Know the cost of cyberattacks, how much businesses spend on average, and which factors to consider when deciding your cybersecurity investment...
Cybersecurity Monitoring and Detecting: Can It Stop Cyber Attacks?
From penetration testing to vulnerability scans and threat hunting - a look at how cybersecurity monitoring and detection can effectively stop cyberattacks
There’s no shortage of statistics to show the escalating number of cyber attacks that are occurring each year. For instance, Securelist reports seeing a major upswing in mobile ransomware where the number of incidents jumped from 61,832 in Q4 2016 all the way to 218,625 incidents in Q1 2017.
CSO predicts that the cost of cybercrime will double from $3 trillion in 2015 to $6 trillion in 2021.
PwC Global points out that nearly a third (33 percent) of organisations experienced some type of cyber attack in 2016.
The list goes on and on.
With the Internet of Things (IoT), cloud technology and bring your own device (BYOD) policies being the new norm for many businesses, the attack surface has increased exponentially. So it’s with good reason that modern companies are a little on edge. They don’t want to fall prey to attacks where their data is compromised and operations come to a screeching halt.
One of the most common ways that organisations are protecting themselves is with cyber security monitoring and detection. According to Ponemon’s 2016 Cost of Cyber Crime Study & the Risk of Business Innovation study, detection accounted for 33 percent of cyber security spending in 2016, which was up 3 percent from 2015.
This begs the question. Can it really stop cyber attacks?
To gain a better understanding, let’s first discuss some of the more common security monitoring and detecting techniques.
This term is a wide umbrella and can involve the testing of multiple areas including the following:
- Web application penetration testing
- Mobile application penetration testing
- Network and infrastructure penetration testing
- Vulnerability scanning for web and networks
- Internal penetration testing
- External penetration testing
- Supervisory control and data acquisition (SCADA) penetration testing
But when you really boil it all down, penetration testing revolves around the practice of ethical hacking where an authorised individual searches for vulnerabilities and makes an attempt to gain access to a company’s inside data. The purpose is to identify flaws and weaknesses before actual cyber criminals have the chance to.
Whether it’s a web application, mobile application or anything else, you’ll receive a detailed report citing problems and concerns along with recommendations on how they can be resolved. This way most issues can be addressed before it’s too late and they’re exploited.
In a never-ending game of cat-and-mouse, penetration testing empowers organisations and gives them greater confidence that their network and data assets are as secure as possible. This lowers the threat of a data breach significantly and can literally save a company hundreds of thousands or in some cases millions of dollars.
But just how effective is it?
According to one report, the average number of open vulnerabilities dropped from 31 to only 11 after penetration testing – a reduction of 65 percent. While this won’t necessarily stop 100 percent of cyber attacks, it’s definitely an effective deterrent and can greatly reduce the number of exploitable vulnerabilities.
Managed Security Vulnerability Scans
This is a process that works just like it sounds it would. Vulnerability scanning is performing to identify potential gaps in network security that could be exploited. From there, you’re notified of system weaknesses and receive predictions on how effective certain countermeasures would be.
It’s important to remember that modern businesses don’t operate in a static world. Instead, it’s a fast-paced, highly dynamic one where change is the only constant. In fact, major changes could be made to IT systems on any given day.
That’s why managed security vulnerability scans are so critical. Any time there is a modification, this opens the door for defects and misconfigurations. In turn, the number of potential vulnerabilities both internally and externally increases.
This technique is helpful because it gives you a constant edge over cyber criminals. It’s a proactive approach where your organisation stays on the offensive and addresses issues before it’s too late.
Managed Scans for Sensitive Data
Whereas managed security vulnerability scans aim to pinpoint general vulnerabilities, this type of monitoring looks at specific customer data. This is important because of the high volume of data breaches that are occurring all of the time.
Small Business Trends reports that half of all small businesses experienced a data breach between May 2015 and May 2016 that involved the leaking of either customer or employee information.
This is no doubt an alarming number and shows that it’s something to be taken seriously. In terms of the causes behind data breaches, they run the gamut.
Here are some of the most common reasons listed by Small Business Trends.
- 48 percent are caused by employee or contractor negligence
- 41 percent are due to third-party mistakes
- 27 are the result of external attacks
- 5 percent stem from malicious insiders
Besides the obvious headache of sorting everything out, organisations can really feel the sting of the costs that come along with a data breach. Small Business Trends also explains that small businesses spend an average of over $879,000 per incident. However, this can be even more for mid-sized and larger companies.
Some of the specific factors that contribute to this cost include:
- A forensic examination, which is mandated by the Payment Card Industry Data Security Standard (PCI DSS)
- Customer notification (companies are often required to send out written letters to customers who were affected)
- Customer credit monitoring (organisations are sometimes required to offer free monitoring for up to a year)
- Associated compliance fines (these are usually between $5,000 and $50,000)
- Card replacement costs (this typically ranges anywhere from $3 to $10 per card)
In other words, it’s a headache and financial nightmare. That’s why managed scans for sensitive data are one of your best bets for keeping this critical data under lock and key.
This involves using tools to identify the occurrences of your customer’s financial information, social security numbers and so on. If this data is located in an area where it shouldn’t be, you’ll be made aware of it so you can take action to remedy the situation. In some cases, this can mean the difference between a devastating data breach and business as usual.
Additional Tools and Techniques
The three aforementioned techniques comprise the core of cyber security monitoring and detecting. But they’re by no means the only options out there.
Here are some additional tools and techniques that organisations frequently use:
- Security information and event management (SIEM) – This uses real-time analysis of network traffic and database logs to alert companies of immediate threats
- Network traffic analysis framework – There is an emphasis on identifying instances of network intrusion from unintended third-parties and logging that information onto record files
- Threat intelligence services – This is where an external provider monitors who makes updates to network data and when
Are They Really Effective?
By and large, these tools and techniques are very effective.
While there is no magic bullet that will eliminate every single threat with complete certainty, they are invaluable for securing networks and keeping sensitive data from falling into the wrong hands.
Here are some of the key benefits:
- Identify potential threats that may have been overlooked in basic testing
- Quickly and accurately detect security weaknesses before cyber criminals have a chance to
- Gain valuable intel so that you can diagnose the details of an issue in a timely manner
- Respond swiftly to prevent or at least minimise damages, reduce downtime, etc.
- Add information to your data bank so that you can heighten long-term security and avoid security mistakes that other companies commonly make
The Ponemon Institute mentions that cyber security detection presents a major cost-reduction opportunity for organisations when they take a systematic approach and use suitable technology to aid in the process. They also point out that this type of activity allows an organisation to efficiently detect and deter cyber attacks. In some cases this transcends basic threats and helps prevent even more advanced threats.
However, it’s important to remember that cyber security monitoring and detecting requires ongoing efforts. It’s not a one-off type of endeavour.
With cyber criminals becoming more and more advanced and attacks becoming increasingly sophisticated, it’s a cat-and-mouse game with no end. Therefore, it takes a full commitment from your organisation.
The Bottom Line
Regardless of industry and size, 21st century businesses are operating in a world that’s fraught with peril. They face cyber security threats that would have been inconceivable 20 years ago.
Like it or not, cyber attacks are here to stay and are likely to increase in both frequency and intensity moving forward. Although there are several ways to combat these dangers, you could make the argument that cyber security monitoring and detecting is one of the most effective strategies.
It involves a proactive approach where you identify and resolve issues before they escalate into something far worse. Rather than sitting back and waiting for hackers to strike, you’re taking action before they have a chance to infiltrate your network.
In turn, you dramatically reduce your likelihood of becoming a target and can run your organisation with greater confidence.
Which types of cyberattacks concern you the most? Are you ready to proactively take charge of your cybersecurity? Talk to a consultant!