Cyber threats increase in magnitude and volume every year. Cybercrime costs enterprises $2.9 million every minute. Hackers committing data breaches exposed 36 billion records data breaches in 2020. Malware use increased by 358%, and the use of ransomware increased by 435%, in 2020. Enterprises struggle to keep their networks secure against such high-volume and high-intensity threats.
To make matters worse, the environment remains fluid. Incumbent security deployments become inadequate to cope with the changing threat landscape. Effective security depends not on having the right tools, which may become obsolete soon. Rather, effective security depends on the right approach.
Conventional Approaches
The knee-jerk approach to cybersecurity is throwing in security products that address specific threats. The enterprises may, for instance, have a firewall, an IPS, sandbox tools, anti-spam software, and so on. Every new attack or breach may cause more and more restrictions on users.
Such an approach worked in the past when internet connectivity was not yet the norm, and threats remained limited. Users installed anti-virus software, and over time added anti-malware, anti-spam, and other software. In today’s internet-enabled digital age, such a piecemeal approach would leave wide gaps and an open invitation for attackers.
Perimeter Based Approach
The perimeter-based approach focuses on protecting the network boundaries. Anti-malware software stores signatures of malware, updated regularly. It looks out for network traffic carrying similar signatures and blocks such malicious traffic. Side-by-side, network monitoring tools watch network traffic and detect anomalies.
Changed realities make such an approach obsolete, due to the following factors:
- With cloud and mobility becoming the norm, the enterprise network expands beyond the firewall. In today’s digital-first approach, the enterprise network co-ops a wide ecosystem. It expands beyond the workforce to channel partners, vendors, suppliers, and others. The bulk of the enterprise traffic comes from outside the firewall, often through public networks.
- Today’s malware now moves at the speed of light. By the time the intrusion prevention tools detect the malware and the security team acts on it, it is too late. Blocking access or shutting down networks, a common strategy, is akin to bolting the stable after the horses have bolted.
- Cyber attackers have become sophisticated. They deploy advanced tools to detect hidden vulnerabilities missed by the security tools.
Maturity-based Approach
The traditional approach to network security in the Internet age is the maturity-based approach. Here, the enterprise builds up a stack of control and defenses. The nature of these deployments depends on the traffic and the environment surrounding the network. The enterprise may, for instance, implement:
- Strong access controls, using two-factor or multi-factor authentication, biometrics, and AI-powered continuous authentication.
- Robust encryption, with the originator of the data keeping control of the keys to grant access to data at a granular level.
- Input validations by redesigning the network architecture.
- AI-based threat intelligence software to identify and block sophisticated attacks automatically.
- Real-time views into the network, including visibility into the supply chain.
- Security operations center (SOC) to assess, monitor, and respond to threats better.
- Offer training to the workforce, especially phishing awareness training.
Industry frameworks such as Cybersecurity Maturity Model Certification (CMMC) provide roadmaps to specific levels of maturity.
The maturity-based programs falter when the enterprise grows organically. For instance, traffic soon outstrips the capacity of analysts to monitor them. The security deployments slow down business and degrade the customer experience. Also, cybercriminals become more sophisticated and launch AI-driven attacks. Many threats slip through even the most robust of deployments.
Risk-Based Approach
The maturity approach works at containing threats but is cost-intensive. In today’s challenging business environment, the C-suite remains reluctant to invest in security.
The risk-based approach aims to contain the most significant threats upfront. Cyber security teams rank threats in order of severity and manage the most serious threats first. The enterprise draws up an acceptable level of risk. They rank risks depending on the business, reputation, regulatory considerations, and other factors.
In a risk-based approach, the cyber security team:
- Identify the most critical assets or the “crown jewels” of the enterprise data.
- Conduct a threat analysis to understand the threats and associated risks to such assets
- Identify and deploy the mitigation methods to ward off such threats.
The risk-based approach is the most cost-effective and delivers better ROI compared to other approaches. Most cyber experts consider such an approach as an advanced stage of the maturity-based approach. Here, the security team does not chase maturity and spends money for security that makes little difference. Rather, they identify and close gaps and critical vulnerabilities that do actual damage. For instance, if there are many tech-challenged end users, the security approach gives extra impetus for training.
Isolation Approach
The security by isolation approach aims to split the system into smaller pieces and isolate the different parts. Virtualization, using hypervisors, isolates specific drivers from the rest of the system.
Isolating sensitive data is the most effective way to protect it. If the data is not there, cybercriminals cannot access it, no matter how sophisticated the attack is. But isolation leads to data silos, which runs against the trend of transparency and openness. When analytic tools cannot access critical data, it throws up insights based on incomplete data. Such flawed insights can have big implications for business decisions. Business managers and security experts have to make trade-offs on what to isolate.
Remediation Approach
In an ideal world, the software is completely safe, with no vulnerabilities. But this is rarely the case in real-life. Even the most advanced testing approaches and code verification miss some bugs. The most resourceful and expert network administrators may configure the network wrongly. The most diligent of employees may click on a harmful link or have their access credentials stolen.
The remediation approach makes peace with the reality that the enterprise cannot prevent malicious traffic. Attacks will happen, and breaches will take place. The effectiveness of cyber security depends on preventing damages.
A related approach is security by obscurity. Here, the enterprise makes it hard or unattractive for attackers to exploit the vulnerabilities. One notable example is Address Space Layout Randomization (ASLR) in Linux, Vista, and OSX.
But the remediation approach has limited success when used in isolation.
Integrated Approach
The integrated approach seeks to get the basics right and overlay them with more safeguards for sensitive assets. The approach offers a mix of perimeter protection, maturity approach, risk-based, and remediation approaches. It co-opts security best practises into workflows, making it part of the work culture.
Here is how to implement a zero-trust strategy, which is essential to protect the network, regardless of the approach.
Cyber security faces challenges from multiple fronts. Enterprise networks become more complex with every passing day. Side-by-side, cybercriminals innovate and launch sophisticated attacks. In the meantime, regulators set new standards. And cyber breaches are high profile, with everyone from the directors to regulators, and from the CEO to the customer taking notice. A strong cyber security approach continuously assesses threats and eliminates the risk. There is no one size fits all approach, though. An integrated approach, considering the circumstances of the business, works best.