In the wake of the Sony Pictures hack, the cybersecurity firm FireEye demonstrated that the sort of breach that Sony experienced is not likely preventable with conventional network defenses.
Instead, the firm noted that “organizations must consider a new approach to securing their IT assets ... [they] can’t afford to passively wait for attacks. Instead, they should take a lean-forward approach that actively hunts for new and unseen threats.”
But what constitutes a "lean-forward" approach to cybersecurity, and why are more organizations not already taking one?
The emerging field of proactive cybersecurity is complex, encompassing a range of activities also referred to as “active defense.” While “hacking back” – or using technology to pursue culprits, retrieve stolen data, and potentially even shut down the bad guys – is a point of contention when discussing the role of private sector defense, it is one that more firms seem to be considering despite the legal consequences of breaking into other networks.
Still, it's just one facet of the larger proactive cybersecurity movement, which includes technological best practices ranging from real-time analytics to cybersecurity audits promoting built-in resilience.
To gain insights into commonly accepted and utilized means of proactive security, my coauthors (Amanda Craig, senior cybersecurity strategist at Microsoft, and Prof. Janine Hiller at Virginia Tech) and I reviewed the descriptions of 27 cybersecurity products offered by 22 firms.
Some of our findings confirmed our expectations. For example, all but one of the surveyed firms (96 percent) offer cybersecurity auditing services, which is perhaps partly in response to the growing importance of the cyber-risk insurance industry.
More surprising, though, were the relatively few companies that offer mobile security products or services designed to counter insider threats, even though the latter is deemed to be up to 20 percent of the overall threat.
Read the full piece at The Christian Science Monitor.
- Publication Type:Other Writing
- Publication Date:02/27/2015