Don't predict, protect

Predictions don’t stand a chance against ever-evolving threats

armor knight protect

Many industry leaders have laid out their predictions for 2017, but where are those willing to discuss the necessary advancements that security technology needs to adopt to keep businesses safe?

While it is always important to be prepared for what lies ahead, preparation based on predictions made in the face of ever-evolving threats doesn't really stand a chance. One thing is for sure: no one knows what the next attack will be and through which vector it will strike.

Because we won’t know which predictions hold true until we look back in December 2017, trying to successfully anticipate these attacks is as plausible as planning to win the jackpot in the lottery. 

Dotan Bar Noy, CEO of ReSec Technologies, said instead of looking toward tomorrow’s attacks, industry professionals need to put a focus on today’s threats, implementing solutions that cover any and all potential areas of attack. 

"Follow the data, follow what the trends are, but you can analyze that in different ways. Most attacks start from an email, so have a very strong solution for email. Another way is, it starts from an email, but how? What is the method of attack?" said Bar Noy.

Without moving to the area of guessing, it's critical for businesses to understand the risk factors and potential damages they have in the enterprise. They need to know where they are most vulnerable, "But also, if someone does get in, what are the damages that will happen?" Bar Noy said.

Understanding their environment will allow them to focus on areas that are most critical instead of spending money on solutions for something that might happen. Because a threat exists, doesn't mean it is a risk for all enterprises. "Focus on the area that you feel the damages will be substantial, then ask, 'how are my most precious assets protected?'" Bar Noy said. 

When you are planning to defend, Bar Noy said to ask, "Where are they going to attack? In most cases, when hackers plan an attack, they are thinking about where you are going to defend. The attackers are going to work around what you build to defend."

It's also important to remember that those groups of bad actors around the world are all doing this for money. "This is a business. People wake up in the morning in the same way that you and I go to the office, but their entire day is focused around penetrating the organization. They want the quickest, highest pay out. They won't put a lot of effort into targeting the least reward," said Bar Noy.

Most attackers are very patient and are willing to work hard, but the payout needs to be worthwhile. "Cyber is not magic. They will use numerous methods to get in, but it's not magic. It's technically skilled people that understand your network, they understand how your system works, they understand social engineering," said Bar Noy. 

The good news is that businesses can actually protect themselves against a variety of threats in the coming year. Depending on business needs, they should start looking at cyber as an integral part of doing business. "This ensures that you can continue building revenue, that you're always thinking ahead. Changing one vendor to another does not substantially improve your security position," said Bar Noy.

More and more vendors are going to be able to integrate your Gmail or Office 365 and offer more robust security because, Bar Noy said, "Everything is moving to the cloud, it seems to be catching on, especially for SMBs." 

Why is the cloud catching on? There's just a lot more everything from threats to data. "There are constant shifts from one kind of attack to another. All the shifting is happening very quickly, and it's up to us to make sure we are up to date," said Bar Noy.

What is certain is that there are known ways for enterprises to build high fences to defend against many existing and emerging threats. "If something is known and you got hit, the fault is yours," said Bar Noy.

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful cybersecurity companies