Considering the bottom line
Cyril Voisin explains why cybersecurity should be focused not on securing the perimeter, but protecting your bottom line
Cyber breaches cost money. While this may be a trivial and obvious point, the subtleties and scale of incursions vary. Some can cause mere inconvenience or downtime to services, leading to costs that are not easily quantifiable, but nonetheless impact performance and profitability. Others can lead to unambiguous consequences, sometimes costing hundreds of millions of dollars, as organisations face daunting issues such as business continuity or punishing litigation.
In the UAE, where the government is in the throes of an ambitious digital-transformation programme, cyber security has never been more important. Along with the public-sector entities as well as the larger organisations, the country’s small and medium enterprise sector routinely contributes more than 60% of non-oil GDP, and can often ill afford the capital outlay required to defend against an increasingly sinister threat landscape. But neither can these firms afford the costs associated with a serious digital incursion.
A live survey of UAE-based PCs, conducted by Microsoft over the entirety of 2015, revealed a startling pattern of aggression from the malware community. Malicious activity spiked in the fourth quarter, when more than one in every three (34%) computers surveyed reported a malware encounter, compared with a worldwide average of around 21%. While most of these infections were blocked, one in every 20 (4.95%) monitored machines faced infections that had to be cleaned, against a global average of 1.69%.
The data agrees with a number of other reports that suggest the UAE has higher-than-average rates for both encounters and infections. Interestingly, this discrepancy cannot be attributed to a lower-than-average protection rate among UAE machines. Microsoft’s data shows the percentage of PCs in the UAE that use real-time protection software to be on a par with the global average. So, we might conclude, the UAE is a high-priority target for malware-spinners.
A recent IDG report on UAE cites that IT Professionals from the country plan to invest 38% of their resources in cyber security alone over the next 12 months. This reflects that the cyber-security industry, and the wider managed-services sector, have both recognised the need for a fresh strategy and attention.
First, the industry has understood that malware-producers have become more sophisticated. Cyber-miscreants have adapted to signature-matching, by deploying automated Trojan-downloaders that update malware components with fresh versions faster than security companies can issue software updates. Digital bandits are also able to cunningly disguise their strains as authorised processes to slip under the protection radar. And advances in social engineering have allowed an alarming escalation in the number of phishing, spear-fishing and whaling attacks.
Second, ICT companies, and cyber security firms in particular, have come to the realisation that being attacked is not a matter of “if”, but “when”. This epiphany has given birth to a new approach, of detection in addition to prevention; agile mitigation, along with rigid defence. This strategy becomes especially significant when doing battle with so-called ‘zero-day’ attacks — strains that were previously unknown and against which there is no current remedy. Such newcomers can be detected by sophisticated AI modules that look for patterns in behaviour, rather than employing standard signature-matching.
Thirdly, security-conscious organisations have noticed that the number of devices on which malware can do damage is growing rapidly, now that IoT, AR, tablets and smartphones have joined the category. Estimates vary on exactly how many of these gadgets will be around by 2020, but projections range from 30 billion to 75 billion. Cyber-security specialists talk about growth in the “attack surface”, a concept that factors in the many software vulnerabilities per device. While estimates as to the rate of production of new malware samples is forever growing, a report from Symantec suggests the figure is around 868,000 each day. And an article from CNN Money cites a Verizon study that claimed each of those samples takes an average of only 82 seconds to claim its first victim.
Lastly, service providers — aware that effective, network-wide mitigation measures are outside the budgets of many smaller businesses — have started to integrate such solutions into their cloud platforms, giving SMEs a haven in which to establish their infrastructure anew.
IT Companies invest billions of dollars annually in cybersecurity advancements and incident-response centres, so they can react effectively when breaches occur. Machine-learning is one such technology, and it is used to probe patterns in network activity and sift out malicious behaviour. It has also been useful in probing software for security vulnerabilities.
To deliver a comprehensive, agile platform to better protect endpoints, move faster to detect threats, and respond to security breaches, Microsoft builds security into products and services from the start. The industry’s most stringent encryption is applied both to data at rest and packets in transit from the data centre to a client’s site.
Microsoft’s insights are garnered from networks and devices all over the world, via opt-in customer programmes. Some 1 billion Windows devices are updated each month; 200 billion emails are scanned for phishing scams and malware; and 300 billion authentications are processed. This data has allowed Microsoft to develop an intelligent security graph that protects endpoints, better detects attacks and accelerates response.
Cyril Voisin, executive security advisor for MEA and France, Enterprise Cybersecurity Group, Microsoft.