In 2018, a security issue at Facebook affected an estimated 50 million users. In 2017, 412 million user accounts was stolen from Friendfinder’s sites and 147.9 million customers were affected by the Equifax data breach. In 2016, 3 billion Yahoo accounts were hacked while hackers managed to steal the data of over 57 million riders and drivers from Uber.
That some of the world’s best-known and biggest tech companies have experienced such massive security failures demonstrates the scale of the cyber security challenge. If not, consider this: the average number of recorded breaches per country in 2017 alone was 24,089. India experienced the highest number of annual breaches (over 33,000 files). The US had 28,500. These are reported figures: the actual numbers could be much higher.
With this in mind, a recent article in India’s Entrepreneur magazine looks at upcoming long-term solutions being observed within the markets.
1. Cyber attacks have gone from being standard-issue, easily manageable threats to complex attacks.
Cyber attacks have gone from being standard-issue, easily manageable threats to complex attacks that leverage cutting-edge technologies and sophisticated algorithms. Given the highly varied nature of modern attacks and the sheer amount of information needed to fully document an attack, it’s no longer possible for cyber security teams to process everything within a reasonable timeframe. Improving detection and response times for cyber threats and enabling human cyber security teams to focus on the more strategic threats is vital.
2. Companies across the world are now looking at adopting AI-powered cybersecurity solutions.
Automation in cyber security is not a new concept and has been widely used over the years. However, with the rising attack surface, the number of alerts being generated by security automation products is usually overwhelming. The high severity threats get buried within a mass of irrelevant alerts, and organisations have to either spend a lot on cyber security teams to manually filter through those alerts or deploy customised automated security solutions that are also prohibitively expensive. This is where AI-powered technologies enter the frame. These technologies are a cost-effective way for companies to identify the most critical threats, thereby increasing detection and response times. In fact, 61% of enterprises today say they cannot do without AI technologies when it comes to detecting breach attempts. Another 48% say that their budget for AI in cyber security will increase by an average of 29% in 2020.
3. Applications today have become increasingly diverse.
They reside on multiple platforms (mobile devices, web servers, application servers, etc.) and proliferate from a number of sources – in-house, third-party, or Commercial Off-the-Shelf (COTS). And while enterprises have so far been fairly effective at protecting the network layer and endpoints of the cyber security surface, the application layer itself remains highly vulnerable. This means enterprises have to make it as difficult as possible for a malicious actor to hurt the organisation or its digital assets.
4. A poorly-written piece of code can affect more than just itself.
A poorly-written piece of code can affect more than just itself. The components it interacts with are also at risk. Even a minor flaw can be exploited, damaging, or leading to damage of critical parts of a company’s infrastructure.
Bugs are commonly introduced due to development team time constraints, legacy code that has since become vulnerable, carelessness or a misunderstanding of bug classes that an attacker will exploit. No matter the automation or rules you have in place, one mistake can take down the organisation. A large amount of information is also leaked online through innocent mistakes.
Given this context, security can no longer be just another layer over the business application but should be inherently built into it as part of the development workflow itself. Things like malicious code, application backdoors and lack of security functionality need to be addressed during development itself; and for existing projects, via a comprehensive assessment.
Summing up, cyber attacks have become more sophisticated and complex than ever, and the defensive methods that worked even a few years ago are now quite limited in their effectiveness. Luckily, a number of advanced cyber security solutions providers are leveraging cutting-edge technologies to build faster detection and response times. Most of these cloud providers have highly sophisticated systems to secure your infrastructure better. Although those systems have a steep learning curve, investing time in setting up proper access controls and defense mechanisms can go a long way in securing your organisation.
Would you like to find out more? Talk to us at CyNation.
This article is based on a recent item in India’s Entrepreneur magazine.