Build a data-driven defense strategy to fight cybercrime

The coronavirus pandemic is being compared to war-like conditions by the World Health Organization. We know that bad decisions and poor data (or intelligence) during a war can have serious human and economic consequences. Compare Italy, Spain and the US to Singapore, Taiwan and Hong Kong. Even though the enemy is the same, some nations placed the disease on higher priority than others and the strategy they adopted defined their outcomes, and the results are before us.

Cybercrime is its own pandemic

The cybersecurity industry witnessed almost 10 billion malware attacks last year and is witnessing a staggering 667% increase in phishing attacks owing to Covid-19 this year.

In, fact, attacks surged in several healthcare organizations amid Covid-19 and even the WHO was not spared. Per a recent report, the coronavirus will cost the global economy an estimated $2 trillion. Cybercrime on the other hand (also borderless in nature) is estimated to cost the global economy $6 trillion by 2021, making it one of the biggest threats that mankind will ever witness.

Cybersecurity is plagued with inefficiencies

Ironically, companies that invest in advanced technologies often ignore cybersecurity best practices and hygiene. This can lead to several inefficiencies that eventually compromise the success of one’s security posture. Here is my list of the top cybersecurity inefficiencies we see among enterprise organizations:

Not choosing the right battles: There’s an avalanche of new cyber threats daily. Most companies don’t prioritize risks as well as they think they do. They don’t ask the right questions. They don’t put in the right defenses in the right amounts at the right things.

Common (mis)understanding of threats: We usually end up worrying about threats that make it past our current defenses only a minute before they are detected and removed. This is because we fail to recognize that threats are a symptom of security gaps.

Not enough focus on root causes: IT teams often tend to overlook or ignore why the threat ended up there in the first place. For example, ransomware is often confused as a threat, whereas it is a symptom of a vulnerability. The most important piece is how did it get in?

Threat (Un)Intelligence: IT organizations deploy expensive tools but most tools are not risk focused -- they fail to reveal root causes or forensic analysis. History has shown that meaningful threat intelligence can have the most decisive impact on war-time operations.

Poor risk ranking: One of the biggest mistakes IT security teams can make is focusing on the wrong threats or not ranking risks relative to each other. Another common mistake: focusing on individual threats instead of broader root causes.

Poor communication: Lack of communication can often mean lack of clear top-down instructions from management to all important stakeholders. Cybersecurity awareness and training is a crucial aspect of communications. It’s important that end-users be trained to identify top threats.

Asking these 3 questions can help get you started

During and after any pandemic there will be a heightened focus on digital infrastructure, and experts suggest that cybersecurity will matter the most. If you’re looking to chart your next cybersecurity strategy, answering these 3 questions may help:

What’s your Number One root cause?

Know the difference between threats and root causes. Don’t get fixated on adware. Worry about how the adware got in in the first place. The root-cause exploit that allowed adware to get in will also allow ransomware to get in. Research shows that more than 90% of successful breaches start with a phishing scam and 60% of breaches also involve unpatched vulnerabilities. Other root causes may include insider attacks, misconfiguration or programming bugs. The top two to three root causes account for most of the risk in your network.

2. Is the answer consistent across stakeholders?

It’s important to document and prioritize your risks. And equally important -- get buy-in from your stakeholders as they are a key cog in your defenses. Ensure there’s clear communication on what those threats are and establish awareness programs to ensure your staff is trained to handle those threats. Human error is the main cause of 95% of all security breaches.

3. Do you have data to back-up the right answer?

It’s important that decisions are driven by data and not on gut instincts, rumors or perceptions. It is important to adopt a data-driven defense planning cycle that begins with collecting threat intelligence, ranking your risks appropriately, creating an effective communications plan, deploying root cause defenses, collecting metrics and finally rinsing and repeating. Just like a pandemic, your cybersecurity goal is to recognize emerging threats faster so you can react quicker. This can only be achieved through data and threat intelligence.

Like real-world viruses, exploits and hacks continue to evolve. It’s important that we stay proactive in our defenses, not reactive. A data-driven defense approach is key to keeping your security teams alert and ahead of the attack chain.

Stu Sjouwerman, Founder & CEO, KnowBe4