Cyber criminals constantly look for and find new ways to attack businesses, so your cyber security has to be just as innovative to protect against them – or, ideally, even more so. It’s not enough to react to new threats: businesses and cyber security professionals should proactively consider how to make their organisation a less appealing target by creating new and creative barriers and safeguards.
Here is a roundup of the latest innovations in cyber security and how they can protect your business.
For most systems, once a user is ‘in’, they’re in — the logic goes that they will have already provided their credentials to get as far as they have, so they will be a legitimate user.
If a system is operating under the ‘zero-trust’ model, it doesn’t take that for granted —it requires authentication if the user wishes to access data or information, regardless of whether that user already appears to have logged in to the company network.
When that assumption of legitimacy is removed, it means that if a cyber threat breaches one level of authentication, they still don’t have a free run of the company’s network, which limits the damage if an infiltration does occur.
As the number of new environments and the amount of new software and devices that teams use increases – e.g.for hybrid working – the ‘attack surface’ of the organisation grows, creating more weak spots and entry points for cyber threats.
Rather than approaching security as a defender, Attack Surface Management considers it as an attacker would — not trying to reinforce security but trying to discover ways to circumvent it. That might involve penetration testers trying to hack or gain access to the system, or a team may simply explore the system for weaknesses and vulnerabilities.
AI and Machine Learning
Since the attack surface is growing at such speed, it’s often impossible for human security teams to keep track of all new attacked surfaces, which is where machine learning and AI are extremely useful.
AI can spot behaviour that indicates a cyber threat, and machine learning can get better at identifying hostile activity by ‘learning’ the patterns and improving its ability to identify attackers. Automated systems can then protect the targets of an attack.
On the topic of learning patterns, behavioural analytics does exactly that, but for an organisation’s own teams.
A programme tracks and logs the normal usage of legitimate users, storing large amounts of data from which it forms a baseline of usual behaviour. When any action departs significantly from that baseline, the software flags a potential security threat. Such a departure could be a sudden increase in the amount of data that one device uploads or downloads.
For an extra layer of authentication, organisations can issue a piece of hardware to verify a user. That might be a token that generates a temporary, unique code that users need to input alongside their password.
For example, a member of a finance team may be logging in to the company network — once they have provided their username and password, the system then asks for their code, which the team member’s token will generate at random. The system will recognise that specific code for that specific login attempt, and the code will change to another randomly generated sequence at the next login.
Fuzz testing or ‘fuzzing’ is the practice of inputting invalid or random data into a computer programme, which then exposes weaknesses in the system. Programmes may crash, suffer memory leaks (which is when memory space is used for unnecessary data, slowing the system as a whole), or fail code assertions (this is when code doesn’t meet logical conditions within the software, causing crashes).
By demonstrating the consequence of this overload, fuzzing reveals where and what the weaknesses of the system are, and what the result of something like a DDoS attack could be.
The technique isn’t new, but recently ‘fuzzing as a service’ has become available, and platforms are available for organisations to fuzz their systems with an automated programme to detect software bugs.
Tools are not enough
The array of platforms and software that is available to businesses is exciting, and very encouraging for security-conscious companies, but it’s important to remember that tools are only ever as good as the people using them.
You need experts who can identify what tools are required, which tools would be useful but not essential, and which tools are not relevant. Secondly, organisations need people who know how to best apply the tools available, so that the technology can operate to its fullest potential. Thirdly, however good a company’s security measures are, they’ll face an uphill battle if the security culture is poor — that’s why you need leaders who can inspire the right habits in the wider company.
To find the experts and leaders that you need, you can call upon RPI’s extensive talent pool, and our team of industry-expert consultants. Contact firstname.lastname@example.org today.