2017 was a good year for cybercriminals. From the WannaCry ransomware attack to the Equifax breach, it seemed like little could be done to keep our cherished data secure.
But if anything, last year was a wake-up call for the enterprise, which is now poised to come out swinging with new security practices backed by some of the most advanced technologies known to man.
There is no question that the status quo is no longer tenable. Companies that cannot protect their customers’ data – let alone their own internal secrets – will not last long in the digital age. Microsoft, for one, estimates that the global cost of cybercrime could soon top $500 billion, with the average breach running as high as $3.8 million. Additional research from Juniper indicates that global costs could quadruple to $2 trillion by 2019, with the average cost exceeding a stunning $150 million. Clearly, the enterprise has more to gain by upping its investment into security than simply hoping the hammer will not fall on them in the near future. (Learn more about ransomware in The Ability to Combat Ransomware Just Got a Lot Tougher.)
Secure, But Open?
While the goal of tighter security is clear, the path to get there is anything but. With cyberattacks growing more sophisticated by the day, how can the enterprise maintain a secure environment without hampering the openness and flexibility that emerging data ecosystems require? According to The Maine Biz’ Laurie Schreiber, one of the key strategies going forward is to think beyond the standard “fortress enterprise” approach that stresses firewalls and anti-virus measures, to a more layered solution in which security inhabits a range of physical, virtual, application and even data-level architectures. Through tools like continuous monitoring and backup, coupled with policy-based data and device protection, the enterprise will not be able to prevent all breaches but will have the tools to more effectively contain the damage when they do occur.
Some developers are also turning to emerging open systems like the blockchain distributed digital ledger as a means to bolster data security. As Forbes’ Roger Aitken points out, start-ups like Gladius and Confideal are working on ways to enable smart contract management and secure transaction processing by leveraging blockchain’s ability to protect data by copying it to multiple secure servers around the world. For example, Gladius has devised a way to share bandwidth for applications like content delivery and DDoS mitigation, which makes them vastly more difficult to attack because the infrastructure hosting these services is no longer confined to one data center or even one cloud. (Find out more about blockchain in An Introduction to Blockchain Technology.)
The Three A's for Smarter Security
Security can also be significantly improved using the “three A’s”: automation, analytics and artificial intelligence (AI). Enterprise Innovation’s Gigi Onag points out that through robust automation the enterprise can introduce “adaptive security” that is capable of responding to the changing nature of cyberattacks. By taking on all of the routine tasks, automation helps free up security specialists’ time to focus on preemptive measures and combat the most challenging intrusions. At the same time, advanced behavioral analytics can reduce the time to detection (TTD) from months down to mere hours by creating profiles of what normal data activity looks like and triggering a warning should that activity deviate beyond a set parameter. For some time now, cybercriminals have been using automated software to penetrate secure systems and subtly retrieve critical data – it’s only right for the enterprise to adopt these same techniques for their own defense.
As for AI, imagine having an army of super-smart, all-seeing security experts on the job 24/7. Not only can such a system spontaneously circumvent the most leading-edge attacks, but it can continuously monitor a worldwide data store containing up-to-date information on existing software threats as they mutate into ever more potent weapons. A recent report in Business Times highlights some of the many ways in which public and private entities are laying the foundation for massive AI-based security solutions, including IBM’s X-Force Exchange and various efforts by Singapore’s Computer Emergency Response Team (SingCERT) and Info-communications Media Development Authority (IMDA).
Through these and other measures, we can expect to see cybersecurity evolve from a strict react-and-respond function to a more holistic health-and-wellness approach, one that mimics the human body’s ability to defend itself against unwanted intruders.
It should be noted, however, that emerging technologies are available to all, which means that the bad guys will be able to leverage all of these advancements for their own ends as well. But through the right combination of approaches, it is still highly conceivable that next-generation cybersecurity will not only make it much more difficult to obtain data, but that the value of that data will be greatly diminished by the time it falls into the wrong hands.