Proactive approach needed in today’s cyber-crime environment

Companies are right to be on high alert, says Jamie Miller, president and CEO of cyber-security solutions company Mission Multiplier. “The appetite or the allure to get information is only growing, and the ability for those adversaries to actually penetrate your networks is becoming easier and easier through advanced technologies,” Miller said.

The first half of 2019 witnessed more than 3,800 publicly disclosed breaches exposing 4.1 billion records globally, according to a research report by Risk Based Security. The number of reported breaches increased by 54 percent compared to the first half of 2018, and the number of exposed records went up 52 percent, indicating breaches are continuing at a “breakneck pace,” the report states.

“I can guarantee somebody has been somewhere on your network they shouldn’t have been,” Miller warned. “It’s a matter of figuring out how to protect that key information you have and make sure it doesn’t get in the wrong hands.”

Firms should get a third-party risk assessment done at least annually or even every quarter, depending on the industry. This will help them gain a better appreciation for what their existing security function is doing now, what it needs to be doing, and how to align it with industry-specific best practices.

A third-party risk assessment would entail “a governance aspect, where [the assessor] would review a company’s existing set of policies against whatever the compliance drivers are for their industry relevant to cyber-security,” Miller said. “In addition, there would be a technical review of the company’s architecture to assess security controls from a technical perspective.”

“I can guarantee somebody has been somewhere on your network they shouldn’t have been. It’s a matter of figuring out how to protect that key information you have and make sure it doesn’t get in the wrong hands.”

Jamie Miller, President and CEO, Mission Multiplier

 

A technical review normally includes some type of penetration test. In the end though, a company’s weakest link is its people. “It’s not because they’re uneducated, incapable, or using the wrong tools. It actually is because we’re all irrational actors,” Miller explains. Consequently, phishing attacks are currently the biggest issue facing organizations around the globe.

Supply-chain breaches are also massive, as hackers zone in on the paths of least resistance. “They look for pivot points—the supply-chain companies that are working with those organizations—because those [supply-chain partners] are smaller organizations. They’re probably less well-funded, and they probably don’t have security controls as mature as the bigger, target organizations,” Miller said.

Technological cyber-solutions intended to drive behavior change through the nexus of data analytics and behavioral science are available now. Miller’s firm is rolling out a solution called MARS Suite that aggregates disparate data from a company’s tools and technologies and uses a custom algorithm to prioritize and present that dataset in a risk economy. The economy scores people in different component groups, creating transparency employees’ risk management profiles.

“It’s a dynamic system where you’re incentivizing the right behavior with risk scoring and prioritization of the data through data analytics,” Miller said. “Now, [employees] are not beholden to their irrational behavior.” Thus, the cyber-security game is changing as the focus shifts more heavily onto the individual and their decision making. Training employees remains a critical component of a security program too.

Taking a purely defensive stance on cyber-security isn’t going to cut it anymore, explains Miller. “The enormity … and dynamic nature of threats is going to be the issue,” he said. “The solution will be leveraging AI to take that volume and all those different patterns to come up with a way to predict what’s coming and protect ourselves instead of just react.”

Miller also has advice on what to do when you realize you’ve been hacked or that a breach is in progress. “Call somebody in that will take that terminal to an offline environment, a sandbox environment,” he said. “They will go on your network and see if there’s any activity or indicators for what happened.”

And don’t touch any files: “If you start closing and deleting stuff, the ability for [solution providers] to go back in and do forensic analysis around what happened, who came in, and what they did becomes more and more difficult,” Miller said. “Leave it as is and make the call immediately.”