Regardless of whether it is hours or days, the financial and moral damage of a successful cyber attack is immense after just a few minutes. Can a technological paradigm shift help to minimize horrific costs and damage in the IT security area?
Every security product for the past 20 years has been designed to detect attacks after they have been launched. Proof of this is provided by one of the hottest categories in cybersecurity: Endpoint Detection and Response (EDR). As the name suggests, this solution is only relevant if the attack has already taken place. If you focus on response rather than prevention, it will be too late, whether 10 seconds or 10 hours after an attack.
The costs are skyrocketing
The real costs of neglecting the increasing cyber threats and only reacting to them can no longer be ignored by any business leader. Cybersecurity is ranked as a top priority for corporate IT budgets each year. Earlier this year, Gartner forecast that global security and risk management spending will exceed $ 150 billion in 2021, up 12.4 percent year over year. Security firm SonicWall predicted the number of ransomware attacks will climb to nearly 714 million by the end of 2021, up 134% year over year. Ransomware in particular is the new scourge in the business world. Just last summer, a security report by Deep Instinct complained about a rapid increase in ransomware attacks of 800 percent in less than two years. More and more medium-sized companies are among the victims.
The threat actors are well advanced in their development by constantly reinventing themselves. Every new obstacle that stands in their way becomes a learning opportunity that forces criminals to change their tactics and attack companies with new methods and means of attack. It becomes a game of cat and mouse in which the cat is constantly changing shape so that the mouse being chased is never sure what to defend against.
What can we do to stay one step ahead of attack vectors? It’s time to rethink cybersecurity.
Prevention is the order of the day
The solution has been ahead of us all along – even if it is difficult to pin down. Many tools have long promised prevention but are not powerful enough to stop the worst of the threats. Machine learning (ML) -based solutions either protect too much – which slows operations and floods teams with false positives – or they lack the precision, speed and scalability to predict and prevent unknown malware and zero-day threats, before they infiltrated the network.
To make up for this shortcoming, there has been a disproportionate focus on how to mitigate the effects of a cyber attack. However, this way of thinking is counter-intuitive. If we applied this logic to a building, we would prefer a perimeter alarm that stops the attack before the criminals reach the walls, rather than an alarm that notifies the security team until the perpetrators are already in the building. But now there is a preventive measure: the speed, accuracy, and processing power available with advances in deep learning have changed the game.
Deep learning as a game changer
Deep learning, the most advanced form of artificial intelligence (AI), has driven innovation in cybersecurity by ensuring that threats can be instinctively and autonomously predicted and stopped. This helps companies prevent unknown malware and zero-day attacks. Cyber tools based on deep learning can identify the DNA of an attack and stop it before it can run on an endpoint. This approach also dramatically reduces the number of false positives, so businesses don’t stall and security teams can focus on priority issues rather than on false positives.
In the future, we will be forced to constantly reassess and develop our approaches to cybersecurity. Up until now we thought that we would be well protected by the high spending on cyber solutions, but this has not been the case for a long time. The attack vectors are getting wider and the threat actors are getting more sophisticated. Safety must focus on prevention and not on repairing damage afterwards.
Less is more
The key point of a preventive approach is to reduce the number of security tools that only become relevant after a break-in. While understanding the myriad of ways criminals can take advantage of companies is important, we don’t have to spend money on every problem.
A comprehensive prevention strategy does not require 20 different security products. Even when newer, more advanced technologies become available, teams often stick to their existing solutions and add new layers of security to them. But they soon have an overly complicated, multilayered security system that is intrinsically complex and self-overlapping. Each investment also brings its own messages, and it won’t be long before security teams are inundated with data and are no longer able to prioritize which signals are really important.
More technology may feel like the best solution, but in most cases this approach brings very little value. Fewer solutions require fewer people to manage, and their time can be spent on higher-value tasks. Allocating a bigger budget to cybersecurity alone cannot stop the rise in attacks – in other words, money is not always the answer. What is needed is a composite approach that better educates employees on risks such as phishing attacks, educates them in processes such as hardening or reducing attack surfaces, and combines this with technology. Only when these three areas are coordinated will you be two steps ahead of the cybercriminals with a preventive approach.
To find out more about this preventive technology based on deep learning, please visit the Deep Instinct website – there you will find information as well as an ROI calculator.