Let’s face it. The good old days of hacking are over.
You may remember that period when cybercrime was the work of underfunded individuals operating on their own. Traditional cyber security measures were usually more than enough to block attacks and protect networks and users. What’s more, criminals’ core motivation, money, made their behaviors easy to predict.
Thinking about it retrospectively, it wasn’t that bad, right?
Today’s landscape is less straightforward. Perpetrators are organized and have access to funding and manpower to make enterprises and economies tremble. Financial incentives behind data breaches meet political ambitions. And new categories of devices mean new entry points for attacks.
With thousands of threat events recorded every second and no sign of ceasefire, 2019 might be the best year to take a fresh look at cybersecurity. So what’s hot and an effective use of one’s security budget? And what’s odd and may not be a good fit for you?
This post looks at some innovative cybersecurity practices, considering both the pros and cons of each of them.
Why wait for threats to dismantle your IT infrastructure when you can chase them instead and avoid damages? That’s the principle behind threat hunting, the practice of isolating attacks that common security protections are not capable of detecting by themselves.
What’s strong about this practice, besides its rhetoric, is that it can be a significant cost-avoider. Cybercrime has an average annual cost of $11.7M, and the number of recorded security breaches is going up double-digit year after year. So clearly, more work is necessary besides installing firewalls and antiviruses.
Still, it’s advisable to approach this technique with a healthy dose of skepticism, such that it doesn’t become a cover-up. For instance, why is it that so many hacks and scams slip through the cracks? What can be done to reinforce organizational security processes and reduce the need for hunting overall?
Also, how are threat hunting operations going to be run? You may hire internal specialists who can then spend time and tailor efforts to your particular IT network and assets. Or you may rely on external experts working with several clients at once and, therefore, with a broader perspective on emerging threats and the capacity to think outside the box.
Either way, for proper hunting to take place, you will need investigative instruments to carry threat intelligence and detect system vulnerabilities. These tools shall allow you to gather reliable data about the security configurations of your servers, domains and IP addresses, SSL certificates, and more. They should as well enable you to check whether any of your websites may contain malicious content — in the form of dangerous file extensions, bugged contact forms, or something else.
Putting an end to repetitive and boring work. Automating time-consuming tasks. Processing information at speed inconceivable for human beings. These are some of artificial intelligence’s promises you have surely heard about, and they sound encouraging in a cybersecurity context where talent shortage and limited security budgets are recurring constraints.
Without much or any supervision, trained machines could automatically spot signs of attacks such as abnormal network activity and domain spoofing. Or they could consistently review all files that have been uploaded or modified in search of malevolent code or scripts designed to, for example, steal confidential information or compromise databases.
While that sounds like a big boost in efficiency compared to carrying these security activities manually, artificial intelligence is a double-edged sword. For instance, cybercriminals could launch bogus attacks at scale with the purpose of mistraining machines before radically changing their approach and go undetected.
Furthermore, the chances are that hackers will be more agile and faster to adopt the latest AI-based processes to execute their fraudulent pursuits than most organizations — making artificial intelligence a threat as much as it is an asset to better cybersecurity.
Domain Name Monitoring
Criminals need an online presence to proceed with most scams, and that typically involves registering one or several domain names to host a website or sending emails. The good news is that registrars, as required by ICANN, must collect specific information to identify registrants including their contact details and physical location before allocating web addresses.
That data, known as WHOIS records, is then made public and become useful in a variety of ways. For example, email users who received a message from an unknown sender can review details regarding the corresponding domain. Was registration done recently? If so, it might be a sign of fraud as scammers don’t wait long to move forward with phishing and spoofing attempts.
Is information diverging between records and other touchpoints? WHOIS data is verifiable and immutable, whereas domain owners can claim anything on their websites or elsewhere and change it later on.
But there are several issues with domain information. A big one is the scattered nature of WHOIS data since there is one separate record for each address — making it impractical for organizations whose employees’ interact with hundreds of websites and recipients on a daily basis. Another challenge is that scammers may not provide accurate information about themselves during the registration process.
These problems are mitigated, however, once information is integrated into the form of databases. In that case, it’s possible to run an analysis for thousands or more domains simultaneously. Patterns and connections between malicious domains also emerge when data is centralized, even if the contact details provided for individual records are fake.
Hacking and scamming threats have not become easier to handle over the years, and innovative cybersecurity practices continue to emerge with the hope to tackle them. But no innovation is a silver bullet, and with each new approach comes both advantages and downsides to consider on the way toward better cybersecurity.