Brought to you by Sophos
Reading the news these days, it is not hard to find yet another headline of a large-scale cyber attack that has affected thousands, maybe millions, of users.
In Yahoo’s case, all 3 billion of its accounts were compromised in a 2013 hack, it said on October 3. Even with the serious breaches seen of late, this incident immediately raises more alarm bells. It begs the question: Are the bad guys winning with their cyber attacks?
As more users store their digital lives on the cloud, service providers are faced with even more responsibility to get their security right. Government agencies as well, as digital IDs become more common for important transactions online.
Before we get there, it pays to understand why the situation is the way it is now. Why, for example, are companies as large and sophisticated as Yahoo so vulnerable? If organisations large enough to be prepared for cyber attacks can fall prey, what can smaller enterprises do?
The answer to that lies first in knowing the origins of today’s cyber threats. While it is true that many state-sponsored hacking efforts are behind the most sophisticated attacks, many threats come from cyber criminals that do not require the know-how required to penetrate well-prepared defences.
One factor behind this is the stockpiling of exploits by agencies such as the National Security Agency (NSA) in the United States. After some of them were stolen by a shady hacking group last year, these cyber weapons were exposed to anyone who would pay for them.
The result was the massive ransomware attacks earlier this year. Using the vulnerabilities exposed by the NSA exploits, hackers were able to attack millions of Windows PCs, locking them up and demanding payment from anyone unlucky enough to be hit.
In truth, the vulnerabilities were made known before the attacks were carried out. However, even with that knowledge, patching hundreds or thousands of machines in an enterprise is no mean feat. In a sprawling enterprise network, many computers can easily remain unpatched.
This makes such weaponised hacks even more threatening in the future. If there are more exploits that are stockpiled, the risk of them being exposed and repurposed as a tool for malicious software will grow.
The other reason why the bad guys seem to be winning is that hacking tools are being sold as a service to cyber criminals. In other words, it does not take a lot of skill or money to get in the act of delivering a piece of ransomware to unsuspecting users worldwide.
Much like how the cloud has enabled businesses to tap on seemingly limitless computer resources, an underground market has mushroomed online to enable criminals to build a ransomware campaign from ground-up.
They can compile the software, choose the target, set the ransom and even hire freelancers to craft e-mails or design fake logos to fool victims into opening up their computers. This easy access to weaponised malware is fuelling the growing volume of cyber attacks of late.
How can enterprises stay vigilant and be protected against such attacks? There has to be a new way of doing things. Endpoint security and network security should be synchronised, for starters.
Would you place a security guard outside a building and one inside but not let them speak to one another? In the same way, cyber security has to be more integrated. It has to be synchronised across a threat surface and be highly automated.
Five attributes define the synchronised security system:
-Ecosystem centric: We must prevent, find and stop breaches across the entire IT ecosystem by operating with full awareness of nearby objects and events.
-Comprehensive: The solution would need to be comprehensive and cover multiple platforms and devices, to defend against attackers who attack the whole IT system, not just its parts.
-Efficient: The solution must lower the team’s workload while improving protection. It cannot add another layer of technology and workload.
-Effective: The solution must effectively prevent, detect, investigate and remediate today’s threats across the entire threat surface.
-Simple: It must be simple to buy, simple to understand, simple to deploy and simple to use.
New solutions have to give a human operator clear visibility of his systems. At the same time, a synchronised security system will isolate an endpoint that is compromised, preventing it from “phoning home” to a hacker’s command and control system.
The Sophos Synchronized Security approach directly links the firewall with the endpoint to share threat intelligence, enabling faster detection of threats and more immediate and targeted response and resolution.
With synchronised security, organisations of any size can advance their defences against increasingly coordinated and stealthy attacks and drive a dramatic reduction in the time and resources required to investigate and address security incidents.
At Sophos, a single interface enables enterprises to manage all Sophos products. From Intercept X, which tackles signatureless ransomware, to Server Security which protects virtual and physical servers, security tools are controlled on a seamless and easy-to-use dashboard.
Called Sophos Central, this unified console also lets users manage Sophos’s Synchronised Security platform. This ensures that your endpoint protection and firewall are talking to each other.
While there is no failsafe way to keep out hackers, enterprises do have advanced tools to keep many increasingly persistent and sophisticated threats at bay.
In the “arms race” with hackers, it is not enough to buy the latest security solutions or build a higher wall – there has to be a rethinking of how security is managed. By being a step ahead, the good guys can win.
Find out more about Sophos Synchronised Security and Sophos Intercept X.
