Story image

Opinion: Why agility matters in the war against cybercrime

06 Jun 18

Article by Endace EMEA senior director James Barrett

Business agility has long been vital for competitiveness. It drives everything from developing a customer base to capitalising on new opportunities. But as companies generate huge volumes of valuable data, the reality is that most are constrained by hardware solutions and lack of agility, rendering few able to respond to emerging cyber threats anywhere near quick enough.

Meanwhile, hacker’s agility remains unrivalled. Verizon’s 2015 Data Breach Investigations Report found the median time it takes for a phishing campaign message to get its first click was 82 seconds, while 60% of phishing attacks are able to compromise an organisation within minutes.

It’s proof of exactly how important agility is becoming, with evidence showing that the faster a data breach can be identified and contained, the lower the resultant costs. The 2017 IBM Cost of Data breach study showed strong correlation between the speed with which an organisation can identify and contain data breaches and the financial impact of the breach. Research results showed that in 2017 the average number of days taken to identify a data breach was a staggering 191, and while the cost of data breaches varies from country to country, the average total organisational cost of a breach in the United States was, for example, $7.35 million.

Note that this number doesn’t include post data breach costs, including the cost to notify victims. Soon, with the advent of GDPR and other similar regulation worldwide, businesses will have a maximum 72 hour window to understand what has caused the breach, whether it has been stopped, how much data has been lost and inform any individual affected from staff to shareholders. It’s enough to make a company anxious about agility.

Preparing for an unknown future

From a corporate perspective, the definition of agility is changing. It is no longer solely about responding quickly to attacks, but also around the ability to continue to evolve security capability and keep ahead of the attackers - which includes the ability to deploy new solutions or upgrade solutions quickly.

Companies trying to defend their networks from cybercrime are finding it increasingly harder to build defences that are agile enough. This is because the majority of security solutions are still being deployed as hardware appliances, which are expensive to buy and maintain on the basis that they are often single function or a single vendor vertically integrated solutions.

Other issues include the time needed to deploy and configure hardware solutions due to the need to raise budget, evaluate vendors, do proof-of-concept, purchase, deploy and configure - all of which can take months. Due to the nature of the CapEx cycle, these products are automatically given a limited budgetary lifetime too, generally being given little more than five years before being written off.

Agility by way of virtualisation

For a business to be truly agile when it comes to security, the need to move beyond hardware is paramount. Businesses need to look to virtualisation the same way they have with datacentres, where it has helped companies to remove the overhead of managing many individual hardware-based servers. From an analytics point of view, virtualisation can do the same thing, removing the need for expensive hardware, and facilitating the delivery of analytics solutions that collect packet data.

With packet data, companies have access to the definitive evidence of breaches, suspicious activity or network performance issues. This helps not only reduce unplanned downtime, but gives every cybersecurity team the ability to investigate a threat or a network performance issue quickly and conclusively so that they can respond appropriately.

How quickly and accurately businesses are able to respond to attacks is not a nice-to-have, but fundamental to competitiveness on a global scale and, if it isn’t number one on the boardroom agenda, it should be.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.