How organisations deal with complex cyber attacks

Increasingly sophisticated cyber-attacks mean businesses need innovative ways of handling advanced threats

Where the organisation is concerned, the CISO must learn the language of the boardroom (risk) and earn their seat there. This must happen for funding to flow and for security to align to the business; the c-suite must care about security as much as they do about other forms of risk, like operational, legal and financial risk.

Finally, the practice of security needs to be more agile with a focus on metrics that value most highly the carbon-based intelligence and wisdom and maximise its use in a company. "Automation isn't going to be an AI that just 'does security for you' but it can make the lives of practitioners better and faster and quicker to adapt," adds Curry.

Complex attacks require careful analysis

The increasing intricacy of cyber-attacks has increasingly led companies towards using predictive security -- and human analytics plays a large part in this.

"Cyber criminals are smart people and should be countered by equally knowledgeable analytics teams that seek to understand the complexity of threats and how to combat them, to listen to the chatter and use that to move away from being reactive," says Rory Duncan, head of security at Dimension Data. "The ability to deconstruct and reconstruct attacks to identify what has happened in breaches, before and after attacks, is vital."

Advertisement
Advertisement - Article continues below

Complex cyber-attacks are run by humans and attempt to deploy psychological techniques in tandem with technology, which is why knowledge of vulnerabilities and being able to anticipate them is key for setting up a proper defence.

"One example is the protection of emails going to HR and accounts specifically, because they're constantly required to open attached job applications and invoices respectively, from people they don't know. Attackers are well aware of this, so specifically target HR and accounts. Common sense beats machine learning in this area," says Wieland Alge, VP and GM for Barracuda.

The role of artificial intelligence

AI can provide notable cyber-security advantages compared to a human being's ability to combat threats.

"AI could also be valuable for developing solutions for a range of industries, harnessed in such a way that it understands user and network behaviour, comprehends business context through self-learning over time, and reacts to any deviations from the norm in real-time," says Tristan Liverpool, director of systems engineering at F5 Networks.

Machine learning shortens the time it takes to spot something strange happening on a network, but it can't tell you exactly what's wrong, according to Gary Evans, CTO at Reliance.

"You need good people to dig deeper and understand if it's a real threat or not. Spotting the anomalies are difficult for people thanks to the vast quantities of data and events organisations typically produce, this is where ML really excels. But we absolutely still need skilled analysts to investigate and quantify the anomalies," he says.

Main image credit: Bigstock

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019