Tuesday 16 July 2019

Lindkvist: Cyber-threats have changed dramatically over
the last several years

Rethinking cybersecurity amid data breaches

DUBAI, February 25, 2019

By Soeren Lindkvist

“There are two types of companies: Those who have been hacked, and those who don't yet know they have been hacked."

With data breaches frequently making the news and causing panic among network administrators, the above quote by former Cisco boss John Chambers in 2015 certainly doesn't seem far-fetched. I don't remember a week in 2018 going by where I wasn't learning of a data breach and how sophisticated the attack was, including the recent breach of the local ride hailing app, Careem, where data from 14 million customers was stolen.

In the UAE alone, the Telecommunications Regulations Authority (TRA) reported a total of 274 cyber-attacks targeted at government, semi-government and private sector entities in the first seven months of 2018. In addition, a recent report released by IBM revealed that the average total cost of a data breach in Saudi Arabia and UAE combined is $5.31 million, a 7.1 per cent increase since 2017. The report also showed that that the root cause for 61 per cent of breaches in both countries is malicious or criminal attacks.

The consequences of a data breaches are far-reaching, and it should come as no surprise that information security is the top concern for all C-level executives of companies today. Some of these companies are embracing cloud-native initiatives which have improved organizational agility, reduced products' time-to-market, and levelled the playing field with respect to computational power. However, they lose visibility into the expanded environment, causing concerns over whether they can adequately secure their cloud environment the way they would their traditional network.

These well-founded concerns are understandable. Traditional network security solutions being used in combating the current cyber-crimewave have only increased the complexity and risk for businesses. Fraudsters have amped up their phishing techniques to deploy sophisticated malware on network devices (human controlled and otherwise) as part of ransomware campaigns, steal sensitive data, or other criminal activities.

Business and IT leaders must think about cybersecurity in a completely different way. Cyber-threats have changed dramatically over the last several years. The problem is that most organizations rely on old-school concepts and strategies that have not kept pace with the profound technology changes we’re witnessing. They’re attempting to use a 20thCentury security model in the 21st Century. So, the first step is to recognize a need to change.

We should always remind ourselves to build in ways to prevent any data exfiltration to unauthorized sources in our network. As an analyst famously said, companies need to move away from the idea that it’s critical to focus on everything coming into a network as it is far more important to keep an eye on what's travelling out of the network. Today, malicious actors aren't interested in scaling the castle wall and capturing the flag. They want to exfiltrate the flag.

Companies have typically leveraged endpoint solutions in addition to other network elements to protect against malware used for that purpose. However, in combating the cyber-criminals of today, companies need to embrace a defence-in-depth security strategy where all network layers used in accessing data should be secure and this includes the DNS layer.

DNS is an often overlooked layer for security and yet, is integral to network functionality. It's the protocol we use to locate resources on a network. We use it to access our favourite websites, whether news or social media. We use it to access the printers or storage devices, when accessing the security cameras in the data centers and even to send emails.

It's also used by unsuspecting victims to access phishing websites from where malware is downloaded. It is also used by malware to locate control servers on internet. These servers could serve as destinations of data stolen (also using DNS protocol) from digital assets inside companies. These servers could also be used to download keys used to encrypt digital assets as part of ransomware activities.

And so, it's wise and imperative to secure the DNS layer as part of a defence-in-depth security strategy. As a security control point, DNS layer security offers a proactive way to uniformly and immediately block malicious domains and communications for all of your users, whether they are on or off network. It can also deliver lower latency, fewer broken sites and apps, and improved network performance.

Akamai’s Enterprise Threat Protector (ETP) solution is a Secure Internet Gateway that is really about advanced threat protection in the cloud for all your users everywhere and using that as your safe onramp to the internet. ETP uses multiple layers of protection -- DNS, URL, and inline payload analysis -- to provide security with reduced complexity and without impacting performance.

Companies simply need to direct their recursive DNS traffic to Enterprise Threat Protector global servers where all requested domains are checked against Akamai's real-time domain risk scoring threat intelligence. Safe domains are resolved as normal, malicious domains are blocked, and risky domains are sent to a smart selective proxy where the HTTP or HTTPS URLs are inspected to determine if they are malicious. The HTTP and HTTPS payloads from risky domains are then scanned in real-time using multiple advanced malware-detection engines.

ETP improves security defences. It reduces security complexity and increases the efficiency of security teams.

Companies need to face the inevitability of data breaches and prepare themselves with the adequate cybersecurity protections – it’s not a matter of if, it’s a matter of when.

About the author

Soeren Lindkvist is vice president EMEA Carrier Division & managing director Middle East Region at Akamai Technologies, a global content delivery network and cloud service provider.


calendarCalendar of Events