Cybercrime is a huge industry—in fact, it is one of the fastest growing industries in the world. By some estimates, cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. And, as in any industry, opportunity fuels more investment and innovation.
The best way to get an industry to collapse on itself is to take away the potential for profit. How? One way is to make it so hard for cyber criminals to achieve their objectives that their only option is to invest more and more resources to stage a successful attack—to the point that it becomes unprofitable.
Here are three critical steps organizations can take to minimize the risk of a successful cyberattack, making it as hard as possible for the bad guys.
Step One: Reduce the attack surface
Modern networks can be a rat’s nest of systems and users cobbled together from mergers, legacy architectures, and prior acquisitions. This confusion leaves many points of entry for attackers to slip in unnoticed and reside on the network for months, or even years. Be sure that your security and networking teams reduce the attack surface by:
- Simplifying the architecture down to manageable pieces that can be controlled, watched, and defended.
- Segmenting important components of the networks, which creates firebreaks that can prevent the spread of a breach.
- Leveraging technology to prevent the type of actions taken by exploits and malware. Stopping the type of malicious activity associated with an attack is much more effective than hunting for an attack that, by nature, is stealthy and hidden.
- Using the tools at their disposal. Purchasing next-generation technology is useless if it is not configured properly. Establishing a process for staying up to date on security investments should be a critical habit for your security and networking teams.
Step 2: integrate and automate controls to disrupt the cyberattack lifecycle
Make sure your teams are not using yesterday’s technology to address today’s and tomorrow’s security challenges. Legacy security approaches offer individual products to be bolted on for single-feature solutions. This leaves gaps that can be broken by new methods of attack.
By using an integrated cybersecurity platform that protects across the entire enterprise, defenses can work together to identify and close gaps. The next step is to automate prevention measures. If the organization has an integrated platform that communicates visibility across defenses, it can automatically act on new threats, preventing what is malicious and interrogating what is unknown.
Integration should also enable agility and innovation. Business doesn’t stop at the elevator, as employees take laptops to work from home or use their personal mobile devices to access the corporate cloud on the road. As data moves to enable the workforce, security must go with it.
Step 3: Participate in a community that shares cyber-threat information
End users cannot be relied on to identify every malicious URL or phishing attack. Organizations must educate their constituents about what they can do to stop cyberattacks. However, to protect against today’s truly advanced cyber-threats, IT must go beyond education, utilizing the global community to combine threat intelligence from a variety of sources to help “connect the dots.” Real-time, global intelligence feeds help security teams keep pace with threat actors and easily identify new security events.
As we have seen from recent highly publicized attacks, cybercriminals are becoming more bold, sophisticated, and effective. The best way to ensure that your organization is protected from advanced and targeted threats is to implement an integrated and extensible security platform that can prevent even the most challenging unknown threats across the entire attack lifecycle. Stopping even the most advanced attacks is possible, but it must begin with a prevention mindset.
Originally published on: September 11, 2017