Cruise Control Security Won’t Stop this Code Red Problem

Problem 6 of 7 things wrong with the mid-market Cyber Security

Hackers don’t care for ‘office hours’. Day and night, cybercriminals are ‘casing for data’. In fact, ‘out of hours’ is often the favoured time. It means organisations must have their guard up, at all times. Or risk suffering the dire consequences. Enterprises cope with this ceaseless threat by employing large teams and running expensive security systems.

For mid-sized businesses, a lack of resources to mount a 24/7 defence leaves them at an increased risk of a cyberattack causing devastating financial and reputational damage. Turning to automated legacy security is proving to be inefficient. It does offer ‘cruise control’ protection, but cruise control is not smart enough to halt modern attacks.

This situation is serious – but it is also manageable. The rise of autonomous cybersecurity offers mid-market businesses access to 24/7 security, designed to cope with an ever-changing threat landscape.

Late Night Callers

Three in four ransomware attacks targeting the enterprise sector take place at night, with 49 percent occurring on a weeknight and 27 percent over the weekend, according to FireEye. This is a serious problem for resource-challenged (or non-existent) mid-market security teams, looking to better protect their organisation from infection.

If an incident takes place late on Friday night and is only noticed at 9am on Monday morning, hackers will have spent the entire weekend extending their attack or even covering their tracks. It allows them to spend longer inside the network and cause more damage longer-term. The most obvious response to a 24/7 threat is to have a Security Operations Center (SOC) operating day and night. For mid-market businesses, this is unfeasibly expensive. Automated security products offer a partial solution, but often fail to identify and detect unknown threats. The ability to respond to the unknown is a key part of a proactive security posture.

“Most automated network and endpoint security controls utilise signature and rule-based alerting for IOCs, which only detect the “known knowns”. This catches previously described malware hashes,” the Home Office’s Digital, Data and Technology team warned in a paper called ‘Detecting The Unknown’.

Zeroing in on Threats

The risk posed by zero-day threats is also growing, with Google’s Project Zero recently warning of a significant “uptick” in these unknown vulnerabilities in 2021. “Halfway into 2021, there were 33 zero-day exploits used in attacks that went on to be publicly disclosed — 11 more than the total number from 2020,” it wrote in July.

Without full-time staff or access to 24/7 support, mid-size businesses are vulnerable when new threats and zero-days emerge. The solution is to enable cyber security defences to act autonomously. Automated systems work like an autopilot, stopping expected attacks and responding effectively to threats that have been encountered before. But they can’t cope with the unexpected.

Autonomous cybersecurity, on the other hand, can react independently to identify and stop threats that have never been encountered before. Mobilising autonomous security is like adding a superhuman new member to your team that can work around the clock without stopping.

Autonomously Augments

Autonomous security also augments the abilities of IT teams by saving from the time-consuming process of painstakingly investigating minor alerts or false positives. In an interview with the government tech publication MeriTalk, Dr Matt McFadden, Vice President of Cyber at the defence giant General Dynamics, said that autonomy offers organisations the ability to cope with threats that are “constantly changing, increasing, and growing more sophisticated”.

“We need our cyber defenders to maximise their time to focus on the high priority impacts, rather than on the trivial ones they’re bogged down with,” he continued. “Autonomous cyber defences can help solve those challenges – resulting in enhanced perimeter protection, improved endpoint and continuous monitoring, automated patch management, and enriched cyber situational awareness.”

Mid-market organisations no longer need to do without 24/7 support. Autonomous security systems offer mid-market organisations powerful, cost-effective solutions that never sleep and are intelligent enough to cope with threats that are known and unknown. Autonomy is undoubtedly the future of security.

Join the mid-market revolution. Sign up to receive our ‘7 things Wrong with Mid-Market Security’ Report: