Cybercriminals are now using highly advanced automation tools to deploy malware with much greater speed and scale. CISOs in India can no longer rely on a manual approach in cyber defense as cyber-attacks have become automated, riding on escalating infrastructure trends in cloud adoption and encryption.
According to cyber security firm Fortinet, hackers have been using automated tools to dramatically multiply sophisticated cyberattacks on critical national infrastructure, public & private sectors and governments. Cyber-crime syndicates are also turning to automated tools because they make it easier to cover their tracks and reduce traceability.
“A huge proportion of exploit activity today is fully automated, using tools that scan wide swaths of the Internet, probing for openings. Modern tools and pervasive “crimeware-as-a-service” infrastructure allow cyber-attackers to operate on a global scale at light speed,” said Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.
But while the secure protocol is designed to maintain privacy, ironically encryption is also hampering threat monitoring and detection. Research and Markets predicts the global cloud encryption market to grow from US$645.4 million in 2017 to US$2.40 billion by 2022.
As automated cyber-attacks becoming more pervasive, Fortinet offers 5 key tools for security leaders in India to unify control across all attack vectors to stop automated attacks:
- Patch Management
Patch management is absolutely essential. Mirai and Hajime, a stealthier and more advanced self-propagating worm, exemplify the damage that can be done when IT teams fail to patch known vulnerabilities.
- Intrusion Prevention System (IPS)
Intrusion prevention system (IPS) is the first line of defense for organizations. As manufacturers of Internet of Things (IoT) devices are not held accountable for security, billions of devices are vulnerable to attack, with no patches in sight. Until this is addressed, IPS is necessary to perform virtual patching and block hacks and attacks into IoT devices.
- Redundancy Segmentation
– Redundancy segmentation is necessary because ransom attacks are going after valuable data. There have been cases of ransomware that go in, infect data, as well as backups of data, which is disastrous. It is critical that backups are segmented off networks.
- Focus on Visibility
People are always trying to build a fortress against an invisible enemy. Instead of building a wall, one should use threat intelligence solutions to understand attacker profiles and what tactics and procedures they employ, and then start intelligently defending based on that information. Prioritize security around critical assets of an organization. Otherwise, if an asset is ransomed or attacked by a distributed denial of service, it will cost your business substantially.
Finally, once you understand your enemy and have built appropriate solutions, tighten up the time to defense. Use proactive solutions and look at ways to create interoperability. Most organizations have many different solutions from different providers. Strive to reduce that complexity by further integrating and consolidating existing security devices with a security framework that utilizes advanced threat intelligence sharing and an open architecture.