Reinforcing the Security Chain
By David Shephard, Vice President of Sales for Asia Pacific and Japan (APJ)
Security in the cloud is a top concern for the modern enterprise. Fortunately, provided that organizations do their due diligence when evaluating security tools, storing data in the cloud can be even more secure than storing data on premises. However, this does require deploying a variety of solutions for securing data at rest, securing data at access, securing mobile and unmanaged devices, defending against malware, detecting unsanctioned cloud apps (shadow IT), and more. Amidst this rampant adoption of security tools, organizations often forget to bolster the weakest link in their security chain, their users.
In ASEAN countries, enterprises’ rapidly expanding cloud footprints make them a prime target for cyberattacks. While Malaysia is ranked third globally in commitment to addressing cybersecurity issues, it is also ranked sixth in the region and thirty-third globally in vulnerability to cyberattacks. Unfortunately, the country’s current circumstances do not match its admirable intentions.
Nevertheless, countries like Malaysia are striving to enhance their cybersecurity efforts. A report from AT Kearney states that ASEAN countries spend 0.06% of their combined GDP (or 1.9 billion USD) on cybersecurity on average. In 2017, Malaysia invested 0.08%, double the .04% of its neighbors in the region. Additionally, while Malaysia currently employs 6,000 cybersecurity professionals, the nation is seeking to reach 10,000 by 2020.
According to another survey, 96% of Malaysian enterprises are only in the early stages of security preparedness. While these companies recognise the importance of cybersecurity, most have only deployed basic tools like firewalls and antivirus protections for on-premises and managed devices. Nearly half lack security intelligence and event management systems for monitoring and responding to various threats. Finally, despite the fact that the weakest link in enterprise security is the non-IT employee, only 31% of Malaysian companies want their workers to take part in IT security training.
Cybercriminals are constantly growing in sophistication; they leverage an ever-growing number of advanced strategies and tools in order to steal data. As such, it is critical for enterprises to employ proactive cybersecurity that prevents breaches from happening in the first place.
The Weak Link in the Chain
While great steps are typically taken to secure data, relatively little thought is given to the behaviors of its users. This is likely due to an ingrained reliance upon static security tools that fail to adapt to situations in real time. Regardless, users make numerous decisions that place data at risk – some less obvious than others. In the search for total data protection, this dynamic human element cannot be ignored.
External sharing is one example of a risky user behavior. Organizations need visibility and control over where their data goes in order to keep it safe. When users send files and information outside of the company, protecting it becomes very challenging. While employees may do this either maliciously or just carelessly, the result is the same – data is exposed to unauthorized parties. Somewhat similarly, this can occur through shadow IT when users store company data in unsanctioned cloud applications over which the enterprise has no visibility or control.
Next, many employees use unsecured public WiFi networks to perform their work remotely. While this may seem like a convenient method of accessing employers’ cloud applications, it is actually incredibly dangerous for the enterprise. A malicious party can monitor traffic on these networks in order to steal users’ credentials. The fact that many people reuse passwords across multiple personal and corporate accounts only serves to exacerbate the problem.
Users place data at risk through a variety of other ill-advised behaviors, as well. Unfortunately, traditional, static security solutions have a difficult time adapting to users’ actions and offering appropriate protections in real time.
Reforging the Chain
In the modern cloud, automated security solutions are a must. Reactive tools that rely upon humans to analyze threats and initiate a response are incapable of protecting data in real time. The only way to ensure true automation is by using machine learning. When tools are powered by machine learning, they can protect data in a comprehensive fashion in the rapidly evolving, cloud-first world.
This next-gen approach can be particularly helpful when addressing threats that stem from compromised credentials and malicious or careless employees. User and entity behavior analytics (UEBA) baseline users’ behaviors and perform real-time analyses to detect suspicious activities. Whether credentials are used by thieving outsiders or employees engaging in illicit behaviors, UEBA can detect threats and respond by enforcing step-up, multi-factor authentication before allowing data access.
Machine learning is helpful for defending against other threats, as well. For example, advanced anti-malware solutions can leverage machine learning to analyze the behaviors of files. In this way, they can detect and block unknown, zero-day malware; something beyond the scope of traditional, signature-based solutions that can only check for documented, known malware.
Even less conventional tools like shadow IT discovery are beginning to be endowed with machine learning. Historically, these solutions have relied upon lists generated by massive human teams that constantly categorize and evaluate the risks of new cloud applications. However, this approach fails to keep pace with the perpetually growing number of new and updated apps. Because of this, leading cloud access security brokers (CASBs) are using machine learning to rank and categorize new applications automatically, enabling immediate detection of new cloud apps in use. In other words, organizations can uncover all of the locations that careless and conniving employees store corporate data.
To reduce the likelihood of data leakage and cyberattacks, organisations must identify everything that they need to protect, as well as the strategies that they can implement to do so. While training employees in best security practices is necessary, it is not sufficient for defending data in our high-speed business world. Education must be paired with context-aware, automated security solutions (like CASBs) in order to reinforce the weak links in the enterprise’s security chain.