Criminal marketplace becomes increasingly professional
The traditional classification of types of cyber attackers, their motivation, and skill levels is quickly evolving. Skilled individuals are able to advertise and sell their services to any interested group. As a result, these attacks become easier to launch, as long as there is money to pay for expertise.
For example, it is easier to now buy sophisticated malware from credentialed vendors; deploy this malware, either through buying help or buying instructions along with the malware; and advertise for buying or selling criminal services.
Due to these changes, it is more important than ever for organisations to conduct a tailored threat assessment aligned to protect their most valuable data, and establish mitigation measures around vulnerabilities in access to it. In fact, all attackers, whether a 16 year-old working alone, or an organised criminal network, or an insider, are getting more access to ways to compromise their chosen targets.
Traditional models for defense no longer adequate
Our increasingly connected world continually pushes the defensive capabilities of even the most mature organisation. This is compounded by the diverse set of cyber attackers, their wide array of motivations and their evolving tactics and techniques. The regular reporting of successful attacks indicates that traditional models for defense are no longer adequate. Leading organisations are looking for ways to more proactively engage their highest risk adversaries and protect their most critical data assets.
Advanced "active defense" for advanced cyber attacks
Advanced capabilities, such as "active defense," are being enabled through the use of security analytics. For example, security analytics can be used to detect deviations that are consistent with cyber attackers. Another example, behavioral analytics, has a significant advantage in "active defense," because it can be self-learning; it does not require evidence of past malicious behavior.
Our perspective is that a mature and integrated set of security operations capabilities - powered by data science and an analytics platform - enables the visibility, context and insight needed to detect and respond to advanced cyber attackers. Moreover, by applying "active defense" techniques and leveraging security analytics, organisations will be able to shift the paradigm from reactive to proactive.
Sign up for Computerworld eNewsletters.