IronNet Blog

Redefining Urgency: Looking Beyond Today’s Threats Toward Tomorrow’s Cybersecurity Crises

Written by Oliver Wai | Apr 26, 2019 9:12:34 PM

A sense of urgency is the common currency of cybersecurity.  From threat surveillance and analysis to mitigation and recovery, running throughout is the notion that speed matters. And indeed, minutes count in trying to protect against the latest malware or threat actors circulating on the dark web, heading toward and into your systems.

But in this post, let’s nudge our definition of urgency to include some challenges that loom a little further down the road — trends and dynamics that may take months or even years to fully manifest, but which nonetheless pose major threats to cybersecurity.

For any organization hoping to do (and stay in) business over the long term, these are some major areas of concern:

The Challenge of Scale

The same flood of big data that drives modern business is also driving a crisis of scale in cybersecurity. Data scientists across industries struggle to reap value by analyzing it effectively for patterns and insights. That gets harder as systems scale and the avalanche of content outpaces the human ability to monitor all the data. This challenge of scale is such that 90-percent of the world’s data today was generated in just the past two years.

Nowhere is the situation tougher than in cybersecurity, where the consequences of failure are not measured in lost sales, but in lost files or stolen data, corrupted systems and even major economic or societal disruption.  Adding to the challenge is the explosion of IoT — sensors, actuators, embedded devices and other assets that are connected and vulnerable, but harder to update and protect.  In light of how lots of security tools already struggle with today’s data volumes, tomorrow’s survival requires our cyber protections can scale along with the threat.

Encryption is Eroding Signature-Based Detection

Signature-based detection algorithms were effective a generation ago, but process of using unique identifiers to guard against known threats has become quaint in a digital world that’s increasingly encrypted. Nearly three quarters of all network traffic today is encrypted, part of an upward trend that’s rendering signature-based tools obsolete.

The job of encryption is to guard traffic from detection and inspection. While that’s useful in protecting legitimate traffic, it’s a double edged sword that a threat actor can also use to evade detection while delivering malware, exfiltrating stolen data or wreaking other kinds of havoc.  Keep this in mind and you’ll see why overreliance on signature-based tools is a problem that will only grow over time.

Threat Actors Increasingly Target Social Sentiment, Not Just Data

Today’s threat actors care about more than just data; now they also care about corrupting public debate, voting behavior and other realms that rely on social sentiment and social media to share these sentiments. Look no further than the digital swarm of bots and trolls deployed to influence the 2016 elections. In order for the cybersecurity mission to continue, our security tools need to adapt to this new reality.

Some of this adaptation is already underway, as the recent U.S. Cyber Command operation to thwart efforts to in the 2018 election make clear.  But this new posture is something all companies and security teams need to adopt as well.  How can we spot fabricated user profiles amid all the legitimate ones on a retail site? How do we know the clicks an advertiser is getting are not automated?  These are the kinds of questions that tomorrow’s cybersecurity tools need to do a better job at answering.

Thankfully, for these and other emerging challenges, the right organizational steps can deliver the sound strategies and mature systems necessary to meet them. We’ll take a look at some of these organizational steps and priorities in a future post.