Opinion: Why agility matters in the war against cybercrime
Article by Endace EMEA senior director James Barrett
Business agility has long been vital for competitiveness. It drives everything from developing a customer base to capitalising on new opportunities. But as companies generate huge volumes of valuable data, the reality is that most are constrained by hardware solutions and lack of agility, rendering few able to respond to emerging cyber threats anywhere near quick enough.
Meanwhile, hacker’s agility remains unrivalled. Verizon’s 2015 Data Breach Investigations Report found the median time it takes for a phishing campaign message to get its first click was 82 seconds, while 60% of phishing attacks are able to compromise an organisation within minutes.
It’s proof of exactly how important agility is becoming, with evidence showing that the faster a data breach can be identified and contained, the lower the resultant costs. The 2017 IBM Cost of Data breach study showed strong correlation between the speed with which an organisation can identify and contain data breaches and the financial impact of the breach. Research results showed that in 2017 the average number of days taken to identify a data breach was a staggering 191, and while the cost of data breaches varies from country to country, the average total organisational cost of a breach in the United States was, for example, $7.35 million.
Note that this number doesn’t include post data breach costs, including the cost to notify victims. Soon, with the advent of GDPR and other similar regulation worldwide, businesses will have a maximum 72 hour window to understand what has caused the breach, whether it has been stopped, how much data has been lost and inform any individual affected from staff to shareholders. It’s enough to make a company anxious about agility.
Preparing for an unknown future
From a corporate perspective, the definition of agility is changing. It is no longer solely about responding quickly to attacks, but also around the ability to continue to evolve security capability and keep ahead of the attackers - which includes the ability to deploy new solutions or upgrade solutions quickly.
Companies trying to defend their networks from cybercrime are finding it increasingly harder to build defences that are agile enough. This is because the majority of security solutions are still being deployed as hardware appliances, which are expensive to buy and maintain on the basis that they are often single function or a single vendor vertically integrated solutions.
Other issues include the time needed to deploy and configure hardware solutions due to the need to raise budget, evaluate vendors, do proof-of-concept, purchase, deploy and configure - all of which can take months. Due to the nature of the CapEx cycle, these products are automatically given a limited budgetary lifetime too, generally being given little more than five years before being written off.
Agility by way of virtualisation
For a business to be truly agile when it comes to security, the need to move beyond hardware is paramount. Businesses need to look to virtualisation the same way they have with datacentres, where it has helped companies to remove the overhead of managing many individual hardware-based servers. From an analytics point of view, virtualisation can do the same thing, removing the need for expensive hardware, and facilitating the delivery of analytics solutions that collect packet data.
With packet data, companies have access to the definitive evidence of breaches, suspicious activity or network performance issues. This helps not only reduce unplanned downtime, but gives every cybersecurity team the ability to investigate a threat or a network performance issue quickly and conclusively so that they can respond appropriately.
How quickly and accurately businesses are able to respond to attacks is not a nice-to-have, but fundamental to competitiveness on a global scale and, if it isn’t number one on the boardroom agenda, it should be.