Story image

Exclusive: Are we heading for the cyber security dark ages?

Recently IT Brief had the opportunity to talk to Rackspace A/NZ GM Darryn McCoskery about the future of the cyber security industry. 

How do businesses need to evolve in order to prepare companies for future cyber threats? 

Given the rapid pace that technology is changing at, businesses can no longer rely on the ‘set and forget’ approach to security of the past. Today, cyber security strategies need to focus less on preventing attacks from occurring – because they will occur, and more on increasing the amount of time that attackers are forced to spend within corporate cloud systems. 

This may seem counter-intuitive to some but an approach like this accepts the reality of Australia’s tech landscape wherein the time it takes you to identify (and then resolve) a data breach, another one could just as easily be taking place.

At Rackspace for example, we have moved beyond perimeter security measures to internal, host-based security controls. Known as Active Defence, this approach works by increasing the time it takes attackers to circumvent controls and exploit systems with the use of deceptive techniques such as honeypots. 

This not only acts as a deterrent but also increases the time that a black hat must spend within the system, which allows us to create a thorough profile and gain valuable insight into what it is they are going after and how. Essentially, the more time it takes for an attack to occur, the more prepared for future attacks businesses can be.

There also needs to be greater collaboration with different stakeholders within the organisation. The best security experts and advanced security solutions won’t protect you if your employees are not following basic security measures, or lines of businesses are using new technologies without informing the IT department. 

This is why more and more companies rely on third-party experts, whose job is to identify security gaps within the organisation, educate stakeholders, improve collaboration, and chose the security solutions and strategies best suited to every single organisation.

What do security providers need to do to reassure their clients that they are prepared to handle future cyber threats?

The introduction of the national Notifiable Data Breaches (NDB) Scheme, and globally other regulations like the GDPR, have highlighted the need for improved cyber security processes and encouraged organisations to take more interest in their data security and notification.  

As customers seek assurances about how their data is being shared and protected, and how their clients’ data is being shared, it is important for security providers to be up-front and honest. Trust and transparency are critical.

Cyber attacks are getting more sophisticated every day, and the surface of attacks is constantly increasing, especially as the IoT expands.  Keeping customers up to date and informed about cyber hackers’ new techniques, and running attack simulations can be a great way to keep cybersecurity top of mind while raising awareness amongst key stakeholders. Education is always a key piece to this complex puzzle.

One of the ways we demonstrate value at Rackspace is through regular reporting on security activities that take place on our customers’ accounts, including investigations that have resulted in false positives and remediation activities when a breach has taken place. 

Immediate notification is absolutely necessary to maintain the trust relationship between customers and security providers. Ongoing training and support tools are also necessary to ensure customers are empowered to make cybersecurity decisions and feel a part of the organisations’ overall security conversation.

How are we training our Information Security teams to be the expert across the exhaustive list of threat vectors?

Across the nation, there is an acute technology skills gap. This isn’t news to anybody – you only have to take a look around to see the shortage in action. According to a recent survey by Intel Security, 88% of Australian IT decision makers believe that there is a shortage of cybersecurity skills both within the public and private sectors.

A successful cybersecurity strategy involves a combination of factors: proactive detection, and investment in the right skills that enable siloed teams to identify and respond to individual patch vulnerabilities. It’s not about being able to defend against every type of possible threat. 

Instead, the focus must shift to training Information Security teams to think like hackers (or whitehats), encouraging the team to constantly innovate and brainstorm ways of breaching current security measures… and to always think one step ahead in terms of active defence.

Other Australian businesses have realised the benefits of leveraging external security providers for this task, with the specialised knowledge and relevant experience to detect, respond and report in real-time on potential breaches.

Industry stats prove it still takes (on average) 99 days to detect a breach! How can businesses quickly adopt a “patch or perish” mentality?

Globally, the average time that it takes to identify a breach and then resolve is 99 days. Across the APAC region, this timeframe is closer to 170 days. 170 days! Realistically, breach detection should be taking 24 hours, not close to 6 months.

Businesses need to be taking a more long-term approach to cybersecurity by developing graduate programs that attract the best university talent and incentivising their current IT staff to upskill. Outsourcing through a managed services provider (MSP) is another option to close this skills gap and relieve some of the pressure on over-worked, capacity-strapped internal tech teams.

Do you believe that AI and machine learning are the future of 'full-proof' security? 

While AI and intelligent machines have the ability to maximise and augment human capacity, these technologies will never be able to replace the human workforce. In terms of cybersecurity, for instance, skilled IT professionals can utilise cognition to think outside of the box – understanding how hackers work, how their strategies are evolving and how to actively defend the secure environment instead of focusing solely on prevention.

Under every cyber-attack there is a human, using technology. A “full proof” security approach needs to incorporate both elements: human and technology. Organisations using and combining the best of both worlds will likely be the ones able to get ahead of hackers when others – relying only on human skills or only on technology – will slowly lose the battle.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.