Cyber threats are one of the biggest and most complex challenges Australia faces today.
Malcolm Turnbull’s recent announcement on Cyber Security Strategy, outlining the government’s philosophy for meeting the challenges of the digital age, was encouraging. The strategy shows Australian policy makers are making the right move by dedicating resources to combat this threat.
While the online world has opened up huge opportunities, the harsh reality is that Australia’s critical infrastructure faces cyber attacks every day. And this goes far beyond the Government, as cyber threats touch all of us, from the public sector to private businesses (large and small) and every individual clicking through the Internet.
Sophisticated cyber adversaries are continuously upping their game and changing their techniques in an effort to circumvent our current defensive measures. The likelihood of a critical breach depends not only on how prepared we are today, but also whether we continue to evolve our networks to keep pace with attackers. Putting the data within an organisation into use to tackle these threats before they escalate is a crucial step in this process.
Organisations at risk
The recent ‘International Trends in Cybersecurity’ report by CompTIA found that 63 percent of Australian organisations have suffered at least one security breach in the past year. This alarming figure clearly demonstrates why increased emphasis on tackling the issue is desperately needed.
Barely a week goes by without some unfortunate organisation making headlines as a result of a serious breach. In this turbulent landscape, we need a clear strategy regarding how we prevent threats and importantly, how we detect and respond to them once they have got inside our organisations.
Having a comprehensive understanding of what’s in front of us by turning data into usable, contextual information, is the only recipe to detecting the anomalies that give these threats away before they manifest into a full-blown data breach.
Data-driven approach to security
Fortunately, we’re seeing more and more Australian organisations instrumenting their whole IT environment for better visibility, enabling them to build another layer of protection for faster detection and remediation of breaches.
Instrumenting the organisation means collecting data and logs from a vast set of sources and indexing them to be readily accessible for analysis. In other words, these organisations are refreshing their security technology stack to anchor their operations and command centre for advanced threats through a data platform.
We call this ‘analytics-enabled security.’ And it is enabling organisations to piece all critical elements together to gain a holistic view of their security standpoint.
Analytics-enabled security is a simple concept for businesses to grasp. But colleagues across departments must work smarter in order to better understand what their data is telling them. When it comes to security, the more data, opinions and expertise, the better.
Threats inside the ranks
As the Cyber Security Strategy points out, often the most damaging risk to Government or business online security is not ‘malware’ but ‘warmware.’ This means the ability of an insider to cause disruption to a network or obtain and distribute classified information through legitimate access but unauthorised disclosure.
The rise of insider threats is very real. As companies grow and the data they create expands, it’s becoming easier for these dangers to emerge within a company’s network.
That is, unless companies can effectively analyse their machine data – from security devices to network data, application usage, logins, badge swipes, and so on – to bolster security.
The key is being able to analyse machine data in real time to uncover anything anomalous. The barrier for most companies is an operational one. This kind of approach requires a strong commitment to logging, analysing and correlating data from across the whole IT realm. It’s the only way to spot anomalies.
To give you an example, an anomaly could be something like repeated access requests to classified information by an employee who has recently handed in their notice. Finding these types of anomalies is the only way to spot modern threats, which don’t conform to the rules-based approaches of many security strategies.
The Cyber Security Strategy rightfully notes that if Australia is to fully grasp the social, economic and strategic benefits of an increasingly digital world, we cannot allow cyberspace to turn into a ‘lawless domain.’
Therefore, bulletproofing our cyber security defences is a critical element of our prosperity in a global economy. And deploying advanced analytics is a key part of the puzzle to give public and private organisations a substantial advantage in detecting and preventing data breaches before these attacks lead to that critical breach.
About the author
Simon Eid is Country Manager – Australia and New Zealand at Splunk