Threat Hunting

Many organisations are still lacking the adequate tools, processes and procedures to identify cyber-attacks against their organisations. Consequently, customers are often the first to learn that their data has been compromised. Not only does this cause immediate and sustained corporate embarrassment, but with little control over how the news is communicated and disseminated, this can have a devastating impact on any strategies put in place to mitigate the reputation impact of a cyber-attack and data loss.

In 2015 the average time it took for organisations to discover their cyber security had been breached was 146 days; down from 205 in 2014. While this 59 day improvement is to be applauded, it is still too long. So how to close the gap?

The biggest contributing factor to excessive delays in breach discovery is the fact that many organisations take the traditional event-driven approach to managing cyber security incidents, relying on notification of suspicious activity before undergoing any investigation. With cyber-criminals remaining one step ahead in their ability to remain undetected this puts organisations at an immediate disadvantage.

Organisations therefore need to put themselves on a war footing, and assume that they are under constant attack. By putting in place controls that continuously search for indicators of malicious activity within an organisation, coupled with a wider cyber security strategy; this could be the determining factor in closing the gap between breach and discovery from months to days, hours or even minutes.

So what do these controls look like? In truth these controls are primarily technical. Just as each of us is unique, so is each company and its underlying network structure. The most important consideration for any company is establishing what is 'normal.' As of yet we do not have...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT