Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/5/2016
09:00 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

The New Security Mindset: Embrace Analytics To Mitigate Risk

Sure, conducting a penetration test can find a weakness. But to truly identify key areas of risk, organizations must start to think more creatively, just like today's hackers.

You’d be hard-pressed to find a business or IT leader today who would deny the importance of cybersecurity. But awareness is different from having the resources and strategy to combat them. In trying to keep pace with end users’ expectations for fast roll-outs of the latest technology, the fight to ward off cyber threats has become more strenuous and stressful.

Fewer than half of information security professionals feel their organizations’ security is completely up to par, according to CompTIA’s 2016 study Practices of Security Professionals. The daily drumbeat of news about successful cyberattacks serves as validation of the beliefs of these security professionals.

Many businesses have thrown money at the issue. Enterprise security spending surpassed $75 billion in 2015, on its way to the $100-billion plateau by 2019, according to estimates from research concern Gartner. Much of this money has been spent on hardware and software solutions. But investing in infrastructure and security solution providers is only one element of survival in today’s constantly mutating landscape.

At best, these solutions represent only table stakes when it comes to securing companies effectively. At worst, they lead to a false sense of security. Recent attacks on leading cloud and mobile device providers suggest that another approach is necessary.

Beyond implementing tactical changes, IT leaders have to initiate a mindset shift throughout their teams, focusing on their ability to evaluate complex issues and create innovative security solutions.

Pivoting to a Data-driven Offense
The repeated mantra has been to “think like a hacker to stop a hacker.” Yet attacks continue to grow in spite of the increasing numbers of white hat and ethical hackers that have entered the workforce. A new approach is necessary.

The key is to properly analyze today’s networks to see where traditional security measures fail. This approach does more than simply devise an attack to see where security falls through the cracks. Merely conducting a penetration test may find a weakness. But conducting a creative analysis of the network and carefully analyzing the results will truly identify key areas of risk. Security professionals who can sniff out abnormalities in their IT network and applications can foil intruders’ plans before they escalate. This is a far different approach than simply finding a single weakness and then declaring “mission accomplished.”

Along with this mental adjustment comes another transition, one that few businesses have mastered. This approach involves both building up an IT department’s detection and analytics capabilities, along with proactively testing an organization’s IT environment to identify any potential vulnerabilities or security gaps.

In addition to focusing on the right hardware and software, it’s vital to focus on the “wetware:” the minds of people who are securing today’s networks. It’s time to focus on an essential shift in how today’s cybersecurity minds approach today’s IT infrastructure. By encouraging security professionals to figure out what makes their organization an attractive target in the first place and hunt down any points of exposure (the same steps hackers take), IT leaders can accelerate this paradigm shift and get ahead of future incidents.

It is often said that attackers are always figuring out new ways to get into systems. They don’t change their tactics and strategies often simply because they are attracted to new techniques or attractive, shiny new cyber objects. Malicious attackers change their tactics because they have very carefully analyzed the victim’s network and have come up with a creative solution. The answer, then, is for today’s cybersecurity professional to be equally as creative.

We’ve seen organizations conduct traditional “red team” and “blue team” competitions, designed to teach penetration testing and defense techniques. Over the past few years, a third team has been added to these competitions: a “white team” responsible for analyzing the tactics and strategies of the other two teams. These developments demonstrate that the traditional “anti-hacker” mind set has morphed and grown to embrace complex analytical skills. Sometimes, even big data approaches are used to help identify network weaknesses.

The traditional anti-hacker approach just can’t discover these issues in a timely way. But a data-driven approach can help. Tackling cybersecurity from a new, data-driven viewpoint will help organizations start to think creatively, just like today’s hackers.

Related Content:

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12346
PUBLISHED: 2019-06-24
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
CVE-2014-9699
PUBLISHED: 2019-06-24
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server.
CVE-2019-7231
PUBLISHED: 2019-06-24
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that termi...
CVE-2017-17945
PUBLISHED: 2019-06-24
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
CVE-2019-10271
PUBLISHED: 2019-06-24
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. ...