Discussion Report 1

profiledidosld
Thread2-The5trillionthreattonetworksecurity.docx

Article Summary: Doyin Adebowale 

The $5 Trillion Threat To Network Security–And How To Prevent It

Top of Form

As evidenced in the time affected by the Covid-19 pandemic, most of the databases of people and companies shifted to the cloud spaces. This was very convenient for people as they could access their data from anywhere, but it came at the price of their security and privacy. During the pandemic, there has been a surge in the rate of cyber-attacks that could not be monitored with conventional analyzing tools and practices. In this crisis, security incidents and event management (SIEM) come in. Many companies have been using this software for their platforms to reduce major risks to their data. Due to the increase in the shift rate to the cloud space, the surface area for attacks such as breaches in the security firewalls was increasing.

A need for updating and strategy development rose to solve complex situations. For this purpose, out-of-the-box (OOTB) SIEM was introduced to provide greater security to companies in a multi-cloud space. It made the detection of attacks and quick response much easier. The broad criteria that were set for the detection of breaches started giving false-positive results. For this problem, risk-based alerting (RBA) was made functional to detect only the threats which exceed the threshold set for the risk. This serious-threat-specific detection can reduce the time and resource consumption that can be used for further up-gradation of the system. Maintaining the structure and format of the software while also analyzing data can be laborious.

Recently, threat intelligence has been used to integrate the data and deliver the stages to the related teams. Performing the tasks related to filtering out the threats and risks manually can be very time-consuming. Also, organizations cannot hire so many employees to perform these tasks as it will not be cost-effective. The security operation, automation, and response (SOAR) is a solution to this problem. By using multiple automated tools and threat intelligence, teams can get the summarized results for analysis. Another analytic tool known as the user and entity behavior analytics (UEBA) can be used to detect the pattern and techniques of the attackers to reduce insider threats

SUMMARIZE COMMENTS BELOW

Commenter: Caleb

Top of Form

Doyin,

Your post raises a valid topic in terms of the dependance on technology though the Covid-19 Pandemic. It forced companies to allocate resources so that essential employees could work remotely. Though this was beneficial for many people, it did pose threats to organizations by allowing remote workers to access their network but thankfully, most use VPNs or virtual machines and applications. By doing this, the likelihood of a threat, though not completely eliminated, drastically decreases. I think that risk-based alerting could be beneficial to any company, but more importantly, they should always be one step ahead of the hackers so that any vulnerabilities, if any, may be reduced.

Commenter: Karan

Top of Form

Thanks for sharing this article. Network security is already a high priority for any company. I agree pandemic has not provided enough time to prepare for companies who were not practicing work from home using VPNs. Companies and the infrastructure team played a significant role in setting up the employee's environment to work from home. It also dramatically increased the possibility of security threats. Twitter is an example where top follower accounts were hacked multiple times. Companies were moving to the cloud to store the company's data instead of setting up their infrastructure because it is easier and cheaper to maintain. Companies are still trying to secure sensitive data in the internal infrastructure as much as possible, which can impact the stock price during the earnings calls. Companies must be ahead in the game of security and proactively identify and address vulnerabilities. 

 

Commenter: Levi

Top of Form

Doyin,

Your post is relevant today and will likely increase in the years to come. Many cybersecurity experts indicated that most of the attacks today are relatively simple. It is their expectations that the attacks in the future will become more advanced and sophisticated. It is imperative that companies are prepared for these attacks. As we all know, it is impossible to stop all the attacks, for they will continue to happen, but identifying them early and how they are responded to is important.

Threat actors are collecting encrypted data at an alarming rate, although decrypting it may take a long time, it has an extended shelf life, and the repercussions of that data loss may be seen in years to come. So these issues need to be addressed sooner than later. The National Institute of Standards in Technology new guidelines on to prepare and be protected with quantum-proof security are expected to be published in 2024, which some experts believe is not fast enough.

It will be interesting to see what transpires. With Russia’s potential attack on the United States, particularly, it could be devastating and costs billions of dollars.

 

Commenter: Dayton

Top of Form

Doyin, this is an interesting article, thank you for sharing. As you and others have pointed out, this is a very important topic. I think this really highlights one of the biggest barriers in cybersecurity, this is not something that you can just throw money at and have it fixed. This is an issue that needs to be approahced with great care and caution, and most of all, expertise. As the article describes, many companies are transfering their databases to the cloud, but without doing so using the industry best practices, a comnpany will be under even greater threat of a cyber attack. It only takes one crack in the wall to loose millions of dollars depending on the company. The solution does require a bucket of money to be thrown at it, but it must be thrown very carefully and with great accuracy.

Bottom of Form

Commenter: Sampson

Interesting article. Most companies, since the pandemic hit have been more dependent on SIEMs as they provide real-time analysis of security alerts generated by applications and network hardware. As operating systems and networks have increased in complexity, so has the event and log generation on these systems. In comparison, the logging of system, security, and application logs is not the only way to perform incident response. They do offer the capability to trace the activities of nearly any system or user-related movement throughout a given period.

I think it being laborious is the price to pay to ensure the finest security. Security is not always meant to be convenient or easy.

Commenter: Hyeon

Top of Form

Hello Doyin

Your article and post do show the impact of how significant the security landscape has pivoted once users began working remote and online.  It found a larger footprint and threshold into security issues that wouldn't traditionally be monitored as much or in volume.  It definitely raises the question of how our tools now need to evolve.  I can attest that in our environment and our migration into the cloud, our endpoints and more importantly, the number of data streams that come to and from the cloud, are required to be monitored in order to make sure that these instances are secured and transmitted safely.   This is why traditional SIEM and SOARs require to be updated or have algorithms/engines that can suit better to protect the cloud, cloud hybrid landscape.  I think this is one reason why big data and AI can work with existing threat assessment engines and pattern databases in order to keep up with the demand and infrastructure. Now that workforce has completely changed, we must also keep pace to change and make sure that SIEM and SOAR can quickly adapt and update/upgrade to meet demand. Threats are only going to get bigger and worse, and that $5 Trillion will grow eventually to a larger degree and the only way to mitigate the loss is to make sure that our traditional tools and security software can keep up. 

Commenter: Derek

Top of Form

Doyin, 

As you stated company's introduced new risk to their organizations by migrating their applications to the cloud. By making this move company applications and data became accessible to maliciously attach the firms. However, It's important to keep in mind that much risk existed for those individuals using physical servers as well. Previously, a natural disastor or fire could cause devestating harm to a company who didn't host their application on the cloud. Further, the time that it might have taken for an employer to physically drive to the server in order to resolve an issue might consitute a different kind of risk related to poor customer service and product availability. Company's migrating to the cloud are simply choosing which risk they would like to expose their organization to, and receiving the other benefits that can be realized by moving online. 

Bottom of Form

ADD A SHORT CONCLUSION

INTERNAL USE