The view from the boardroom: why next-gen intrusion detection is essential to managing breach risks

It may not always have been the case, but the risks associated with cybersecurity breaches are now firmly on the boardroom agenda. In fact, the thought of malicious third parties accessing sensitive data or causing serious service outages is enough to keep any CEO awake at night.

To put it bluntly, today it’s not a case of “if” but “when” your organization comes under the scrutiny of threat actors.

It’s therefore time for CEOs to plan for this inevitability by ensuring their security teams have the right tools to give them early insight into attacks – driving fast, effective decision-making and blocking malicious activity promptly. Increasingly this means next-gen intrusion detection (IDS) powered by network traffic analysis.

COVID and beyond

If anything, the COVID-19 crisis has created even more opportunities for the cybercrime community to make money from corporate victims. The sheer effort that has gone into supporting mass remote working and, in some cases, rapidly adapting business models to stay afloat, may have created gaps for the threat actors to exploit – home working endpoints may be less well secured, IT teams are stretched, and budgets are tight. At the same time, threat actors are focusing their efforts on exposed infrastructure like VPNs and remote working tools. No organization is safe: even the hospitals battling to save the lives of patients infected with COVID-19 are coming under attack from ransomware.

Indeed, ransomware is a persistent and growing threat for 2020. Some estimates claim 121 million attacks were detected in the first half of the year alone. But these headline numbers don’t tell the whole story: it is the more sophisticated targeted attacks that are the biggest threat to organizations.

Increasingly groups steal data before deploying the malware to encrypt across the entire IT environment, including cloud-based systems. Some companies have lost tens of millions of dollars in such attacks, not to mention the potential cost of regulatory fines.

For CEOs, a serious incident could lead to critical financial and reputational damage across a wide range of areas including:

• Immediate financial impact from the cost of the ransom, hiring of third-party investigators and IT overtime, lost productivity and operational outages. Some estimates suggest global firms paid out tens of billions in ransom costs in 2019, while network downtime could be as much as $300,000 per hour
• A major reputational hit from non-compliance fines, lawsuits and bad publicity
• Long term competitive losses from IP theft and/or sensitive financial disclosures etc
• The financial cost of lawsuits and compliance fines (especially GDPR, CCPA)
• Loss of current and prospective customers following a major data breach
• Falling share price. On average, values declined 7% in the fortnight following a breach and victim firms underperform the market in the long term, according to one study

Speed and efficacy drive successful cyber breach containment

Effective cyber risk management is all about anticipating the worst-case scenario and then taking the appropriate steps to 1) minimize the chances of it occurring, and 2) ensure the organization is resilient enough to minimize the fallout if attackers do successfully breach the network.

For a CEO, the most important considerations are to preserve the corporate reputation and keep any financial damage as low as possible. Customers, employees and shareholders are not stupid: they also understand that breaches are somewhat inevitable today — it’s how you react to an incident that matters.

This is why CEOs and boards need as much insight as possible early on to make the right decisions quickly. Unfortunately, legacy security tools, especially traditional IDS, aren’t able to provide that visibility. They fail to stop unknown threats and can’t detect suspicious lateral movement once a bad actor is inside your organization. That can leave organizations blind to the potential threat in their midst, exfiltrating data and encrypting systems at will. And it can leave them struggling to make sense of what happened once they get hit with that sickening ransom note.

With no visibility, CEOs must expect the worst — that the bad guys have access to all the data they’re claiming to hold. That means potentially over-reporting to regulators, shareholders, customers and employees — further damaging corporate reputation and inviting unwelcome regulatory scrutiny that could lead to major fines.

Fighting back

To wrest control of the narrative from the cyber-criminals, organizations need next-gen IDS. Machine learning-powered network traffic analysis provides holistic visibility into sophisticated threats and malicious behavior to help spot, block and end attacks early on in the cyber kill chain. With this insight across their cloud, data center, and network edge environments, organizations can not only deflect incoming attacks but get proactive about improving resilience to future ones. That should be music to the ears of most CEOs.

To paint the picture more clearly, we’ve developed a new white paper which details a typical ransomware attack on a fictional financial services company. You’ll see first-hand the potential impact of such an attack, with and without next-gen IDS.