility and increasing spending for preventative services. According to research from eSentire, cybersecurity is no longer only on the minds of IT departments. Today, 60% of business leaders and board members expect that an attack will hit in the next 2–5 years. While the executive team knows cybersecurity should be a major concern, only 30% are confident their business will avoid a major security event within the next 2 years.
Cybersecurity used to be a part of the business related only to the IT department and the CIO. The adage, “the chief intelligence security officer (CISO) is the least interesting person to the board, until they are the most important person,” is no longer true. The research shows that, as attacks have grown, 50% of boards are very familiar with security budget, overall strategy, policies, and technologies, and currently review present-day security and privacy risks. Through this familiarity, 77% of CEOs and boards are optimistic about their firms’ ability to cope with a breach, but only 33% are confident that high value assets are adequately protected.
Additionally, there’s a cybersecurity preparedness paradox between the CEO and board and the tech team. Business leaders are overconfident in their ability to manage a major security breach, but IT departments aren’t as optimistic: Tech leaders are 20% more likely to predict an attack and are 10% less optimistic than business peers in their organization’s preparedness.
As threats grow more pervasive, there’s a wild card at play: emerging tech. These emerging technologies, such as AI, are evolving at a rate with which IT departments struggle to keep pace. At the same time, IT departments are held accountable for business disruption due to expanded threat surfaces that are created by these new technologies in tandem with increasingly sophisticated attacks. As these technologies continue to be adopted by organizations at a rapid rate, they create new security risks because organizations cannot put measures in place to prevent breaches from happening. These emerging technologies have all grabbed headlines for making business-critical operations more seamless, but the risks associated with these technologies is expected to grow. It is the CISO’s job to keep the C-suite informed of and prepared for security threats in the era of emerging tech.
RISKS ASSOCIATED WITH AI
Companies across industries are turning to AI to improve customer experiences, automate work processes, and provide analysis. In fact, 44% of respondents indicate that they have adopted AI to help streamline business operations. The research found that the risks posed by the adoption of AI doubles over the next 3 years. This is due to:
- AI creating more false positives: Organizations continue to adopt AI to identify security issues, but the result has been an increase in alerts that security teams must add to workloads that are already maxed out. It is simple to create models that detect potential threats and, on the surface, it appears that these models provide additional security. However, the models generate more false positives that prevent security teams from detecting and managing real threats.
- Building on generic models: Contrary to popular belief, most AI systems only provide a small extension beyond previous rule- and signature-based approaches. Most AI deployments distribute generic models that don’t understand the networks they are deployed to, making it easy for cybercriminals to avoid detection.
- The human-AI breakdown: Most AI systems that are currently deployed serve human users seemingly random information but don’t explain the reasons behind them, leading to a breakdown in trust. When AI systems cannot support their decisions with explanations that security teams can understand, the teams must take on extra work to comprehend why the AI systems make certain decisions.
COIN MINING AND BOTNET MALWARE
Bitcoin was one of the biggest trends as blockchain took off. With it, coin mining emerged in two forms: malware on comprised assets and in-browser mining that persists only through the browsing session. As miners worked to uncover Bitcoins, companies saw a 1,500% increase in coin mining malware, according to eSentire research. The research also found that in 2018, the use of botnets increased 500% over 2017, leading to a 250% increase in overall intrusion attempts.
Coin mining malware mines cryptocurrency (typically Monero) directly on infected endpoint devices, such as CoinMiner, or in web browsers, such as Coinhive, when a user visits a website that is running malicious code. Once infected, the coin mining malware silently mines cryptocurrencies while consuming a significant amount of processor cycles. The result is devices with slow, sluggish performances and reduced battery lives.
CLOUD ADOPTION WILL POSE LESS RISK
As mentioned above, 72% of respondents reported that they have adopted cloud-based technologies to increase business performance. Since cloud is now in its second decade, companies are adopting more mature and proven methodologies to secure the cloud. Though cloud security is still critical, the report found that the overall risk posed by cloud over the next 3 years will drop by almost 20%.
In the coming years, cloud will expand to ERP and become the foundation in which security services are built. Cloud will move beyond application-level services to offer a foundation for enterprise-wide systems. The report found that within 12 months, infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) will rival software-as-a-service (SaaS) cloud deployments at around 95% adoption.
As cloud becomes the basis of security services, it will be imperative that organizations take proactive measures to ensure that valuable assets are secure against potential threats.
TRADITIONAL MSSPS WILL SHIFT TO PROACTIVE HUNTING SERVICES
Traditional endpoint security measures are similar to mall cops: They can detect the most obvious cybercriminals and prevent them from wreaking havoc but cannot identify bad actors who can evade detection. Businesses need to update their mall-cop approach to cybersecurity to Navy Seal-like cybersecurity measures that are able to spot deceptive adversaries, swiftly neutralize the threat through automated blocking, or engage in endpoint isolation/containment to stop attacks from spreading.
For the organizations that are adopting cybersecurity technology, traditional managed software service providers (MSSPs) only provide protection on a mall-cop level and don’t provide the full protections that modern cybersecurity threats require. The research found that these traditional MSSPs only have a 45% customer loyalty rate and focus on less mature security offerings. This rate will mark the shift from compliance-centric security to proactive threat-hunting services.
These proactive threat-hunting services offer organizations more peace of mind, because they know they’ll be getting Navy Seal-like protection against potential threats, especially those occurring through emerging tech channels that require new approaches. As security threats become more pervasive and damaging, proactive threat-hunting services work to stop the attacks before they seriously damage an organization.
MOVING BEYOND A COMPLIANCE 3.0 MODEL
Over the years, the cybersecurity industry has been moving through device-focused (Compliance 1.0), alert-focused (Compliance 2.0), and threat-focused (Compliance 3.0) stages. It is expected that the market will transition from today’s regulatory- and compliance-driven security to prevention technology. This shift can be attributed to the need to maintain business integrity and continuous operations through proactive and predictive threat management.
Currently, organizations are moving from a Compliance 1.0 model that is based on meeting the minimum regulation requirements toward Compliance 2.0: preserving a brand, protecting operations, and avoiding financial losses are the drivers of such change. In the coming years, Compliance 3.0 will center around threat-focused measures. As companies move toward the Compliance 3.0 stage, brand and reputation will determine how their security performance is measured. When companies protect the client, they will be protecting their data and services by extension, avoiding the operational disruptions and financial losses.
Cybersecurity is a business hurdle that companies can’t afford to ignore as emerging technologies become core to their ability to compete. When its entire C-suite and board are made aware of what they need to know about cybersecurity attacks, an organization can take the first step toward creating a proactive, Navy Seal-like approach to stop threats in their tracks.
