Home Brand View Four ways regional firms can deal with cyber security threats Justin Fier, director of Cyber Intelligence and Analytics at Darktrace, explains why regional firms must take a proactive approach to cyber defence by Justin Fier March 21, 2019 When it comes to cyber security, the reality is that security teams cannot react quickly enough in the face of increasingly automated cyber-attacks. Sadly, as defenders, we are struggling to keep pace with the attackers. With a skills gap of over a million cyber security professionals worldwide, how can organisations stay ahead of sophisticated and fast-moving attacks? Let’s take a look at some tactics that may help you do more with the same resources in 2019. Let AI do the heavy lifting We are facing a dramatic cyber skills shortage, with the demand for skilled practitioners consistently outstripping supply. Companies struggle to find the right people for the job. Cyber AI technology makes security teams more efficient by doing the heavy lifting and enabling them to focus on higher-level, strategic work. By dramatically reducing false positives and alerting security teams to genuine threats, these technologies can ensure your security team can focus on researching and remediating the most serious threats on your network. Be creative in your hiring Consider rethinking your hiring strategy. Traditionally, most security teams have consisted of seasoned security professionals and cyber analysts, who use their experience to identify indicators of threats. However, armed with AI technology, budding cyber security experts can also catch even the most pernicious threats. The most effective security teams aren’t necessarily the largest or the most experienced, but the most diverse – complete with skilled cyber professionals, engineers, analysts, and intuitive business thinkers. In 2019, we need to restructure and train our teams to work in tandem with new AI technologies that catch and respond to threats. Armed with a badge into the building and a password to the network, some of the most impactful breaches start with an insider gone rogue — and yet these are often the most difficult threats to detect. A recent Ponemon study found that on average it takes organisations 50 days to remediate a malicious insider attack. Yet it might take just one day for an employee with the right access level to obtain a proprietary drug formula, the details of an upcoming merger, or the launch date of a new project and exfiltrate the information to a competitor. In light of this, you should be asking yourself a critical question: Do I have a tool that can detect insider threat? All too often, organisations lack understanding of the normal patterns of their own employees, let alone rogue devices or third-party exposure. Without this knowledge, early indicators of threat are often lost in the noise, not to be discovered until the problem becomes a crisis. The days of retrospective cyber defence have to be over. In order to accurately detect insider threat, we need teams and technology that can quickly identify, understand, and report threatening user and device behavior — alerting our teams to shifts or changes indicative of early stage cyber-threats. Less is more: Prioritise threats in order of severity We are drowning in data. An Ovum report found that over a third of banks receive more than 200,000 security alerts daily. Finding an indicator of the next major attack is like trying to find a needle in a haystack for security teams. Organisations need to not only find that threat, but find it before it starts inflicting damage – in other words, in real time. But how can you find the subtle threat lurking in your network when your team is sifting through 200,000 alerts a day? Investing in methods to effectively visualise and prioritise threats in order of their severity can prove the difference between finding a threat as it emerges and finding a threat hundreds of days later. By implementing a system to rank genuine threats by their level of deviation from ‘normal’, security teams of all sizes can rapidly investigate, remediate, and move on to the next incident, resulting in hours saved and a more effective workflow. As attacks become faster and hackers become smarter, we need to evolve as well — thinking creatively and finding ways to buy back time for security teams. Artificial intelligence can do much of the heavy lifting for us, prioritising alerts and autonomously responding to threats, providing us and our teams with the time to focus on priorities and strategic initiatives. It’s time to take a more proactive approach to cyber defence. Read the Cyber AI Response: Threat Report 2019 for 7 real-world attacks that were intercepted and neutralized by Darktrace Cyber AI within seconds. 0 Comments