Cybersecurity at a Crossroads
The cyber criminal industry has gone from specialized, expensive products to easy to use, dumbed down weapons or full-blown services. The cyber security industry needs to change its thinking and implement a new set of technologies
Yotam Gutman
| 15/02/2016
The cybersecurity industry is at a crossroads. It is clear that the established paradigms are no longer valid, yet the industry is reluctant to change course. But something has got to change for the cyber industry to grow and deliver on its promise to provide security for its customer. Because today, even the best security products out there, operated by dedicated teams, do not equal sufficient security.
In all the major breaches (commercial or governmental) there were proper security mechanisms in place. Moreover, this mechanism, for most parts, functioned to a satisfying extent – offenses were detected, alarms were raised and so on – but they weren’t able to prevent the attack or diminish its results.
Ashley Madison website had suffered a severe blow to its reputation due to stolen PID of its customers. A government agency of the OPM allowed the exposure of millions of records of federal workers.
So what is broken? The paradigm that states that deploying a combination of different tools integrated into a security “system” and operated by experts will guarantee the safety of the organization.
This paradigm is no longer valid since the technologies are advancing at such a rapid pace and the threat is growing exponentially, leaving the industry to play catch-up and usually trail behind. This trend has intensified considerably in the last couple of years.
It is a well-known fact that the cybersecurity industry, from its early days, has always been aware of both technological improvements in the IT world and their exploitation by malicious actors. As commercial PCs and software were made popular in the mid 80’s, cyber criminals developed viruses, and the anti-virus was born (and with it, the cybersecurity industry).
But the trend where the security industry is two steps behind the criminal world is not related directly to the technical aspects (novel technologies and their exploitation), but also to the business side – the creation of new business models and their adoption.
For instance, the cyber criminal has been favoring a collaborative approach to their operations for many years (exchanging information, trading in vulnerabilities and stolen credentials), in various forms (forums, underground markets, etc.). Only in recent years has the cyber security industry realized it needs the same shape of alliances – to create organized data exchange mechanisms and enhance collaboration between the public and private sectors.
Cyber criminals were also quick to adopt the mainstream software business model of “As-a-Service”, providing infection as a service, mass spamming and DDoS campaigns, and lately even Ransomware as a service. Meanwhile, the cybersecurity industry has taken the opposite approach (one that the software world is quickly abandoning).
Customers were expected to buy and install expensive software and physical appliances, from various vendors, each selling a specific solution to a particular need or niche market, leaving the daunting task of integrating and operating the solutions on the shoulders of the end-users.
Finally, the cybercrime industry is almost entirely commercialized. Competition drives prices down; revenue margins shrink; Volume favored over uniqueness, non-reusable products, and longer sales cycles.
This last change is an acute one. It creates a very disturbing side effect of reducing the entry barriers to participating in cyber criminal activities.
New tools make it possible for total novices to partake in these activities, to a point where the average cyber-criminal offender age in the UK is 17 years old.
This change challenges the way security solutions are built and implemented. In most organizations, security is built on the premise that there are several security systems. The solutions are deployed in an overlapping manner and supposedly alert the user about potential threats and suspicious activities (anomaly detection, sandbox or SIEM), letting the users resolve the matter.
But the threats are escalating in severity (the largest DDoS attack recorded earlier this month), diversifying (new threats are exposed every other week) and intensifying in scale (Internet of things adoption will expose many new devices to cyber threats).
It is clear that this methodology will no longer provide real security to organizations. The cyber criminal industry has gone from specialized, expensive products to easy to use, dumbed down weapons or full-blown services. The cyber security industry needs to change its thinking and implement a new set of technologies.
Organizations will need to automate everything that is possible. Have machine-to-machine threat intelligence injected into the security system, which will automatically block new threats. The use of deterministic tools to identify and prevent malware without behavior analysts in a sandbox is also crucial.
Even if organizations insist on relying on trained operators, they will find that they are simply not making them fast enough. The skills gap is already evident and is forecasted to continue to deepen. The industry needs to shift from siloed, human-intensive solutions, to large scale automatic systems.
Failing to take this approach will only lead to a greater gap between industry promises and results.
Yotam Gutman, independent Marketing and Business development consultant to cybersecurity startups, formerly a sales and marketing manager at several cyber security startup.
