Automated Security vs. Manual Security: It’s 50-50, folks
McAfee Labs Threats Report for September 2016, reveals that the time when a breach is detected till the time to recovery from that breach, is a gap that is ever widening. This is a trend that shows no sign of dissipating. And this is just one of a few research discoveries that Intel Security shared during GovWare 2016 in Singapore.
When Intel Security’s Director for Cyber Defense David Allott presented the report, he also shared about how the healthcare industry is becoming a favourite target for ransomware attacks, and that a majority of businesses are still overlooking the importance of securing physical media like USB drives.
Sadly, the healthcare industry is being targeted because it is relatively unprepared for cyberattacks, unlike the financial services industry and retail sector that would have already deployed comprehensive protection against data loss.
So yes, the healthcare sector still has a large install base of legacy IT that have weak or no security. When ransomware attacks happen, they are then more likely to pay the ransom because of urgent need to access vital patient data that would have information about how best to care for them.
For example, a Caifornia-based hospital paid USD17,000 to restore its files and systems after suffering a downtime of five working days.
Intel Security’s report further revealed that nearly USD100,000 in payments have been made by ransomware victims, to specific bitcoin accounts belonging to these ransomers.
Data loss and analytics
Almost 40-percent of data loss involve some form of physical media. Allott said, “Only 37-percent of companies use endpoint monitoring of user activity and physical media connections.”
He also delved a little further into Analytics 3.0 or the more advanced usage of analytics in cybersecurity whereby big data, deep learning and cognitive computing could enable prediction of threats behaviour and deeper insight into it.
Allott observed, “Most security companies have not reached Analytics 3.0 currently, but most are expected to by 2020.”
Intel Security uses it extensively when studying how ransomware is developing and also when studying the behaviour of botnet networks.
Best-of-breed versus integrated platform
This year, research by Penn Schoen Berland of 2100 security professionals across five countries, discovered that customers are split down the middle when it comes to the best-of-breed security posture and the integrated platform approach.
Allott described the first approach as being complex, talent-intensive, using different point products that created siloes. He pointed out, “How to integrate all these siloes to get real-time situational awareness? There is no learning to better defend against future attacks.”
The integrated platform approach however is a collaborative ecosystem that is agile, scalable and embraces automation.
“Intel Security believes in the threat defense lifecycle – sharing security intelligence across all internal security teams, allowing these security ‘teams’ to pool their resources together and protect in unison,” he said.
The company has somewhat realised this with its data exchange layer or DXL. This is a bi-directional, open communications platform that allows separate security tools to share info, pool it all together into a single, integrated system and automate policies.
This layer utilises a communications bus as opposed to APIs which Allott described as being ‘brittle’ and one-directional.
Of the over 140 partners in their Security Innovation Alliance, over 40 have begun or completed integration with the DXL platform.
“Each of them can function as sender or sender/receiver or receiver of small, one kilobyte packets of data that allows businesses to build local threat intelligence and ultimately, situational awareness,” Allott said.