Every security product in the last 20 years has been built to identify attacks after they have been executed. Look no further than then one of the hottest categories in cybersecurity — endpoint detection and response (EDR) — to see the proof. By its very name, this solution is only relevant once the attack has taken place. By focusing on response rather than prevention, whether it’s 10 seconds or 10 hours after an attack, it’s too late.
The true cost of ignoring rising cyber threats and ‘being too late’ is not lost on today’s business leaders, and cybersecurity is annually rated as a top priority for company IT budgets. Earlier in the year, Gartner forecast that global security and risk management spending would exceed $150 billion in 2021, a 12.4 percent rise from the year before. And, in an October report, security firm SonicWall predicted that by the end of 2021, ransomware pay-outs will total nearly $714M, a 134% year-on-year increase.
Threat actors are successfully staying ahead of the curve by constantly reinventing themselves. Each new barrier placed in their way becomes a learning opportunity, forcing criminals to switch tactics and target companies with new attack methods and vehicles. It becomes a game of cat and mouse, but one where the cat keeps changing form, so the pursued mouse is never certain of what it is defending against.
We’ve done everything we can to stay ahead of the attack vectors and it’s not working. It’s time to rethink cybersecurity.
The Time for Prevention
The solution has been staring us in the face the entire time – though it’s been an elusive proposition. Many tools have long promised prevention, but are not powerful enough to stop the most damaging threats. Machine learning (ML)-based solutions either protect too much—slowing down the business and flooding teams with false positives—or lack the precision, speed, and scalability to predict and prevent unknown malware and zero-day threats before they have infiltrated the network.
To compensate for this shortcoming, there has been a disproportionate focus on how we can mitigate the impact when a cyber breach occurs. However, this thinking is counterintuitive. If we apply this logic to a building, we would much rather have a perimeter alarm that stops the attack before criminals reach the walls, rather than an alarm that notifies the security team only after perpetrators are already inside the building. The speed, accuracy, and computing power available with advances in deep learning have changed the game.
Deep Learning Changes the Game
Deep learning, the most advanced form of artificial intelligence (AI), has driven innovation in cybersecurity by ensuring that threats are instinctively and autonomously predicted and stopped, allowing organizations to prevent unknown malware and zero-day attacks. Deep learning-based cyber tools can identify the DNA of an attack, stopping it before it can execute on an endpoint. This approach also dramatically reduces false positives so your business never slows down, and security teams can focus on priority issues, not false alarms.
Moving forward, we will be forced to continuously reassess and evolve our approaches to cybersecurity. We previously thought we would be well protected by the mighty dollar value spent on cyber solutions, but this just isn’t the case. Attack vectors are getting broader and threat actors are getting more sophisticated. Security must focus on a prevention first mindset, rather than remediation post-execution.
Less is More
Core to taking a prevention-first approach involves stripping back the security tools that only become relevant after a breach has occurred. While it’s important to acknowledge the countless ways that criminals can exploit businesses, we don’t need to throw money at every single problem.
A comprehensive prevention strategy does not require 20 different security products. Often, even when newer, more advanced technology is available, teams will hold on to their existing solutions and pile new ones on top. But, before long, they’re left with an overly complicated, multi-layered security stack that overlaps within itself. Each investment also brings its own notifications, and it does not take long for security teams to be overwhelmed with data, yet unable to prioritize which signals really matter.
Adding more technology may feel like the best solution, but in most cases this approach adds very little value. Fewer solutions require less people to manage them, and their time can be freed up for higher-value tasks. Allocating a greater budget to cybersecurity alone is not slowing down the rise in attacks, meaning money is not always the answer. A blended approach is needed that combines people (greater training and education on risks such as phishing attacks), processes (like hardening or reduction of attack surfaces), and technology. Only when these three are in alignment can you hope to stay two steps ahead of the bad actors.