The cyber criminal industry has gone from specialized, expensive products to easy to use, dumbed down weapons or full-blown services. The cyber security industry needs to change its thinking and implement a new set of technologies
The cybersecurity industry is at a crossroads. It is clear that the established paradigms are no longer valid, yet the industry is reluctant to change course. But something has got to change for the cyber industry to grow and deliver on its promise to provide security for its customer. Because today, even the best security products out there, operated by dedicated teams, do not equal sufficient security.
In all the major breaches (commercial or governmental) there were proper security mechanisms in place. Moreover, this mechanism, for most parts, functioned to a satisfying extent – offenses were detected, alarms were raised and so on – but they weren’t able to prevent the attack or diminish its results.
Ashley Madison website had suffered a severe blow to its reputation due to stolen PID of its customers. A government agency of the OPM allowed the exposure of millions of records of federal workers.
So what is broken? The paradigm that states that deploying a combination of different tools integrated into a security “system” and operated by experts will guarantee the safety of the organization.
This paradigm is no longer valid since the technologies are advancing at such a rapid pace and the threat is growing exponentially, leaving the industry to play catch-up and usually trail behind. This trend has intensified considerably in the last couple of years.
It is a well-known fact that the cybersecurity industry, from its early days, has always been aware of both technological improvements in the IT world and their exploitation by malicious actors. As commercial PCs and software were made popular in the mid 80’s, cyber criminals developed viruses, and the anti-virus was born (and with it, the cybersecurity industry).
But the trend where the security industry is two steps behind the criminal world is not related directly to the technical aspects (novel technologies and their exploitation), but also to the business side – the creation of new business models and their adoption.
For instance, the cyber criminal has been favoring a collaborative approach to their operations for many years (exchanging information, trading in vulnerabilities and stolen credentials), in various forms (forums, underground markets, etc.). Only in recent years has the cyber security industry realized it needs the same shape of alliances – to create organized data exchange mechanisms and enhance collaboration between the public and private sectors.
Cyber criminals were also quick to adopt the mainstream software business model of “As-a-Service”, providing infection as a service, mass spamming and DDoS campaigns, and lately even Ransomware as a service. Meanwhile, the cybersecurity industry has taken the opposite approach (one that the software world is quickly abandoning).
Customers were expected to buy and install expensive software and physical appliances, from various vendors, each selling a specific solution to a particular need or niche market, leaving the daunting task of integrating and operating the solutions on the shoulders of the end-users.
Finally, the cybercrime industry is almost entirely commercialized. Competition drives prices down; revenue margins shrink; Volume favored over uniqueness, non-reusable products, and longer sales cycles.
This last change is an acute one. It creates a very disturbing side effect of reducing the entry barriers to participating in cyber criminal activities.
New tools make it possible for total novices to partake in these activities, to a point where the average cyber-criminal offender age in the UK is 17 years old.
This change challenges the way security solutions are built and implemented. In most organizations, security is built on the premise that there are several security systems. The solutions are deployed in an overlapping manner and supposedly alert the user about potential threats and suspicious activities (anomaly detection, sandbox or SIEM), letting the users resolve the matter.
But the threats are escalating in severity (the largest DDoS attack recorded earlier this month), diversifying (new threats are exposed every other week) and intensifying in scale (Internet of things adoption will expose many new devices to cyber threats).
It is clear that this methodology will no longer provide real security to organizations. The cyber criminal industry has gone from specialized, expensive products to easy to use, dumbed down weapons or full-blown services. The cyber security industry needs to change its thinking and implement a new set of technologies.
Organizations will need to automate everything that is possible. Have machine-to-machine threat intelligence injected into the security system, which will automatically block new threats. The use of deterministic tools to identify and prevent malware without behavior analysts in a sandbox is also crucial.
Even if organizations insist on relying on trained operators, they will find that they are simply not making them fast enough. The skills gap is already evident and is forecasted to continue to deepen. The industry needs to shift from siloed, human-intensive solutions, to large scale automatic systems.
Failing to take this approach will only lead to a greater gap between industry promises and results.
Yotam Gutman, independent Marketing and Business development consultant to cybersecurity startups, formerly a sales and marketing manager at several cyber security startup.
