Cyber Defense eMagazine August 2020 Edition

More documents

Recommendations

Info

Why Are Fully Staffed Cybersecurity Teams Unable to Keep Up with Hacks? By Steve Salinas, Head of Product Marketing, Deep Instinct Faced with mounting cyber threats, large enterprises are devoting more resources than ever to improving their cybersecurity posture. According to a Cisco survey released last fall, 93% of enterprises with 10,000 or more employees spend more than $250,000 annually on cybersecurity, with half spending over $1 million each year. The return on those investments leaves much to be desired. A 2019 report from Accenture and the Ponemon Institute found that security breaches had increased 11% since 2018 and had spiked 67% since 2014. Some experts ascribe the problem to woefully understaffed cybersecurity teams – but even fully staffed, highly experienced cyber teams are encountering hacks they can’t fully prevent or contain. The real culprit isn’t necessarily the size of the typical organization’s cybersecurity staff, but the outdated tools and operational methodologies many of these teams use. As hacks grow more frequent and more complex, organizations should rethink the tools and technologies they’re using to meet the threat. Cyber Defense eMagazine – August 2020 Edition 84 Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
The Rising Cost of Failure How much is cybersecurity costing companies? In a recent Ponemon-Deep Instinct survey of IT and IT security practitioners, only 40% of respondents believed their budgets were sufficient for achieving a robust cybersecurity posture. These budgets are predominantly funneled into containing and remediating threats rather than preventing them – in large part because cyber staff are overwhelmed with the amount of data that they need to monitor. Yet this “assume a breach and then contain” approach comes at a big cost, with the time and money spend remediating attacks costing well into the hundreds of thousands of dollars. The value of preventing a cyber-attack ranges from $400,000 to $1.4 million, depending on the nature of the attack. If an attack is the first of its kind, it’s virtually guaranteed to succeed with absent strong preventative capabilities, and organizations stand to lose upwards of $1 million per successful attack. Subpar Solutions, Subpar Results Why are current approaches to cybersecurity proving so inadequate? Because they over-rely on the human intervention. Specifically, most AI-based cybersecurity solutions are powered by traditional machine learning (ML), which is inhibited by a number of limitations that have become substantial problems in the recent past. Chief among these limitations is data: ML models are trained on only a fraction of the available raw data, and are trained on features identified by experts. Human error, of course, also comes into play, even when highly specialized computer scientists with expertise in cybersecurity carry out ML feature engineering. These professionals excel at training ML models on known threats – but even seasoned cybersecurity professionals are unable to anticipate emerging, first-seen attacks, that are designed to be evasive. Hackers of course, understand this, which is why they now building malware that is capable of fooling ML models into classifying it as benign. Finally, there’s a limit to the size of the dataset for training ML systems before reaching learning curve saturation – the point past which the system no longer improves its accuracy. Given these limitations, ML systems struggle to detect new, previously unseen malware, while generating high rates of false positives. Just as the cost of an unprevented attack can deliver a real blow to the bottom line, the time and resources required to investigate false positives also strains security teams’ resources. This, in turn, breeds a sense of “alert fatigue,” making teams more prone to error when genuine threats emerge. Simply put, AI trade-offs – not understaffed cybersecurity teams – may be one of the biggest inhibitors to achieving a resilient cybersecurity posture. Cyber Defense eMagazine – August 2020 Edition 85 Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Security by Design: How to Protect
Page 3 and 4:
4 Simple Ways to Repel Ransomware a
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - August 20
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Your website could be vulnerable to
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Security by Design: How to Protect
Page 25 and 26:
Security by Design = Growth by Desi
Page 27 and 28:
How To Grow Your Cyber Expertise Du
Page 29 and 30:
Cyber competitions and hackathons a
Page 31 and 32:
that 60-day threshold has begun to
Page 33 and 34: About the Author Carolyn holds the
Page 35 and 36: Since the cloud business infrastruc
Page 37 and 38: COVID-19 And Security Team Cuts Are
Page 39 and 40: Soc Teams Impacted by Redundancies
Page 41 and 42: Security Tech Investments Also on H
Page 43 and 44: Work from Home = New Challenges for
Page 45 and 46: Most Companies Continue to Use/Inve
Page 47 and 48: Mitigation and Legal Costs Are the
Page 49 and 50: The findings from our survey clearl
Page 51 and 52: normal that not everyone was prepar
Page 53 and 54: What companies can do... Start with
Page 55 and 56: Regulatory compliance is becoming m
Page 57 and 58: WireGuard - Separating Fact from Fi
Page 59 and 60: Running in-kernel Can you achieve t
Page 61 and 62: The reality is that many organizati
Page 63 and 64: About the Author Egon Rinderer is t
Page 65 and 66: Countless times I have seen an orga
Page 67 and 68: CERT Warns Bad Actors Are Targeting
Page 69 and 70: About the Author Saryu Nayyar is th
Page 71 and 72: Luckily there are several best prac
Page 73 and 74: Ransomware, Risk, And Recovery Why
Page 75 and 76: Under the very best circumstances,
Page 77 and 78: Getting Employees Back to the New N
Page 79 and 80: ● Equip IT and security teams wit
Page 81 and 82: The 14 th Annual State of Agile Rep
Page 83: About the Author Danny is Chief Met
Page 87 and 88: About the Author Steve Salinas is t
Page 89 and 90: One of the defining characteristics
Page 91 and 92: TLS/ SSL Decryption - One of the Ma
Page 93 and 94: Key features of a good TLS/ SSL Dec
Page 95 and 96: increasingly interested in enforcin
Page 97 and 98: Attitude Adjustments There is a lot
Page 99 and 100: Why Academic Openness and A Rise in
Page 101 and 102: Of course, it is always a good idea
Page 103 and 104: and mitigated. Unfortunately, the f
Page 105 and 106: HIPAA Compliance and The Protection
Page 107 and 108: ● Verifying that the workforce co
Page 109 and 110: Smart Gadgets in Proving Workplace
Page 111 and 112: Through this effort, we would try t
Page 113 and 114: who would take advantage over whom
Page 115 and 116: legal frameworks and regulations. I
Page 117 and 118: ad actors the highest hit rates fro
Page 119 and 120: Are the Worst Cryptocurrency Securi
Page 121 and 122: Shortcuts Lead to Cryptocurrency Vu
Page 123 and 124: Only initially could you claim that
Page 125 and 126: Cyber Defense eMagazine - August 20
Page 135 and 136:
Page 137 and 138:
You asked, and it’s finally here
Page 139 and 140:
TRILLIONS ARE AT STAKE No 1 INTERNA
Page 141 and 142:
8 Years in The Making… Thank You
Page 143 and 144:
Page 145 and 146:
Page 147:
i Multiple sources - Microsoft SIR,
show all

Cyber Defense eMagazine August 2020 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?