Every week we see more headlines in the press about new cyber-attacks and security vulnerabilities affecting millions of consumers and businesses around the world.
Massive data protection scandals such as Equifax – where 143 million individuals’ personal data were exposed in a hack that could have been prevented by a simple patch – now seem to happen on a worryingly regular basis.
Meanwhile, the cybersecurity industry seems to be sitting pretty, with business revenues in the sector growing by an estimated 11% every year. A recent report from Cybersecurity Ventures forecast that global spending on cybersecurity is expected to exceed $1 trillion between 2017 and 2021. Given the ongoing list of high-profile security breaches, is the cybersecurity industry really offering its customers value for money?
The statistics would suggest that it is not. The number of businesses falling victim to attacks rose by 21% in the US last year, and doubled in the UK in the past two years. Figures show that there were 918 data breaches compromising 1.9 billion data records in the first six months of 2017, up 164% compared to 2016.
A primary cause is the rise in mobile and smart device usage within companies, with network perimeters becoming edgeless. This, in turn, means that there are more points of vulnerability, giving attackers an increasing number of access points.
Given that networks have evolved steadily in the past few decades – from wired to wireless – many long-standing cybersecurity methods simply are not up to scratch. Firewalls and anti-virus software, for example, are purely preventative tools and have become less effective over time.
Lockheed Martin’s Kill Chain Model – on which many businesses base their cyber defenses – focuses largely on malware and intrusion but, crucially, does not take into account the detection of threats that make it past the perimeter firewall.
In a world where businesses are becoming increasingly digitalized, detecting anomalies and defending a blurred perimeter is beyond human capability. A more effective approach is based on the principles of Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK), which can deliver better value for cybersecurity customers.
This model shifts the focus from preventing attacks to detecting threats once they have broken into the network. Spotting a cyber-criminal that has already made it inside is a better allocation of resources, considering how common cyber-attacks have become.
The ATT&CK model seeks to provide a detailed analysis of attacks that have penetrated the network, and provides practical information to cybersecurity specialists on threat behavior and remediation. By sharing the information with the wider cybersecurity community via a database, analysis can boost defenses and improve the anticipation, prevention, detection, and response to cyber-attacks worldwide, not just within a single company or country.