Cybercriminals of today are now using advanced automation tools to deploy malware with much greater speed and scale. According to Fortinet, hackers have been using automated tools to dramatically multiply sophisticated cyberattacks on critical national infrastructure, public and private sectors and governments.
“A huge proportion of exploit activity today is fully automated, using tools that scan wide swaths of the Internet, probing for openings. Modern tools and pervasive ‘crimeware-as-a-service’ infrastructure allow cyber-attackers to operate on a global scale at light speed,” reveals Gavin Chow, Network and Security Strategist, Fortinet APAC.
However, while security protocol is designed to maintain privacy, encryption is also hampering threat monitoring and detection. Research and Markets predicts the global cloud encryption market to grow from US$645.4 million in 2017 to US$2.40 billion by 2022.
“IT security teams are overwhelmed by today’s rising volume of cyber-attacks and may lack resources and expertise to respond. Furthermore, the window of response is shrinking as automated attacks could now erase their tracks within a short-time frame. Therefore, we need an automated computer system that mimics the decision-making process of a human expert to detect threats. Such controls may not remove the actual threat, but will definitely help contain or isolate the breach, thus giving the incident response team more time to respond,” Chow continues.
The sword to your shield
As automated cyber-attacks becoming more pervasive, Fortinet reveals five key tools for security leaders in Asia Pacific to unify control across all attack vectors to stop automated attacks:
A stealthier and more advanced self-propagating worm known as Mirai and Hajime, can exemplify the damage that can be done when IT teams fail to patch known vulnerabilities.
The Intrusion Prevention System (IPS) is the first line of defense for organisations. As manufacturers of Internet of Things (IoT) devices are not held accountable for security, billions of devices are vulnerable to attack, with no patches in sight. Until this is addressed, IPS is necessary to perform virtual patching and block hacks and attacks into IoT devices.
Redundancy segmentation is necessary because ransom attacks are going after valuable data. It is critical that backups are segmented off networks.
Instead of simply building a wall against invisible enemies, one should use threat intelligence solutions to understand attacker profiles and what tactics and procedures they employ, and then start intelligently defending based on that information. Prioritise security around critical assets of an organisation.
Once you understand your enemy and have built appropriate solutions, tighten up the time to defense. Use proactive solutions and look at ways to create interoperability. Most organisations have many different solutions from different providers. Strive to reduce that complexity by further integrating and consolidating existing security devices with a security framework that utilises advanced threat intelligence sharing and an open architecture.