Cyber-Security Is Difficult To Quantify

by Priyanka Pugaokar    Oct 06, 2016

Marty Ward Vice President  Product Marketing Sophos

The threat from cybercrime has increased significantly over the last few years, targeting citizens, businesses and governments across the world. Today, cybercriminals have not only become organized but technologically advanced as well. Businesses, no matter its size have become a potential target for attackers. Absence of a right security architecture and lack of awareness among organizations are major boosters for cybercriminals to launch massive targeted attacks. In such a scenario, it is inevitable for organizations to gear up for the counter mechanism. Similarly, to fight the ‘bad guys’, the cyber security industry also needs to balance the equation of the demand and supply of qualified security professionals. 

In a candid interaction with CXO Today, Marty Ward, Vice President - Product Marketing, Sophos, provides some insights on the global threat landscape and the challenge of shortage of qualified cybersecurity professionals in the industry. Ward also imposes on the cybersecurity awareness and the need for a collaborative effort to build a force to counter cyber criminals.

- How will you describe the global security landscape? What are the factors driving the endpoint security industry worldwide? 

Threats are becoming increasingly dynamic and industrialized which is forcing organizations to prepare defences against new advanced attacks as well as traditional malware. Traditional endpoint security was built to address viruses, Trojans and worms, whereas threats today are engineered to compromise credentials and pose as a legitimate user, exploiting vulnerabilities through targeted attacks, ransomware, and in-memory attacks. This is driving the endpoint security industry to innovate with anti-ransomware, anti-exploit, and anti-hacker technologies that look for behaviors and anomalies as opposed to traditional signatures or patterns.

- Apart from ransomware and DDoS, what other kind of cyber-attack techniques prevalent in the cyber world? 

There are changes in both, the types of threats we see today as well as the targets.Threats are designed to be so polymorphic these days that 75 percent of the malware in any given company is unique to that business. They have also moved from simple malware to industrialized attacks which are very coordinated, often including multiple attack techniques and communication mechanisms.  Hackers have now moved on to compromising credentials in order to move around within systems as a legitimate user or admin. 

Rather than going after large enterprises only, hackers have realized that small and medium sized businesses have equally valuable data and often partner with large enterprises, so that data is shared everywhere which makes it easy to move between companies to get the data they want. Exploit kits, which are “hacking as a service” tools that anyone can use, now account for up to 90 percent of all data breaches, so hackers can get very targeted in their attacks, pinpointing the demographics they desire to maximize effectiveness of the attack. Finally, since companies still tend to take half a year to patch known vulnerabilities, hackers are moving their approach from “spray and pray” to focusing on exploiting this lack of diligence.

- The dearth of cyber-security professionals is one of the biggest challenges in countering cyber crooks. How do you address the issue?

The demand for cybersecurity professionals is outpacing the supply of qualified workers. According to NASSCOM, at present there are about 50,000 cyber security professionals in India and there is a requirement of about 1 million cyber security professionals by 2020 to meet the demand. Ideally, we should be training 77,000 security researchers per year. But the current supply is only of a mere 15,000 professionals. The reason behind this lack of skilled professionals is largely the absence of awareness, effective training, and preparation.  With an estimated resource shortage we need to increasingly encourage more people to join us in the fight against criminals. This must include more university programs and organizations in the business providing mentorship to those with a passion in security. 

- According to you, what are the major pain points of CIOs and CISOs in terms of security framework? 

Risk management is a difficult challenge as IT security is difficult to quantify. We must draw upon our knowledge and experience to determine where our risks lie and focus our attention those things first. Usually this approach includes a comprehensive approach to the “basics” across the entire organization and a more focused approach to securing specific high value data like personally identifiable information, credit cards, etc. 

- How do you see the awareness among the business leaders about enterprise security? 

As threats continue to evolve, the security industry continues to innovate. Unfortunately, that usually means there is yet another un-integrated point product which increases the security budgets and will only temporarily stop certain set of threats. We believe the silver bullet of security is not another point product, but the integration of security technologies in a way that they function as a coordinated system, which will make a more appropriate defence against coordinated attacks – like Synchronized Security. 

- How are the technologies such as Cloud, are disrupting the cyber security landscape worldwide? 

The cloud is an incredible opportunity to ensure that threat intelligence information is always available to protected devices, even when not behind a corporate firewall, web filter or other network-based technology. With careful consideration to privacy issues cloud-based security products can provide all the convenience and cost savings with no risk of Personally Identifiable Information (PII) leakage. When sensitive information is involved it makes things more complicated. If sufficient security measures have been implemented to protect that information on the cloud, it doesn’t matter where it is stored, but each case needs to be evaluated based on its own risks. 

- DDoS and ransomware attacks dominated the security industry in 2015-16. What is your security prediction for the year 2017?

We see a global trend towards increased number of sophisticated attacks even in 2017. Ransomware will continue to be a hot trend as not all businesses have deployed anti-ransomware technology and some are not backing up data on a regular basis. In addition, we see a lot of social engineering threats continuing to be popular in 2017 including HD phishing (high definition phishing which is hackers buying data from known breaches and using that data to create very convincing phishing emails), as well as document & macro malware where users may receive emails asking them to “enable macros” in order to fully read a new document, which actually downloads malware when activated.

Exploit kits will continue to be popular as we enter 2017 – these kits enable all kinds of hackers to easily leverage pre-built hacking tools, select whatever targets they prefer, and drop any kind of attack on systems from ransomware to data stealing malware to remote access Trojans. Finally, we will see an increase of “in-memory” attacks in 2017. These are very insidious types of attacks that instead of dropping a payload (i.e. adding or change a file) they infect system files in memory and start attempting to send data outside the organization.