If there’s any doubt that cyber attacks are sharply on the rise, look no further than GOV.UK’s recent findings that 81% of large corporations reported a cyber breach in 2014, with an estimated cost to organisations between £600,000 to £1.15 million per attack.
Those figures in isolation make the situation appear dire. But understanding the cyberattack lifecycle before it reaches your data centre – how a breach occurs, what happens once it’s in, and even just how long it takes to resolve – means you’re in the best position possible to prevent a successful attack from taking place at all.
Data centre security for years has meant securing an organisation’s perimeter. But hackers are getting smarter; once they breach the perimeter they move laterally to cause attacks within enterprise and government networks. What’s more, hackers these days are deliberate in their methods – and persistent. Our research tells us it takes an average of 24 days for organisations to identify and resolve an attack.
What’s clear is that there is an inextricable link between threats and the applications running on networks. Many significant network breaches start with an application such as e-mail delivering an exploit. These breaches use social engineering tactics and otherwise innocent business processes and procedures to do all the hard work normally involved in delivering malware. Exploiting a business process gives the attacker access to potentially millions of users and troves of data with minimal effort. Once on the network, attackers use other applications or services to effectively hide in plain sight and continue their malicious activity unnoticed for weeks, months or even years at a time.
Based on this evolution in attacks and the actors behind them, it’s clear that incident response- and remediation-based security – that is, cleaning up only after an organisation has been breached – is hardly adequate. Instead, we need to prevent attacks from occurring in the first place, and make attacking an organisation so cost prohibitive for a hacker to pull off a successful attack that they just give up and move on to another target.
Think about securing your organisation not as a house, with your security at front and back doors, but as a hotel, with security segmented by rooms and access levels. Network segmentation means multiple layers of protection that prevent hackers from moving freely within the network should they break through one layer.
The virtualisation of data centres is also creating new threat vectors. In our annual Application Usage and Threat Report, we found that just 10 out of 1,395 applications traversing most enterprise networks were responsible for generating 97% of 60 million exploit logs found on those networks. Nine of these 10 were data centre applications.
Architect for Prevention
Securing data centres with better user awareness programmes and detection software is not where companies should focus their often-limited resources. While detection and remediation measures have their place, ultimately they do little more than provide the details of an attack after the damage has been done. Companies must ensure security measures are in place to protect data centres from catastrophic attacks, employing micro-segmentation within the data centre and throughout the infrastructure to limit the risk.
To protect against attacks, focus on building a robust threat prevention program that, through high visibility, can quickly turn unknown attacks into known threats. Can your security infrastructure:
· Quickly analyse and identify the alerts that are critical from those that are benign, reducing the response times required?
· Streamline management and paring down the number of security policies needed in your organisation?
· Prevent known and unknown attacks from occurring by correlating patterns that pinpoint malicious activity?
Think beyond the four walls of an organisation and deploy security at entry and exit points but also at a more granular level. Think prevention – only cleaning up attacks after the fact leaves the advantage with the bad guys.