In Australia, the adoption of cloud computing technology has become a ‘when, not if’ question.
More than 40 per cent of local businesses now use public cloud services, according to a survey (https://www.abs.gov.au/ausstats/abs@.nsf/mf/8167.0) published by the ABS in 2019. Gartner has predicted the country’s collective spend on the technology could reach $8.1 billion this calendar year (https://cfotech.com.au/story/gartner-cloud-services-market-to-reach-266-4b-in-2020)
The investment in Internet of Things (IoT) with its promise of accelerating business operations and the cloud continues to grow – the latter accelerated of late by the COVID-19 pandemic that has exponentially increased remote working.
Keeping infiltrators at bay
But wither the cyber-security provisions to safeguard these rapidly evolving and increasingly complex corporate networks? New research from ExtraHop indicates organisations, in Australia and around the world, are finding it a challenge to keep up.
Fifty-nine per cent of respondents to the 2020 SANS Network Visibility and Threat Detection Survey (https://www.extrahop.com/resources/analyst-reports/sans-network-visibility-and-threat-detection-survey/) sponsored by ExtraHop, stated a lack of network visibility posed a high or very high risk to their operations. The flow of data across the network – east-west traffic – appears especially opaque, with just 17 per cent of respondents stating they had high visibility into this lateral flow.
Meanwhile, the threat posed by insufficiently stringent network security is real and rising – almost two thirds of survey respondents reported experiencing at least one compromise over the past 12 months.
That’s a sobering statistic, given the economic and reputational fall-out that can result from a significant cyber-security incident. The average cost of a data breach to an Australian business was in excess of $3 million in 2018-19, according to Ponemon Institute research.
Equally sobering was the finding that it took Australian businesses an average of 200 days to identify a breach and a further 81 days to contain the threat.
Securing the infrastructure that keeps Australian businesses in business
Improving visibility across the network can eliminate blind spots and provide security teams with the situational awareness they need to identify, investigate and respond to potential breaches within minutes and hours, not weeks and months.
Endpoint detection and response (EDR) and Security Information and Event Management (SIEM) solutions are the default cyber-security platforms for enterprises seeking to mitigate the risks associated with a decentralised, cloud-first computing model.
Both, however, can’t tell the whole story. Endpoints can be tampered with and it’s difficult to have 100% coverage while log data may be disregarded if it’s too abundant, or the source of an excessive number of false alerts.
Network data is considered the ground source of truth and can be used to enhance the effectiveness of EDR and SIEM solutions by making it easier to identify false alarms and validate the severity of potentially dangerous incidents. Network Detection and Response (NDR) passively monitors network data to provide the missing link for an organisations security defences. For security professionals who need to take a more proactive approach, NDR provides them with the intelligence they need to hunt down emerging threats, rather than merely reacting to them.
Monitoring and analysing network data can, however, be a challenge for the many enterprises where time and skilled staff are both in short supply. In this case, organisations should look for solutions that automate processes to enable their analysts to focus on what is most important.
Protecting the solutions that will drive growth in the post COVID-19 era
Business Australia’s embrace of cloud, IoT and mobile computing is likely to accelerate in coming months and years, as enterprises look for efficiency and productivity gains to help them recover from the economically devastating aftermath of the COVID-19 pandemic.
Improving the visibility and security of the complex networks must be a priority for businesses which hope to reap the benefits these technologies can deliver, without exposing themselves to significant new risks in the process.