How Security System Should Evolve to Handle Cyber Security Threats and Vulnerabilities?

Stories of organizations paralyzed by cybersecurity threats and vulnerabilities are at their peak. According to a report published by Symantec Corp, India is one of the top five countries that have become the victim of cyber crime.  Nowadays, modern technologies such as cloud computing, IoT, cognitive computing, etc. are categorized as the critical assets of any organization. With the increase in the use of advanced technology and interconnected applications, there is a rapid spike not only in businesses but also in threats and vulnerabilities as well.

In this feature, we focus on security threats, challenges faced by defenders to protect the organization from emerging threats, and how the security system should evolve to overcome the day-to-day critical security challenges. Let’s dig deep into the below topics.

• Cyber Threats
• Security Challenges
• How must security system evolve?

Cyber Threats

Technology is transforming as never before. With the advancement in technology, organizations started to experience consistent business growth at a faster pace. They were able to interconnect people, robots, gadgets, contents, and more in an intelligent way that drives more business. But, at the same time, this advancement in technology opens up a center of attention for cyber crimes, targeted attacks, and corporate espionage.

A cyber threat is a malicious attack that gains unauthorized access to a system or network and thereby damages or steals confidential data. Let’s go a bit further to understand the different types of cyber threats.  

1. Ransomware
2. DDoS Attack
3. Threats originated within an organization
4. Data Breaches
5. Advanced Persistence Threat (APT)

1. Ransomware

Ransomware is malware that encrypts the system data and demands payment for access permission. It prevents you from accessing the system, and it can also destroy the data if the payment is not made on time. Based on a survey conducted by Sophos, over 51% of organizations were attacked by ransomware during the year 2019. Ransomware is also available as Ransomware-as-a-service (RaaS) over the dark web marketplace. WannaCry, NotPetya, SimpleLocker, TeslaCrypt, CryptoLocker, and PC Cyborg are some of the Ransomware.   

2. Distributed denial-of-service (DDoS) attacks

The DDoS attack is a malicious attack that increases the traffic of a server with overwhelming random traffic. In DDoS, the server is targeted by different independent networks with the help of botnet, and this is how it differs from DoS. One of the famous and highest reported impacts was against Dyn, a US-based DNS service provider. The DDoS attack against Dyn has affected many websites including Twitter, GitHub, Amazon, Netflix, and more.  

3. Threats originated within an organization

Internal threats are malicious threats that come from people within the organization who have access to confidential information. It can be employees, former employees, partners, associates, and so on. Using these threats, the attacker can bypass security in a legalized way.

4. Data Breaches

Data Breaches can be defined as the leakage of confidential information that includes sensitive corporate documents, technical blueprints, trade secrets, and more. It can lead to financial loss,  brand reputation loss, customer trust loss, and so on. Some of the main reasons for Data Breaches are malicious attacks, a weak security system, and human errors. As per the Verizon Data Breach report, over 88% of data breaches involve human errors.  

5. Advanced persistence threat (APT)

APT is an advanced attack threat. It uses multiple phases to break the network and thereby allow unauthorized people to stay in the organization network. APT can happen through spear-phishing or inside threats. This threat is hard to detect and can retrieve valuable information over a sustained period.   

Security Challenges

Be ahead of your adversaries; If you fail to do so, soon you will become a victim. Let’s discuss some of the security challenges.

1. Slow security adaption

One of the issues related to the cybersecurity system is that cybersecurity solutions are not advancing at an expected rate. In today’s digital era, cloud technologies and other solutions are evolving at a faster pace, and the traditional network architecture has been deputized with simple and flat architecture. But, concerns cybersecurity solutions, many organizations still use traditional zone-based security solutions to prevent threats.  

2. Human Errors

Human errors such as system misconfiguration, insufficient patch management, etc. are common in the majority of organizations. These errors resulted in numerous cyber attacks. According to the IBM security threat, over 95% of cyber-attacks are due to human errors.

