Security professionals vs Cyber criminals: Who has the upper hand?
On the security side, organisations appear to have upped their game by adopting more sophisticated tools for preventing attacks and reducing their impact. They’ve recognised the business necessity of a strong security posture and express confidence that their security processes are optimised. Technology vendors are also more attentive toward finding and fixing vulnerabilities in their products, giving criminals fewer opportunities to launch exploits. But at the same time, adversaries are becoming more sophisticated not only in their approaches to launching attacks, but also in evading detection:
- They change their tactics and tools from moment to moment, disappearing from a network before they can be stopped, or quickly choosing a different method to gain entry.
- They devise spam campaigns using hundreds of IP addresses in an attempt to bypass IP-based anti-spam reputation products.
- They design malware that relies on tools that users trust, or view as benign, to persistently infect and hide in plain sight on their machines.
- They find new vulnerabilities to exploit if vendors shut down weaknesses in other products.
- They work at establishing a hidden presence or blend in with the targeted organization, sometimes taking weeks or months to establish multiple footholds in infrastructure and user databases. Only when they are ready will they execute their core mission.
According to the new Cisco Security Capabilities Benchmark Study, security professionals say they’re optimistic that they’re well prepared to hold back online attackers. Yet adversaries continue to steal information, make money through scams, or disrupt networks for political goals. In the end, security is a numbers game. Even if an organization blocks 99.99 percent of billions of spam messages, some will make it through. There is no way to ensure 100 percent effectiveness.
When these messages or exploits manage to reach users, it is the users themselves who become the vulnerable point in the network. Since enterprises have become more adept at using solutions that block network breaches, malware and spam, malicious actors may instead exploit users through tactics such as sending them a fake request for a password reset.
As users become the weak link in the security chain, enterprises have choices to make when implementing security technologies and policies. As developers try to make applications and software more intuitive and easy to use, do organisations open new loopholes for cybercriminals to exploit? Do enterprises bypass users, assuming they cannot be trusted or taught, and install stricter security controls that impede how users do their jobs? Do they take the time to educate users on why security controls are in place and explain how users play a vital role in helping the organisation achieve dynamic security that supports the business?
Technology solutions rarely empower users to take charge of security as active participants. Instead, they force them to work around security tools that get in the way of their workday; leaving the business less secure. Security is no longer a question of if a network will be compromised. Every network will, at some point, be compromised.
Yellowspring has the skills and experience to help you develop your security using both technology and process controls. If certification is required, we can guide you through the process. Contact one of the pre-sales team at Yellowspring on 01268 494160 to arrange an initial security audit or email: email@example.com