Why it pays to be the early bird in adopting a cybersecurity strategy3 min read . Updated: 23 Mar 2018, 01:34 AM IST
Cyber-defence becomes less effective over time as attackers develop steps to evade them
Cybersecurity strategy has arrived at the popular definition of insanity: do more of the same and expect a different outcome. Although information technology (IT) professionals spend more money every year to strengthen their defences, things just keep getting worse. In the technology landscape, the common notion with the introduction of a new innovation is to sit back, analyse its performance, wait for the price to come down and allow the bugs to be fixed before adopting it. As they say, the longer you wait, the sweeter the fruit. In cybersecurity, however, that may not be the case.
Conventional wisdom needs to retire
International Data Corp. predicts that spending on security solutions will accelerate over the next few years, achieving a compound annual growth rate of 8.7% through 2020. Yet, despite increasing investments in security solutions, the number of cybersecurity threats and successful cyberattacks continue to grow.
Between 2006 and 2016, the average number of daily cyberthreats grew from 25 to more than 400,000—about 300 per minute. New malware was up 60%, targeted attacks increased 30%, and cybercriminals were stealing more than a billion personal records every year.
Organizations easily assume that they should buy the latest, greatest cybersecurity tools, anchor them firmly in place, and feel relieved that they have invested in a strong defence that will last. Most organizations believe in purchasing best-of-breed security solutions within the security domains under their responsibility—even if it requires multiple vendors to sustain that security strategy. And they cling to this belief, despite growing evidence that their layered approach isn’t making their organizations more secure.
Why early adoption wins
Contrary to other domains in the tech world, in cybersecurity, it rarely pays to be a late adopter. Most newly introduced technologies in the market get better over time, so many IT professionals prefer to adopt new technologies only after others have worked out the bugs and the price has come down.
With cybersecurity, it is the opposite. Cyber-defence capabilities actually become less effective over time as attackers develop countermeasures to evade or neutralize them, so organizations benefit most by adopting and deploying cybersecurity solutions as early as possible.
Just as microbes build up resistance to antibiotics as the life-saving drugs are widely distributed, cybercriminals quickly learn how to mutate their malevolent creations to get around cybersecurity technology that is intended to block their path. As attackers work diligently to create countermeasures and new ways to evade detection and exploit vulnerabilities, they end up rendering the once-powerful security widget increasingly ineffective.
For instance, “sandbox technology" is a good example of how promising cyber-defences can quickly become ineffective. Many organizations rushed to adopt sandbox technology, believing it to be a silver bullet that would thwart cyberattacks and make the world safer. For early adopters, sandboxing was extremely effective at first, but it didn’t take long for attackers to develop a number of sophisticated countermeasures that allowed malware to identify a sandbox and evade detection. As it grew increasingly difficult to programme sandboxes to mimic human behaviours, sandbox technology became the latest in a long line of best-of-breed cybersecurity solutions rendered less effective by countermeasures designed to undermine them. Hence organizations benefit most by adopting and deploying cybersecurity solutions as early as possible.
The future is in being open
It is imperative to adopt a security platform that can deliver long-term security sustainability and allows organizations to swiftly move new cybersecurity technologies onto an architecture backed by common tools and workflows. Such a platform can further provide automation and orchestration capabilities to lessen the burden on their “over-tooled and understaffed" security teams. Unlike the layered defence-in-depth approach, an integrated open platform will allow them to quickly adopt the latest security products with minimal effort.
An open platform approach can reduce the number of software agents on the desktop by nearly two-thirds, shorten time to remediation by 90%, and produce a 10-fold productivity increase in alerts processing. With an open platform that facilitates real-time messages between security components from multiple vendors, organizations can reduce the amount of time they spend managing a security incident by more than 85%, from an average of 95 minutes to just 13 minutes.
Clearly, the layered defence-in-depth approach to cybersecurity that many organizations still use is no longer an effective way to protect their assets. The threat landscape now changes too quickly, and the traditional and outdated approaches to security cannot stop sophisticated attackers any more. By making an integrated open platform the cornerstone of their cybersecurity strategy, organizations can achieve faster technology implementation, better threat response, more effective defence capabilities and a higher level of security overall.
Anand Ramamoorthy is managing director of South Asia at McAfee Llc.