Cyber criminals are now using highly advanced automation tools to deploy malware with much greater speed and scale. CISOs in India can no longer rely on a manual approach in cyber defense as cyber attacks have become automated, riding on escalating infrastructure trends in cloud adoption and encryption.
According to Fortinet, a global provider in high performance cyber security solutions, hackers have been using automated tools to dramatically multiply sophisticated cyber attacks on critical national infrastructure, public & private sectors and governments. Cyber crime syndicates are also turning to automated tools because they make it easier to cover their tracks and reduce traceability.
“A huge proportion of exploit activity today is fully automated, using tools that scan wide swaths of the Internet, probing for openings. Modern tools and pervasive “crimeware-as-a-service” infrastructure allow cyber-attackers to operate on a global scale at light speed,” said Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.
But while secure protocol is designed to maintain privacy, ironically encryption is also hampering threat monitoring and detection. Research and Markets predicts the global cloud encryption market to grow from US$645.4 million in 2017 to US$2.40 billion by 2022.
“IT security teams are overwhelmed by today’s rising volume of cyber-attacks and may lack resources and expertise to respond. Furthermore, the window of response is shrinking as automated attacks could now erase their tracks within a short-time frame,” added Rajesh Maurya “Therefore, we need an automated computer system that mimics the decision-making process of a human expert to detect threats. Such controls may not remove the actual threat, but will definitely help contain or isolate the breach, thus giving the incident response team more time to respond.”
As automated cyber attacks becoming more pervasive, Fortinet offers 5 key tools for security leaders in India to unify control across all attack vectors to stop automated attacks:
1. Patch Management – Patch management is absolutely essential. Mirai and Hajime, a stealthier and more advanced self-propagating worm, exemplify the damage that can be done when IT teams fail to patch known vulnerabilities.
2. Intrusion Prevention System (IPS) – Intrusion prevention system (IPS) is the first line of defense for organizations. As manufacturers of Internet of Things (IoT) devices are not held accountable for security, billions of devices are vulnerable to attack, with no patches in sight. Until this is addressed, IPS is necessary to perform virtual patching and block hacks and attacks into IoT devices.
3. Redundancy Segmentation – Redundancy segmentation is necessary because ransom attacks are going after valuable data. There have been cases of ransomware that go in, infect data, as well as backups of data, which is disastrous. It is critical that backups are segmented off networks.
4. Focus On Visibility – People are always trying to build a fortress against an invisible enemy. Instead of building a wall, one should use threat intelligence solutions to understand attacker profiles and what tactics and procedures they employ, and then start intelligently defending based on that information. Prioritize security around critical assets of an organisation. Otherwise if an asset is ransomed or attacked by a distributed denial of service, it will cost your business substantially.
5. Interoperability – Finally, once you understand your enemy and have built appropriate solutions, tighten up the time to defense. Use proactive solutions and look at ways to create interoperability. Most organizations have many different solutions from different providers. Strive to reduce that complexity by further integrating and consolidating existing security devices with a security framework that utilizes advanced threat intelligence sharing and an open architecture.