Cyber attacks on small businesses are no fun to deal with. In this article, Cisco's Hazel Burton looks at the cyber security approach that small businesses should consider taking, in order to close any gaps in IT security that might exist, and prevent potentially devastating consequences.
When I think of the ‘80s, the first things that come to mind are Alan Rickman taking a surprising tumble from the Nakatomi Plaza, Michael Jackson performing an improbable lean, Tom Cruise chasing down a fighter jet on a motorcycle, Martina Navratilova dominating the Wimbledon Championships for 6 years… and the game of Tetris.
I won’t lie, I spent an unfathomable amount of my wasted youth trying to ensure different sized shapes fit into a perfect line on a perpendicular screen.
And (as is so true in life) the better you did at it, the harder it became.
How cyber security is like Tetris
There’s an uncanny resemblance with the game of Tetris and the state of cyber security today. Many organisations are working with a patchwork quilt of old and new technologies, with a significant amount of legacy IT (and legacy thinking in some cases), and multiple security vendor solutions.
All the shapes are effectively mismatched, the problem grows worse the more you add, and the pressure grows from other departments who want things to move quicker.
A lot of organisations have found themselves in this situation because security was always a reactive industry: “Something’s wrong; we need to fix it.” Rather than planning for a problem to occur.
The issue with that approach is that it creates a Tetris-style scenario of different products – none of which speak to each other. They all have different management interfaces, and they all generate an overwhelming amount of security alerts, including false positives.
Multiple IT security alerts are hard to hear
The Cisco Cybersecurity Special Report reveals that 77% of mid-market businesses find it somewhat challenging or very challenging to orchestrate alerts from myriad solutions. And it’s because their security infrastructures – whilst they might be brand new – are living in the ‘80s from an architectural point of view.
This is happening simultaneously with a rising level of threat from the “bad guys”. Cyber-crime is expected to cost businesses $6 trillion in damages by 2021, up from $3 trillion in 2015 (the UK GDP was $2.8 trillion in 2018).
This growth is only compounded by a skills shortage of “good guys” to take down cyber-criminals: there’s a 2 million shortfall in cyber security employees worldwide.
Ben M. Johnson, CEO of Cisco partner Liberty Technology provides some context, “Many people think that if they go with a multivendor, best-of-breed approach, it will protect them better. But what we see is that it’s harder to manage, costs more, and decreases security effectiveness overall.”
Gaps in IT security are costly to fill
These holes require more resources if firms are to manage and update vulnerabilities. The industry average is between 100 to 200 days to even find a breach; let alone deal with it and its potential consequences.
So what needs to be done to solve these challenges?
From a future perspective (i.e stopping ourselves from allowing history to repeat itself), cyber security vendors need to work with both governments and educational facilities such to help close the gap.
Cisco, for example, is working with the police to train all officers in cyber security. The Cisco Networking Academy will be providing specialised training and guidance to 120,000 officers across England, Scotland, Wales and Northern Ireland.
As part of the wider Networking Academy initiative Cisco has already given cyber security training to over 1,000 students.
Secondly, connected security needs to happen by vendors working together to ensure their solutions are working together in harmony.
Simplify security infrastructure, respond to attacks quicker
Connected security means we can help our customers simplify their infrastructure, remediate attacks more quickly, and also mitigate the skills shortage because teams will be managing less interfaces.
The crucial thing is to make sure that everything comes back to the problem you’re trying to solve. At Cisco we’re committed to third party integration so that our customers are better protected. The “bad guys” are working collaboratively and connected, so we need to make sure, as an industry, that we’re doing the same.
Otherwise we will always be playing the hackers’ game of Tetris, and having the rules dictated to us, by them.
Thirdly, we need to find a way of cutting the noise down and using technology in a smarter way to eliminate the volume of basic alerts (only half of which are investigated according to our research).
Find out about Cisco's threat intelligence capabilities for yourself: take a no obligation free trial of our Security products.
What IT security role can artificial intelligence play?
For a lot of organisations, the volume of security alerts is like having a never ending email inbox, filled with spam. You’re unable to work out the urgent requests, from the important.
For this, the time has come to embrace three technologies that once sounded more at home in a fictional sci-fi setting than in everyday business: Artificial Intelligence, Machine Learning and Automation.
Advanced capabilities in AI can enhance network security defences and, over time, “learn” how to automatically detect unusual patterns in web traffic that might indicate malicious activity.
Machine learning is useful for automatically detecting “known-known” threats—the types of infections that have been seen before. But its real value, especially in monitoring encrypted web traffic, stems from its ability to detect “known-unknown” threats (previously unseen variations of known threats, malware subfamilies, or related new threats) and “unknown-unknown” (net-new malware) threats.
Tools for automation which provide network context can also give security analysts insight into potential leak path issues. In addition, implementing appropriate segmentation policies can help security teams quickly determine whether unexpected communication between networks or devices is malicious.
These three technologies are accessible to small businesses, and, if implemented correctly, will help these organisations not make the same mistakes as some of their larger counterparts, who are currently trying to solve their Tetris style fragmentation issues.
Educate your employees on common cyber security threats
Of course, it’s important to never overlook the basics. Small businesses should consider their strategy to educate employees to use strong passwords and recognise phishing emails; since cyber criminals are stepping up their social engineering campaigns.
And of course nothing is more important than having a regular patching routine. Endless amounts of security breaches can be stopped simply by patching.
For more on how to defend your business against the latest threats, visit our dedicated page for small businesses.
About the AuthorFollow on Twitter Follow on Linkedin More Content by Hazel Burton