Ahead of GDPR, many firms still lack effective threat hunting capabilities
Threats / Ahead of GDPR, many firms still lack effective threat hunting capabilities
24 May 2018
Back in November, while revealing how the Department of Social Services (DSS) in Australia suffered a major data breach incident after personal details of 8,500 current and former employees were exposed by a third-party contractor, cybersecurity firm UpGuard stressed on the importance of firms carrying out independent external assessment, creating vendor questionnaires, and carrying out data breach audits to proactively reduce the risks that third parties posed in their data handling capacity.
The firm noted that while independent external assessments will ensure that vendors follow best practices against common threats and breach vectors, questionnaires will give an enterprise full visibility into how vendors store and process data, and data breach audits will reveal existing vulnerabilities before the same are exploited by malicious actors.
The new 2018 Threat Hunting Report by Alert Logic has revealed that not all organisations are able to carry out comprehensive threat assessments for various reasons, even though their understanding of the threat landscape and their views on how to secure their networks are not lacking in accuracy.
A survey of more than 460 cybersecurity and IT professionals commissioned by Alert Logic revealed that while 84 percent of the respondents believed that threat hunting should be a top security initiative, 76 percent of them bemoaned that their Security Operations Centres (SOCs) spent inadequate time proactively searching for newly emerging and advanced cyber threats.
Inadequate threat hunting capabilities
The survey revealed that while 45 percent of companies are not able to carry out threat hunting due to lack of funds, a large number of them also cited lack of skilled, in-house threat hunting staff and lack of collaboration across departments as the biggest barriers behind their inability to incorporate threat hunting capabilities.
“Threat hunting reduces risk to an organisation by reducing exposure to external threats, improving the speed and accuracy of threat response and reducing the overall number of breaches. Threat hunting requires a sophisticated skill set and it’s often hard to find and retain in-house specialists to fulfill this function, especially when there isn’t always an obvious career path for them within organisations,” said Bob Lyons, CEO of Alert Logic.
The firm noted that since threat hunting helps organisations to proactively search through networks, applications and operating systems to detect and isolate advanced persistent threats, a third of all organisations are now employing managed security services to carry out threat hunting within their networks as they are unable to do it themselves.
At the same time, half of all companies are planning to build threat hunting programmes in the next three years even though a majority of them have no more than five security professionals in their Security Operations Centres at present. This signifies that more and more organisations are now aware of that fact that preempting cyber incidents through threat hunting is the best way to secure their networks from unauthorised access or cyber attacks.
How to detect and identify threats?
According to Tony Bradley, Senior Manager of Content Marketing at Alert Logic, while there is no silver bullet solution that can help organisations detect or prevent all kinds of cyber threats, organisations can choose from a handful of simple strategies to detect and avoid threats more effectively.
Such strategies include ensuring complete visibility over the entire IT infrastructure within an organisation, or in other words, ensuring there are no shadow devices of apps within a network that may have escaped security audits, proactively assessing a network and fixing vulnerabilities or weaknesses before an attacker finds them and exploits them, leveraging machine learning for pattern recognition and to identify potential threats that human may miss, and setting up a managed detection and response service which is also a cost-effective solution.
“The threat landscape is constantly and rapidly evolving. New technologies will come along, and attackers will develop creative new ways to exploit them. Regardless of how things change, though, these five fundamentals will be essential for effective threat detection,” he added.