According to Gartner businesses could lose close to USD2.1 trillion by 2019 globally as a result of cyber attacks. This is concerning, especially in today’s society where cyber attacks are becoming more sophisticated and occurring more frequently due to the increase in potential attack surfaces.
These attack surfaces are in particular attributed to the world’s workforce having evolved to an increasingly mobile workforce. Currently, working off-premises is a growing trend even though numerous employees are using untrusted networks away from the workplace and thereby putting an organisation’s trusted network at risk.
During his recent visit to South Africa, Ahmed El Sabbagh, senior distribution manager – Turkey, Emerging Africa & Middle East at RSA, the security division of EMC, stressed on the need for a mind shift due to the fact that compromise occurs in “days or less” 84 percent of the time, while discovery in “days or less” occurs about 20 percent of the time – as listed by the latest Verizon, 2016 Data Breach Investigations Report. “This is a concern and it highlights that organisations cannot be reactive, but rather proactive and subscribe to early detection of a cyber attack. Therefore minimising the time it takes for an attacker to be within the organisation with access to important information including, intellectual properties and financial information, is the new game name for the security industry,” he continued.
“Moreover, RSA research indicates that 80 percent of security staff and budgets, activity and tools, today are focused on prevention. Monitoring and response lag, and even the monitoring spend is today heavily weighted toward ineffective, incomplete approaches while Gartner says by 2020, more than 60 percent of budget will be for rapid detection and response versus 20 percent today. This is a relief as this protection measure is more effective compared with traditional preventative measures that can no longer protect organisations, especially because they lack the threat intelligence piece of the puzzle.”
Ahmed El Sabbagh further highlighted that endpoints are the most vulnerable attack point for cyber criminals and require sufficient protection in the form of tracking and analysis of technology and user behaviour.
He said this in reference to the capabilities of the company’s RSA Netwitness Endpoint (formally known as ECAT) solution, which is part of the visibility analytics strategy of RSA NetWitness Suite. RSA Netwitness Endpoint’s core purpose is to achieve high visibility from the end point up to the cloud through to the network and data centres. It is thus an endpoint detection and response tool that employs a combination of live memory analysis, continuous behavioural monitoring, and advanced machine learning to detect new and hidden threats quicker. It also helps focus investigations among thousands of alerts, and accelerates responses by security teams of all sizes.
Anton Jacobsz, MD at Networks Unlimited, value-added distributor of RSA products in more than 20 African countries, added: “Behaviour analysis technology, is an excellent way of obtaining information data during an attack as it is available faster due to the technology’s core function, which is to monitor behaviour and collect data. However, it is also crucial to bear in mind that, to have an effective security system, this tool can be used in conjunction with other supporting technology.”