Where will the future of cyber security lead us?
To accurately predict the future, it helps to examine our present state and take a brief look back to see how far we’ve come.
There’s A Clear And Constant Threat Today
Here at Content Security we see the harsh reality that our customers are facing persistent and growing threats on a daily basis.
Recent stats suggest that close to 100 per cent of businesses have been breached regardless of whether or not that breach has been detected. It's a day-to-day challenge for customers to both manage and protect against ongoing threats. It’s an even bigger challenge to actually detect when a breach has occurred.
The scariest part is that locally, here in Australia, on average it's 200 days before your company detects that you've been breached. In the US, they've been able to bring that down to about 100 days.
So as a business, our challenge is to continually help the customer improve their level of security in different ways including ongoing protection, threat management, breach detection and shortening time to detection.
Compared to 20 years ago - Where we are at now
How does the present state of cyber security compare with 20 years ago? To gain a meaningful comparison, we need to look at a number of key areas of change and influence:
Early threats were associated with email. We quickly came to understand that the goal of the virus was focused on shutting down a network. Many were initiated to gain attention and to demand credibility. The threats weren’t anywhere near as sophisticated as they are today and they weren’t focused on monetary gain.
Access to Porn
The other challenge for businesses in early 2000 was managing the access to and viewing of porn from the office computer. Employees saw business networks as cheaper to use and faster options for indulging their appetite for the growing availability of porn.
We would visit client businesses and advise them on developing and implementing acceptable user policy for Internet use. And on the email side it was all about reducing the level of spam that was actually coming into their organization.
The Evolution of Threats - Then vs. Now
Fast forward to today, these issues are all being handled effectively. We've developed maturity across the business landscape around what is acceptable from both an Internet perspective and a user perspective when you're at work. At the same time, there has been the additional translation of those policies for dealing with all things social media.
However, the threat for businesses today continues to grow because all our devices and platforms are becoming more and more interconnected, which means there is a growing number of connections back into your network. This translates to an increased number of opportunities for cyber criminals to gain access to a business.
The Growing Maturity and Sophistication of Cyber Criminals
Cyber criminals are more mature and more sophisticated than ever before.
Cyber threats are becoming becoming very personalised and very targeted. Often centred on collecting data about people and their digital habits. By watching people in their personal environment (email, social, etc.) cyber criminals can spot opportunities and weaknesses from a personal perspective and then make links to a business or other area of influence that could represent a more lucrative opportunity. What started as a personal email attack could easily morph across to that person’s business and represent a far bigger payoff to the cyber criminal.
Cyber Security Awareness Training
We see about 70% of companies budgeting for some form of cyber security awareness training. The mandatory data disclosure laws have led to a lot more awareness and discussion at the board level, which is promising.
What we need to start building is a level of trust and awareness throughout the whole organisation, not just at management and board levels. We need to see greater understanding about how data is being used and the risks and potential impact should that data get exposed.
Companies are in a state of overwhelm and fatigue
There is a lot of cyber threat ‘noise’ out there today and that leads to fatigue - just managing the level of incidents and determining what is the real threat is time consuming.
Meanwhile cyber criminals are using time and patience to work out how to actually get into an organisation and take that data out slowly.
There's a shortage of cyber security professionals to combat these efforts and there is a growing financial appeal for those with the skills to take to the dark side. This translates to highly motivated adversaries who don’t stop, day in, day out.
These aren’t our parents’ criminals, who would forge in with a gun and a mask to rob the local bank and be in and out in minutes. These cyber criminals are more of the mind that, “We're going to get in, we're going to live in your house for 100 days. You won't even know we're there. Slowly we start taking your treasures a bit at a time and we fly under your radar as we do it.”
For a business it's all about understanding their data and what is valuable, and then finding the best tools and the best partner, to help them maintain their cyber safety.
This is where we come in. We've evolved with the market and the trends and are across the challenges our customers face. We're able to help them by securing a lot of the elements that potentially could be of high risk for them. And we provide support whether it's in the form of an attack or defense.
The cyber security landscape has definitely undergone tremendous changes over the past few decades. Threats are expanding in type and in number and sophistication and the skills and support required to combat them are evolving as well. What we can say for sure about the future of Cyber Security is that it will grow as a fundamental business imperative.
For more discussion about the approach, tools and cyber security techniques required organisations today and into the future, stay tuned for Part 2 of The Future of Cyber Security.
This article was written after an interview with Daniel Crnkovic. Listen to the full interview on our podcast: