This is the final installment of our four part series on The Industrialization of Hacking. Previously, I discussed the risks and opportunities the Internet of Everything introduces for hackers and businesses, the cybersecurity arms race, and attack chain.
So what’s an organization to do to protect itself? For starters, they need to accept the nature of modern networked environments and devices, and to understand how attackers think. They should assume they are in a state of persistent infection requiring “continuous response.” As stated in Cisco’s 2015 Annual Security Report, as organizations embrace BYOD policies, cloud computing, and mobility initiatives, gaining visibility, improved context into connected users and devices, and effectively enforcing security policies becomes more imperative. Cisco security experts predict that CISOs will increasingly turn to more sophisticated endpoint visibility, access, and security control solutions to manage the complex web of connections among users, devices, networks and cloud services.
In addition, organizations need to employ a threat-centric and operational security model that is focused on the threats themselves versus just policy or controls. Organizations need to look at their security model across the extended network and the full attack continuum—before an attack happens, during the time it is in progress, and after it gains access to the network. They need to be able to respond at any time, all the time.
The Industrialization of Hacking is not about to slow down. As the IoE continues to expand, Cisco estimates as many as 50 billion devices will be connected to the network by the end of the decade. In this brave new world of ubiquitous connectivity, information security is foundational to enabling organizations to achieve maximum value from these connections and must be a top priority. Small wonder Gartner Group predicts a surge in worldwide information security spending, from US$62 billion in 2012 to US$86 billion by 2016.
Despite the Industrialization of Hacking, organizations are far from powerless. Technology has advanced so that defenders can become faster, more efficient, and more effective in countering these attacks. Today, they have access to dynamic controls to protect against threats wherever they manifest – from the network to the endpoint to the cloud.
View past installments of The Industrialization of Hacking series: