Can an automated defence network protect Britain from low-level threats?
A recent Freedom of Information request found that the number of breaches reported to the ICO in the last 12 months has nearly doubled from the previous year, so something clearly had to be done.
The plans announced by Ciaran Martin, chief executive of the NCSC, for a more automated defence network to protect Britain from low-level threats are certainly a step in the right direction.
Although these threats in themselves can range in their level of sophistication, they can still cause organisations to be overwhelmed by the sheer volume of threat alerts they trigger. This can lead to more serious or insidious threats going unchecked, which can give more sophisticated hackers a far easier ride.
Dealing with the volume of low-level threats is still just one part of the puzzle; organisations remain at risk from more targeted attacks and insider threats, which the new “Great Firewall of Britain” could do little to solve. As such, organisations themselves still need the capability to triage those threats that do still make it through, so they can identify the most serious and prioritise them accordingly.
If security systems can automate the process for diagnosing and even stopping basic attacks and offer diagnostic information, case files and guidance on how bigger, and more dangerous, threats should be mitigated, the security team can also use their time more wisely, to focus on identifying long-term fixes to ensure their systems are as resilient as possible.
Businesses also need to consider that it will soon become impossible for IT teams to manually monitor all the connections in use across the enterprise due to the rise of IoT and an increasing number of devices on networks. As such, they should be thinking about alternative ways of monitoring their systems – which take into account the huge array of ways in which IoT might soon be used in the office.
From Fitbit activity trackers to Apple Watches, employees could introduce any number of devices to enterprise IT systems. The risk is that IT won’t be able to secure every new connection and they probably won’t even know the device is there until it connects.
Businesses might easily think they are fighting a losing battle when it comes to cybercrime. Yet with the right approach in place, they stand a solid chance of defending themselves against the myriad of threats out there in a more effective way than in the past. By monitoring system behaviour and looking for suspicious anomalies, security teams can stop the majority of attackers in their tracks before they do any serious harm. Coupling this with intelligence and automation can enable a more effective and timely response.