Security analytics for cyber-fraud prevention

Businesses owe it to their customers to have the technical solutions to combat cyber attackers, says Darren Anstee, director of solutions architects at Arbor Networks


Almost every day, the news contains reports of businesses being compromised by cyber threats. Often, when intellectual property or customer information is stolen during an attack, this data can be used to carry out, or assist in, fraudulent activities.

When this occurs, customers can accuse organisations of inadequate preparation and lack of care, and there can be significant cost and reputational impact. When it comes to dealing with cyber incidents – whether an intentional or unintentional breach – it is important to be as prepared as possible. But is this actually the case in businesses today?

Research conducted by the Economist Intelligence Unit and sponsored by Arbor Networks has shown that nearly three quarters of companies don’t feel fully prepared should a cyber incident take place. The two top areas of concern are an organisation’s ability to predict the business impact of an incident accurately and their ability actually to detect an incident within 24 hours of it occurring.

The same research also shows that organisations are experiencing more cyber-security incidents now than in previous years and board-level executives are beginning to understand both the consequences of a successful breach and the increasing likelihood that this will occur. Security, risk and compliance should now be a concern for everyone within an organisation, from board level down.

So, how are businesses falling victim to cyber attacks? Well, when it comes to security, there are two types of organisation: those that have already been targeted and those that will be targeted. In the past, some organisations have simply assumed that the worst will not happen to them and just under two thirds of organisations actually have an incident handling plan or team in place. This does appear to be on the rise though, which is encouraging.

Putting plans and training in place is hugely important to an organisation’s ability to respond. People and processes have a significant part to play; educating employees on the types of threats that are out there and how to spot them can be extremely helpful. Regularly exercising incident handling plans and teams is also crucial, but multiple research reports have found this is often something that is overlooked.

One key question that many ask is how do attackers actually get through the defences organisations have in place: are businesses simply not taking this seriously enough? The issue here is that securing a modern network and service architecture is not simple. We all take for granted our laptops, palmtops, extranet access to business partners, cloud services, home-working and so on, but all these things make it much more difficult to fully control data and security within an organisation. And that is before you even start to consider the complexity and sophistication of the tools and techniques now available to hackers.

Analytics solutions are becoming an increasingly important tool for incident-handling teams

People are a key weak point, with mediocre passwords, phishing and watering hole-style attacks continuing to be successful in giving attackers a foothold within businesses. Once an attacker is inside they can often remain there undetected for a lengthy period. Organisations have traditionally focused their security on preventing threats from entering their networks and the whole area of prevention versus detection has become a hot topic within the security industry.

Organisations are now starting to look at how they can be quicker in detecting threats that have made it inside their networks and through their defences – as this is something we should now expect. Traditional security architectures tend to involve layered solutions at the organisation perimeter; once a threat has made it through this perimeter many organisations have very limited threat detection capabilities. Security strategies are changing though and experience is driving organisations to focus more on being able to detect and analyse threats that are already inside their networks much more quickly.

One issue here is that the skills to analyse threats can also be in short supply in many organisations and leveraging specialist services to augment internal resources is becoming increasingly common. Solution vendors are aware of this skills shortfall and have made tools available that are more graphical in nature, fewer screens full of columns, rows and so on, making it easier for specialists to spot trends as well as unusual or suspicious activities over longer time frames.

Analytics solutions are becoming an increasingly important tool for incident-handling teams. These solutions allow visibility into network traffic and user activities spanning days, weeks and even months, and the best of these solutions allow the user to navigate through all this information in real time. These solutions can drastically speed up both the identification of a problem, its investigation and the resolution, minimising the impact to a business and reducing the risk that attackers will make off with customer data or business intellectual property.

Cyber attacks are now a threat for all organisation types and being prepared is key. Having the appropriate technical solutions, which make the most of available resources, is important, but so is training and process implementation. Looking again at the research by Arbor Networks and the Economist Intelligence Unit, two thirds of surveyed organisations felt that being able to respond well to a security incident could actually enhance their business reputation – more than that though, being able to respond well is something businesses owe to their customers.

For more information please visit www.arbornetworks.com