Four innovative ways to tackle the security conundrum

If there’s one thing that many businesses fear, it’s being targeted by cybercriminals and having their technical infrastructure compromised. According to a report from Lloyd’s of London, global cyberattacks can end up costing anything from $4.6 billion to $53 billion.

The insurance giant compares global cyberattacks to natural disasters like hurricanes, creating similar financial damages. Meanwhile, statistics from the UK government claim that half of British businesses have been hit by a cyberbreach or attack in the past year. Many of these firms have reported loss of files and corrupted systems.

Companies are hot targets for hackers, who see an opportunity in getting hold of lucrative business and customer data. But when hacks occur, it’s not just money firms are losing. Internal efficiencies are also damaged, not to mention reputational damage if customers become victim.

Luckily, businesses are beginning to take action. Technology research specialist Gartner predicts that spending in the cybersecurity arena will reach $98 billion in 2018, a sign that companies are taking this epidemic seriously. And in many cases, they’re showing a sense of creativity when it comes to implementing effective solutions.

Monitoring the dark web

Digital Shadows is one of many companies developing pioneering technologies in the cybersecurity sector. It’s developed a service that monitors criminal forums (including the dark web) for evidence of activity against that company. So if business data such as passwords, financial information and intellectual property were to end up for sale online, firms would be able to take action.

According to the company, when firms get breached, they don’t recognise that they have for around nine months. This means that if a company like Digital Shadows can find evidence, then the breach can be shut down and damage mitigated. Michael Marriott, research analyst at the company, says this technology can transform the way businesses approach cybersecurity.

“The cybercriminal has the advantage of surprise and stealth. They can spend months scoping out targets, identifying weaknesses and when they do infiltrate a network it takes an organisation, on average, nine months to detect a data breach. If we can minimise this window then we can minimise the damage,” he says.

“Keeping up with cybercriminals means understanding their methods and how they collaborate. For example, it is possible to gain intelligence and find out what threat actors are talking about on criminal forums. If they are looking to target a particular system, application, or client then action can be taken to prevent an attack.

“If breach data is being sold then (for example) user names and passwords can be shut down and customers alerted. Sometimes breach data ends up on paste sites and it’s often possible to automate the process of getting this taken down. This approach is known as digital risk management and key to protecting organisations and communities from the security and privacy risks of the next wave of the digital economy.”

Focusing on employees

Often, when it comes to approaching cybersecurity, companies employ specialists to ensure they have the best practices in place. But many cybercriminals are beginning to target employees, and often they’re not aware of the risks. PhishMe, another leading cybersecurity firm, believes that companies need to involve staff in fighting hackers.

Aaron Higbee, PhishMe cofounder and CTO, says companies are more effective at responding to cybercrime by working with their employees. “Conditioning employee behaviour is essential to transforming employees from a risk factor into a security asset, and many companies see this as the goal of their cybersecurity initiative,” he tells us.

“When employees can spot phishing attacks and feel empowered to report them, a stream of intelligence is created that can produce powerful visibility on attack patterns and malware strains, helping speed incident response and prevent potential attacks.

“The success of this process lies also in the gamification of the phishing experience, and the integrated nature of its deployment. It’s a game employees forget they’re playing until they lose, and which they learn from when they do.”

Cutting through the data noise

Based in New Zealand, Endace is also developing innovative technology and creative approaches for the cybersecurity sector. It acts as a CCTV camera for corporate network traffic, working with a client base that includes everybody from famous government agencies to four of the top 10 FTSE 100 organisations.

Cary Wright, VP of product management at Endace, says this technology can streamline operations for key decision-makers: “Today, CISOs are trapped in a vicious circle. The number of security alerts and events being detected are increasing by the day, the consequences are escalating and the available talent to remedy the problem is in short supply. As a result, critical alerts that may give early clues to a breach are going unnoticed.

“To gain an edge, creative CISOs are investing in tools that accelerate investigations with greater accuracy. By doing so, they are reducing the growing pile of security alerts that need to be reviewed and simultaneously increasing the amount of time to deal with the ones they need to. Just like treating an illness early can lead to better prognosis, getting to the important alerts earlier can often stop an assailant before they find the critical data.”

Putting an emphasis on training

Ensuring that there’s enough fresh talent in the cybersecurity world is crucial in fighting online criminals, and London-based startup Immersive Labs is using cloud technology to make this happen. It’s created a platform aimed at accelerating assessment and training in cybersecurity.

The Digital Cyber Academy, which launched in Canary Wharf, encourages full-time students around the world to develop cyberskills by taking part in real-world exercises. There are online cyberlabs and global leader boards that can be used by employers and recruiters to fill the cybersecurity skills gap.

Robert Hannigan, ex-director of GCHQ, says: “Identifying, developing and measuring practical cybersecurity skills is the great challenge for all companies today. The Immersive Labs approach is the most exciting thing I’ve seen in this space: scalable, agile and appropriate to the way a new generation learns. It has the potential to disrupt and transform this crucial market.”

During the launch event, company founder James Hadley said: “We have acknowledged that academic background has little bearing on an individual’s ability to develop much sought-after cyberskills. The Digital Cyber Academy will enable millions of students to develop knowledge and hands-on skills, allowing them to be recognised as highly cyberskilled by potential employers. We’re looking forward to building a community of cybersecurity talent from around the world, on a single platform.

Cybercrime is growing rapidly, and it’s clear that many businesses are struggling to stay ahead of hackers and other online criminals. While the threats keep evolving, they need to invest in the latest technologies and think out of the box to keep themselves and their customers protected.