Looking at how much technology has changed our world over the years – even just over the past decade – can take your breath away. But, while the speed of incremental change is constantly accelerating, drastic overnight change is far less common. It still happens, however, and the Sony breach is one recent example. When that news hit, IT security professionals all over the world were slapped in the face with the reality of business disruption attacks, which can cripple an organization’s internal networks to the point where its employees can’t do business. The result was a wakeup call that initiated a shift from a “defend and detect” mode to “detect and respond”.
Cyber security as part of disaster management
What does this shift imply? For one thing, it means that more and more businesses will formulate documented responses to cyber attacks. Shawn Marck, CSO of cyber security firm Black Lotus, predicts, “Cyber security response will become a basic element of disaster and business continuity planning. What will you do if all of your emails and financial records are suddenly gone? What will be your PR response if negative information is stolen and exposed? What are your plans for retaining customers if your business is down for days at a time? If those customers leave, what will you do to get them back? And what support will you offer customers whose personal data is stolen? Companies that have a documented response plan will be at a distinct advantage over those that have to come up with it in the middle of a crisis.” Backing up what Marck says, research firm Gartner recently released a report saying that, by 2018, 40 percent of companies will have a formal plan in place for responding to cyber attacks, up from zero percent just a few years ago.
Shift toward detection and response
But disaster preparedness is just one piece of the puzzle. IT security professionals also need to have a plan in place for detecting an attack as soon as it begins and for stopping it before irreversible damage is done. Gartner vice president Paul Proctor says, “Entirely avoiding a compromise in a large, complex organization is just not possible, so a new emphasis toward detect and respond approaches has been building for several years, as attack patterns and overwhelming evidence support that a compromise will occur.” That brings cyber attack detection and mitigation to the top of the priority list for IT professionals in companies of all sizes.
Marck explains, “Standard detection strategies like pre-defined traffic patterns aren’t enough anymore, especially against the rising threat of application-layer attacks. Both detection and response strategies are becoming increasingly complex as these attacks become more sophisticated.”
In fact, many companies are choosing to outsource attack detection and mitigation. Some companies just don’t have the skills or resources to handle such a mission-critical project in-house. Others recognize the benefit of partnering with specialists who are plugged into that world and always up-to-date on the latest developments and attack methods. Regardless of whether you outsource your cyber security or do it in-house, it’s something that no business can afford to ignore.