3. Third-party vendor security risk

In today’s world, everything is connected. Organizations let third parties store their information for better business operations. But, if they don’t choose a trustworthy third-party vendor, then the organization is at risk. Here, an attacker can bypass the security system by initiating supply chain attacks. 

How must security system evolve?

In this section, we will discuss advanced security strategies to defend against threats and strengthen the cybersecurity system. Let’s take a moment to understand some of the best security practices. They are as follows:

• Threat prevention strategies
• Zero-trust approach
• Assume breach approach

1. Threat Prevention Strategies

Security researchers are researching and innovating effective solutions to prevent threats. They work around the clock aiming at zero-day vulnerabilities and are also actively involved in conducting awareness programs. Threat prevention strategies are mainly categorized into four main sections. They are as follows:

• Reduce the attack surface: Continuous process of vulnerability scanning practice helps to determine top risk applications, security gaps in the network, risky users and processes, and more. Relative Attack Surface Quotient (RASQ) is one such method that can keep track of every change to the attack surface.
• Complete visibility: End-point protection is another factor to take on board. In most cases, end-point security can be compromised by using SMB-based vulnerabilities. So, it is important to separate normal SMB behavior from strange SMB behaviors, and this categorization can be done by providing complete visibility. It is the key that can identify malicious behavior.
• Prevent known threats: Firewalls and anti-virus software are necessary to prevent known threats. It is the first step towards defending networks and endpoints.
• Prevent unknown threats: Advanced and unknown threats are evolving as never before. As a result, it is more challenging to achieve a 100% threat protection. To deal with such threats, organizations have to adopt new techniques such as dynamic and behavioral analysis, deep learning techniques, and attacker techniques, tactics, and procedures (TTPs) analysis.

2. Zero-trust approach

The Zero-trust approach strategy is the continuous verification of all data and assets. It helps to detect the attackers who exfiltrate sensitive information through lateral movements. Let’s take a moment to understand the process of the Zero-trust approach.

• Identify and classify sensitive data: It is necessary to identify and classify sensitive data for data protection.
• Map the data flow: You have to understand the application flow across the network by collaborating with the network team, application team, and security architect.
• Architect the network: Architect the network by identifying the physical and virtual configurations. It includes the communication flow between multiple networks and external data accessing procedures.
• Create the policy base: While creating a policy base, you should include an efficient access control mechanism, information about user identity, application behavior, and so on.
• Continuous monitoring: In this process, continuous monitoring of both internal and external traffic is performed. Here the network and application logs are checked frequently on a real-time basis.

3. Assume breach approach

The reality is that none of the security prevention technology can ensure you 100% protection against threats. As the days’ pass, advance threats manage to bypass the security system. Here comes the importance of the assume breach approach. It is a way of testing the incident response force of an organization. It provides various security solutions and services. They are as follows:

• Red-team exercise: It is an advanced version of penetration testing, where a team of highly professional security experts not only finds vulnerabilities but also tests an organization’s threat detection and response capabilities. It opens up a way for immediate as well as long-term security posture improvement.
• Continuous monitoring: Continuous monitoring is necessary to detect threats at an early stage, and it can be achieved by providing real-time visibility of users as well as network endpoints. An active security monitoring system can ensure cyber hygiene and compliance by actively monitoring the network, application, and user activities. Some of the common tools used for monitoring are security information and event management (SIEM) tool and endpoint detection and response(EDR) tool.

Summary

Attackers are constantly looking for vulnerabilities to gain unauthorized access to an application or a network. With the advancement in technology, security threats and models are evolving at a faster pace. These security threats and models can stay hidden, self-destruct, by-pass traditional security systems, and so on. As a result, it can cost damage to your confidential information, corporate eavesdropping, and more. Hence, it is necessary to tailor a vulnerability management system that defends against threats and strengthens the cybersecurity system.