Martin Deacon, chief technology officer, Capita Network Solutions
The next generation of cyber threats will need the next generation of cyber tools, assisted response and proactive threat hunting.
Every year sees an increase in the scale, frequency and sophistication of cyber threats – and we should expect 2019 to be no different. Most organisations should be looking at ‘when’ not ‘if’ they will come under cyber attack.
Security measures such as firewalls, antivirus and malware filtering, while still relevant and necessary, are proving to be not enough on their own. And attacks can be hard to recognise – it might take 100 days or more for a large enterprise or public sector organisation to even realise that it’s under any form of cyber-attack. Fast and efficient threat detection, and importantly the associated response, will be key.
2019 will see an increase in intelligent tools to detect cyber attacks
AI, machine learning and cognitive analytics will all play an increasing role – tools that work together to join the dots and get a better insight into whether an organisation might be under attack. Machines have the ability to process and analyse huge volumes of structured and unstructured data and to identify subtle changes and abnormalities, and detect patterns and differences to spot which traffic is not normal.
Predictive analytics analyses huge volumes of past data to understand patterns and provide insights into where cyber threats are coming from, the probability of them happening and their level of severity.
By using predictive cyber tools and adapting your business, there’s a good chance that you’re already mitigated before a cyber-attack has happened, because you’ll see the patterns developing. These insights help target the activities of ‘Threat Hunters’ working proactively in tandem with monitoring and detection teams.
People culture and awareness
Attackers will always seek to exploit the weakest link – often that weakness is people. How tempting is an attachment labelled “Payroll List.xls”? Technology must not be seen as the sole defence. For example, training and awareness can reduce the risks posed by phishing and its malicious payload.
The use of encryption will continue to rise
And the increase in use of encrypted traffic could be a particular issue for the public sector. While solutions and services exist that can decrypt, inspect and process encrypted traffic, privacy-related regulations and/or self-defined policies have traditionally led the public sector to adopt a ‘do not decrypt’ mandate. If 60% – and growing – of internet traffic is encrypted, the blind spot is getting bigger all the time, this will likely need to change.
The public sector will need solutions that can deal with encrypted traffic at scale and with suitable control and granularity to enable opt in/out flexibility to specific organisations, departments, systems or even users.