Security budgets to prioritise detection over prevention

Security budgets to prioritise detection over prevention

The cyber domain is one in which things can change in the blink of an eye. Inadequate response measures can be extremely costly to a company and have long-term consequences. The region’s rapid digitisation and technological transformation, coupled with its wealth, has opened the doors to cyber attacks from a host of attackers. In the wake of smart services, mobility and the Internet of Things, the attack surface has invariably increased. From the banking and aviation sectors to government, 2016 marked another year of cyber attacks in the Middle East – something that is unlikely to change in the near future, writes Ray Kafity, Vice President, Middle East, Turkey and Africa at Attivo Networks.

 POS malware breaches will increase

On the surface, it may appear that the number of breaches affecting retailers and incidences of customer data theft are decreasing. This, in fact, is a misnomer. The number of attacks seems lower because of the lack of disclosed information, as well as the gradual shift in focus from the retail segment to others, such as travel and restaurants.

Attackers are also moving downstream and focusing more on smaller retailers and businesses, tempted by the number of target organisations available and less sophisticate IT infrastructure. The core problem around Point of Sale (POS) breaches also remains largely unaddressed. Thousands of POS systems continue to run without any form of anti-virus software because of older Windows XP operating systems and the “trust” relation system with asset management servers. With one compromise to the asset management system, malware can be distributed un-noticed to POS terminals en masse. With this compromise, attackers can also open communications to continue updating new variants of malware, commands and exfiltration of data. This is an extremely high-risk vulnerability that can go undetected for months – even years – before the breach is discovered.

This is worrying, considering that the UAE e-commerce market is estimated to grow to AED 40 billion (almost USD 11 billion) by 2020, according to Frost & Sullivan. Furthermore, with the increased use of the TOR network and the value of data sold on the DarkWeb being between $5-$30 per stolen credit and debit card, the incentive to target POS systems will remain high.

Budgets will prioritise detection over prevention

As breaches continued this year, a larger number of CISOs started considering more budget allocations towards detection systems, so that attackers inside the network could be identified and stopped. Historically, more than 75% of InfoSec technology budgets are spent on preventative solutions and their maintenance.  However, a recent survey by Pierre Audoin Consultants among 200 decision makers showed they expected to spend 39 percent of their of their IT security budget overall on detection and response within two years.  Gartner has also projected that by 2020, 60% of security budgets will be allocated for rapid detection and response approaches, up from less than 10% in 2014.

Deception technology will enter the mainstream for advanced threat detection

Gartner predicts that by 2018, 10% of enterprises will use deception tools and tactics, and actively participate in deception operations against attackers, closing the gap in detecting signature-less or unknown attacks. In 2017, deception technology will be a preferred solution for advanced threat detection. Gartner has called out deception as an automated responsive mechanism, representing a major shift in capabilities and the future of IT security. They have stated that deception is the most advanced approach for detecting threats within a network and acknowledged it as a top 10 security trend for 2015, 2016, and we predict again for 2017.

Dwell time for attacks will decrease

According to a variety of sources, malware continues to go undetected within companies for months—with some detections occurring after as many as 200 days. With more emphasis on detection technology, there will be a decrease in dwell time and an increase in the number of breaches being detected by internal teams, whereas, historically, only 1 in 5 breaches are detected internally. I predict that by the end of 2017, this number will increase to 50% of all breaches being detected internally by customers, law enforcement agencies, and other interested third parties.

 Mutual collaboration and intelligence-sharing will drive efficiency

Frost & Sullivan estimates that network security spending in the GCC will reach USD 1 billion by 2018. While this is encouraging, intelligence-sharing is as important in the campaign against cybercrime. Vendors will continue to collaborate in sharing information and on integrating their solutions, enabling the sharing of data and providing security teams with a single source of information on possible attacks.  Collaboration will allow teams to see real threats they might have missed on their own, based on a partial view of threat activity throughout the network. Operational efficiency will increase significantly, providing better detection, quick remediation, and more effective incident response at the time of attack.

Click below to share this article

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive