The case for forecasting cyberattacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.usatoday.com/story/cybertruth/2014/01/08/the-case-for-forecasting-cyberattacks/4373651/

One of the biggest challenges in cybersecurity today is that despite the
evolving nature of attacks and vulnerabilities, corporations, government
agencies and other organizations tend to base protection largely on
historic threat reports and other dated information.

What the past reveals is relevant, but in the complex security realm,
overreliance on historical data does defenders a disservice by fostering
security postures that become rooted in the past instead of what is
happening right now.

Recent data from Mandiant states that 96 percent of data breaches are
uncovered by third parties - not internal security teams - and that
victimized organizations are breached for 416 days, or about 13 months, on
average. If business, government and other organizations continue managing
security with mostly historic information, it is unlikely that this 13
month gap will shrink anytime soon.

In light of this challenge, the time has come to empower overtaxed security
staff with actionable cyber security intelligence achieved through a
"threat forecasting" approach to protection. Simply defined, threat
forecasting focuses on understanding what's happening on the attack
landscape and which threats expose specific organizations to the most
severe danger at any given time.

Forecasting is essential for understanding any type of risk and threat
forecasting brings remarkable advantages in cyber security. To adopt and
benefit from this proactive approach, organizations need to first determine
what kind of early warning intelligence they can readily acquire and apply.

For example, a forecasting view that gathers data from decoy networks set
up to draw attackers' interest and quietly catalog their inbound exploits
can reveal telltale signs of new attack patterns before they reach crucial
business systems.

Other valuable forecasting insights can be found by studying security
products already deployed in organizations' existing cyber defenses in a
new light. As I have discovered in regular testing, even vendors' latest
next-generation firewalls and intrusion prevention technologies, for
example, can be bypassed by known exploits targeting vulnerabilities in
browsers, multimedia and other common software.

Testing products' effectiveness against known, "real world" attacks can
forecast where even layered product combinations can let malicious activity
slip past. This yields valuable visibility into where security teams might
need to replace or retune tools, or take other pre-emptive action.

Fresh approaches to threat forecasting can lessen the prevalence of
cookie-cutter security programs by tailoring activities to cut through the
clutter of reports, leads, and gut instincts clouding security
professionals' decision-making. Regardless of any threat's intensity, what
matters most is knowing whether it's merely interesting – or imminent.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.