Story image

Exclusive: Are we heading for the cyber security dark ages?

Recently IT Brief had the opportunity to talk to Rackspace A/NZ GM Darryn McCoskery about the future of the cyber security industry. 

How do businesses need to evolve in order to prepare companies for future cyber threats? 

Given the rapid pace that technology is changing at, businesses can no longer rely on the ‘set and forget’ approach to security of the past. Today, cyber security strategies need to focus less on preventing attacks from occurring – because they will occur, and more on increasing the amount of time that attackers are forced to spend within corporate cloud systems. 

This may seem counter-intuitive to some but an approach like this accepts the reality of Australia’s tech landscape wherein the time it takes you to identify (and then resolve) a data breach, another one could just as easily be taking place.

At Rackspace for example, we have moved beyond perimeter security measures to internal, host-based security controls. Known as Active Defence, this approach works by increasing the time it takes attackers to circumvent controls and exploit systems with the use of deceptive techniques such as honeypots. 

This not only acts as a deterrent but also increases the time that a black hat must spend within the system, which allows us to create a thorough profile and gain valuable insight into what it is they are going after and how. Essentially, the more time it takes for an attack to occur, the more prepared for future attacks businesses can be.

There also needs to be greater collaboration with different stakeholders within the organisation. The best security experts and advanced security solutions won’t protect you if your employees are not following basic security measures, or lines of businesses are using new technologies without informing the IT department. 

This is why more and more companies rely on third-party experts, whose job is to identify security gaps within the organisation, educate stakeholders, improve collaboration, and chose the security solutions and strategies best suited to every single organisation.

What do security providers need to do to reassure their clients that they are prepared to handle future cyber threats?

The introduction of the national Notifiable Data Breaches (NDB) Scheme, and globally other regulations like the GDPR, have highlighted the need for improved cyber security processes and encouraged organisations to take more interest in their data security and notification.  

As customers seek assurances about how their data is being shared and protected, and how their clients’ data is being shared, it is important for security providers to be up-front and honest. Trust and transparency are critical.

Cyber attacks are getting more sophisticated every day, and the surface of attacks is constantly increasing, especially as the IoT expands.  Keeping customers up to date and informed about cyber hackers’ new techniques, and running attack simulations can be a great way to keep cybersecurity top of mind while raising awareness amongst key stakeholders. Education is always a key piece to this complex puzzle.

One of the ways we demonstrate value at Rackspace is through regular reporting on security activities that take place on our customers’ accounts, including investigations that have resulted in false positives and remediation activities when a breach has taken place. 

Immediate notification is absolutely necessary to maintain the trust relationship between customers and security providers. Ongoing training and support tools are also necessary to ensure customers are empowered to make cybersecurity decisions and feel a part of the organisations’ overall security conversation.

How are we training our Information Security teams to be the expert across the exhaustive list of threat vectors?

Across the nation, there is an acute technology skills gap. This isn’t news to anybody – you only have to take a look around to see the shortage in action. According to a recent survey by Intel Security, 88% of Australian IT decision makers believe that there is a shortage of cybersecurity skills both within the public and private sectors.

A successful cybersecurity strategy involves a combination of factors: proactive detection, and investment in the right skills that enable siloed teams to identify and respond to individual patch vulnerabilities. It’s not about being able to defend against every type of possible threat. 

Instead, the focus must shift to training Information Security teams to think like hackers (or whitehats), encouraging the team to constantly innovate and brainstorm ways of breaching current security measures… and to always think one step ahead in terms of active defence.

Other Australian businesses have realised the benefits of leveraging external security providers for this task, with the specialised knowledge and relevant experience to detect, respond and report in real-time on potential breaches.

Industry stats prove it still takes (on average) 99 days to detect a breach! How can businesses quickly adopt a “patch or perish” mentality?

Globally, the average time that it takes to identify a breach and then resolve is 99 days. Across the APAC region, this timeframe is closer to 170 days. 170 days! Realistically, breach detection should be taking 24 hours, not close to 6 months.

Businesses need to be taking a more long-term approach to cybersecurity by developing graduate programs that attract the best university talent and incentivising their current IT staff to upskill. Outsourcing through a managed services provider (MSP) is another option to close this skills gap and relieve some of the pressure on over-worked, capacity-strapped internal tech teams.

Do you believe that AI and machine learning are the future of 'full-proof' security? 

While AI and intelligent machines have the ability to maximise and augment human capacity, these technologies will never be able to replace the human workforce. In terms of cybersecurity, for instance, skilled IT professionals can utilise cognition to think outside of the box – understanding how hackers work, how their strategies are evolving and how to actively defend the secure environment instead of focusing solely on prevention.

Under every cyber-attack there is a human, using technology. A “full proof” security approach needs to incorporate both elements: human and technology. Organisations using and combining the best of both worlds will likely be the ones able to get ahead of hackers when others – relying only on human skills or only on technology – will slowly lose the battle.

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."