Online crime is harder to protect against due to the global explosion of connected devices; the growing ‘Internet of Things’ (IoT), the fact online crime knows no borders, and emerging digital attack vectors.
“Online crime is no longer just about picking someone's pockets or causing an inconvenience, it's about breaking in, raiding the safe and leaving a mess behind,” says Dr Rajiv Shah, general manager Australia, BAE Systems Applied Intelligence.
The rise of connected everyday devices, dubbed the Internet of Things (IoT), is likely to see more than 25 billion devices connected to the internet by 2020, according to Gartner.
Every internet-connected device is at risk of a malicious digital attack, which means that the potential threat surface continues to grow exponentially.
The huge variety of devices, many of which can be very simple, means that businesses cannot expect to deploy effective security on each individual endpoint.
Effective security requires a holistic view of people, processes and networks, which are continually growing in scale and complexity.
To scale their security efforts, companies need tools and techniques that operationalise security.
Organisations must deploy solutions that let security analysts identify and manage threats quickly.
Big data analytics and threat intelligence compile the contextual information needed to detect, monitor and respond to threats.
BAE Systems Applied Intelligence recommends the following three steps to protect against the new wave of security threats:
1. Find the right partner
Digital attack techniques and the security software used to defend against them are both evolving rapidly.
Organisations need technology and partners that can keep up and enable a continuously healthy security posture.
They must find reliable sources to automate and optimise information to ensure it is quickly and effectively translated into intelligence.
2. Know to look for...something
Many organisations have built solutions on the assumption that they know what they’re looking for.
However, the saying “you don’t know what you don’t know” is particularly relevant to cyber security, where unfamiliar and unusual activities can go unseen.
Constant monitoring and anomaly detection, supported by data analytics, is critical to uncovering emerging threats. Security teams regularly see new forms of attacks in unexpected places. Ongoing vigilance is essential.
3. Foster effective dialogue and collaboration
Security is a boardroom issue and is often lost in translation. Companies need to guide their digital information security employees on how to discuss these issues with boardroom members.
Boards need to understand their operational risk, the cost of protection and the potential cost of an attack so they can make the right security investments.
Offering a cost benefit analysis of the risk and impact can help a boardroom understand the cost of the risk, and how it compares to the investment required to mitigate it.
“The ‘Internet of Things’ is a scary beast, becoming more all-consuming by the day,” Dr Shah says.
“But while it creates challenges in keeping up with online crime, it also provides solutions.
“The huge swathes of data it makes available for monitoring and analysing helps security experts understand new and emerging threats.”