Cybersecurity better be safe than sorry

Covid-19 subjected us to the rapid, global spread of an infectious disease for over two years. Our era seems to be quite keen on pandemics so to speak. Indeed, there is another pandemic that is developing and spreading just the same and that is wreaking havoc across the globe. Again, this is not and epidemic but truly is a pandemic in that the whole world is affected. The viruses are very aggressive, very contagious, and there are many clusters. Many people are affected by the symptoms of this disease, which can be fatal for those who are not protected. This is the cyber crime pandemic.

Deciding to use the word “pandemic” when referring to this phenomenon is not an overstatement. It is actually a contagious disease that has spread across all continents, a disease in the form of viruses or malicious techniques that hackers with no qualms (and that’s a pleonasm) inoculate into IT systems of companies and organizations that are detrimental to society in general and the economy in particular (phishing, spyware, ransomware, malware, etc.).

Basic protective measures aren’t enough and when it comes to SMEs they are usually not geared to fend off cyber attacks or feel that they are too small to be targeted by hackers.
The basic protective measures often prove to be ineffective, especially for SMEs that are often inadequately equipped to fight cyber crime or feel they are too small to be targeted by hackers, or have some kind of cyber protection solution that fails to measure up to the slightest cyber attack.

Desperate times call for drastic measures…  

There is a lot of talk about “remediation” in cybersecurity. Remediation is akin to therapy. As the term suggests, “remediation” is indeed a kind of treatment to balance out or address the health issues of a given system – in this case a security breach. Remediation comes from the Latin remedium, which means “remedy, medicine,” which in turn is derived from mederi “to care for, to treat.” Hence, remediation after an attack is applying the right remedy to get rid of the symptoms and cure the illness caused by a malicious attack, thereby limiting the damage caused.

Does that mean that experts in remediation are qualified doctors to treat systems?

If remediation means curing a disorder, then the remedy logically follows the onset of the illness. We take action only after the attack has taken place. But we don’t usually get the expected results. What usually happens is that we do not really solve the problems thoroughly. It is more like sticking a band-aid on a wooden leg. Although they do generate significant gains for those who market these “remedies”, these solutions do not completely eliminate the risk they are supposed to treat. For example, the processes that consist of automatically destroying suspicious activity, do not provide insight into the nature of the threat or the breach itself. And so, there are no real remedies for cyber attacks if you are unable to identify the nature of the threat. Moreover, none of these processes can guarantee that the threat gets completely eliminated. In fact, the hacker can even design an attack where he figures out a way to remain in the system even after having these processes have been run: an attack can be designed to conceal another one that is set up and ready to get activated, that is much more devious and undetectable because it is concealed. And finally, the ways that are used to “remedy” the situation after an attack, often overlook an essential fact: there is an average of 167 days between the moment when a cyber crime is committed and the moment it gets detected according to the French National Agency for the Security of Information Systems (ANSSI) and the Association for Enterprise Risk Management and Insurance (AMRAE). And, according to several Mimecast studies, more than 60% of security breaches in 2019 remained unnoticed until at least a month after they occurred. That gives hackers plenty of time to go about their business completely under the radar.

So when we are looking for a cure or remedy after a virus attack that is well thought out, it turns out that the « after-the-fact » therapists aren’t really that good at guaranteeing the security of our information systems.

The Virtual Hacker: seeing and doing things differently, a real path to success

If we are looking for efficiency and security (“security” after all is part of the term “cybersecurity!”), it is therefore perfectly normal to adopt a new approach to deal with these issues.

Rather than taking action once the damage is done, wouldn’t it be wiser to take action before it happens by proactively preventing cyber criminals from attacking? This is what Chinese medicine has taught us since ancient times: preventing diseases is the best way to stay healthy. It is better to be safe than sorry. And it is the same for cybersecurity: rather prevent an attack by checking for vulnerabilities and system flaws rather than having to try and remediate once the damage has been done.

If indeed we take action after the fact, once the damage is done, are we really thinking “security?” Efficient and active cybersecurity is in fact all about cyber prevention.  

Taking preventive action is therefore what needs to be done. Turning oneself into a hacker is the way to go. The general idea here is to automate surveillance schemes in order to detect and flag our system vulnerabilities before a hacker does.

Latest state-of-the-art technologies, that are prototype-based and highly responsive, designed to detect vulnerabilities in the military and government, enable this: online scanners that flag vulnerabilities of infrastructures, assessment tools to measure the cybersecurity maturity index of companies, raising cyber security awareness through campaigns, running penetration testing to check for exploitable vulnerabilities, and so on. Coupled with Artificial Intelligence and Machine Learning, these robots monitor the Information Systems at all times, without interruption, even when there is no record of a breach.

Through uninterruptible monitoring procedures, these state-of-the-art devices are constantly analyzing flows, looking for any glitches or anomalies that could suggest a security breach.

This scanning process is dynamic as it runs tests and conducts mock cyber attacks regularly to ensure that systems are always on alert and benefit from the best cyber protection possible.

In order to protect against future attacks and breaches in the most efficient and rational way, these innovative technologies are designed to learn from the past and factor in their “experiences” so that they build on and reinforce their protective capability. With a much larger scope than the traditional security products, these robotic solutions protect against malware while learning about new attack patterns in real time via Machine Learning. They scan each application system daily for new vulnerabilities and automatically update those systems with new patches, so protection remains consistent and effortless.

These new generation tools come down to having virtual hackers watching over systems without interruption. And, that never sleep!

With that perspective in mind, the term cybersecurity takes on its real meaning. With this proactive automated approach, the cure comes before the disease and becomes the antidote.

One might wonder about the cost of such solutions. At first glance, the expected investment for such a proactive approach may seem considerable. Yet, at the end of the day, these solutions turn out to be much more cost-effective than post-attack care and recovery options.

Indeed, when companies large and small need to “clean up” after an attack, they suffer financial damage: hiring security consultants, “brand loyalty” specialists, and legal and public relations professionals. When an SMB has its back to wall and needs to fix a breach after an attack, the average cost of such an operation totals around 26 000€. In contrast, those that take a proactive approach by investing in security monitoring, response plans, financial protection and hiring vulnerability remediation specialists before an attack hits them can likely avoid the additional expense and hassle of seeking out these specialized services in the midst of a crisis, and can emerge virtually unscathed.

So hacking yourself before hackers do is I guess a new version of the idiom, “If you want something done well, do it yourself.”