Holistic and Integrated Approach using Machine Learning, Data Analytics and Threat Intelligence

29 August 2018

From the WannaCry ransomware that impacted organisations in more than 150 countries to the SingHealth cyberattack and data breach that was revealed last month, it is no secret that the volume of cyber attacks is on the upswing. 

At least one report pointed to how cyber attacks doubled in 2017, and rising concerns about cyber crime saw the World Economic Forum (WEF) listing cyber attacks as one of the top five likely events to happen this year – joining other global threats such as extreme weather events and natural disasters.

 

Adopting a Holistic approach using Machine Learning and Data Analytics

While there is no question that cyber security is no longer optional, a better approach to improving security is needed than the common practice of rolling out new security tools as and when required. Such a piecemeal practice often results in disjointed deployments that work independently of one another, and should instead be replaced with a cohesive, organisation-wide strategy for defending businesses against increasingly sophisticated attacks.

A holistic approach looks beyond tactical requirements, focusing instead on strategic goals that considers how security defences can be layered to better protect digital resources against constantly evolving cyber threats. This is ideally paired with multi-pronged data collection using strategically placed pervasive sensors to gather insights at for every part of the network, including the continuous examination of metadata and files to rapidly spot suspicious and anomalous events for swift detection and rectification.

Machine learning technology and analytics are also ideal for sieving through voluminous digital clues to identify threats or flag suspicious activities for further investigation. This is essential against the growing threat of advanced persistent threat (APT) attacks and lengthy dwell time – time for organisations to detect the presence of security breaches, which is currently pegged at an average of 101 days globally in 2017.

Analytics also plays a crucial role in minimising false positives, as an endless avalanche of alerts can cripple the ability of even the most motivated team of security professionals to identify and deflect genuine threats. Indeed, the overlooking of internal security alerts by beleaguered security personnel was attributed as a key misstep in the infamous 2013 security breach at Target.

 

A Proactive approach Requires Integration of Threat Hunting and Intelligence

Of course, an organisation’s response to new cyber threats matter. Though cyber-attacks have historically been opportunistic, the lull of making a windfall from today’s heavily digitised businesses means that attacks are often targeted at specific organisations. Given that practically all employees access some form of digital systems as part of their routine work, this necessitates adequate employee education to reduce the attack surface – and ensure that suspicious activities are picked up and reported, not ignored.

Shifting the focus from prevention to detection is another worthwhile step to take in the pursuit of holistic cyber security. Proactive security measures include penetrating penetration testsing and threat hunting. The former is designed to identify weak spots ahead of hackers, and the latter instead looks for threats already within an organisation’s cyber environment, likely having evaded existing security solutions. The idea is simple: find security breaches to quickly patch and remediate affected systems ahead of real damage stemming from a data breach.

Adopting the same holistic approach towards threat hunting entails the integration of security tools as well as the automation of threat hunting workflows to address unknown threats quickly and efficiently. Threat hunting is only as good as the data collected however, so this must be built on top of an integrated strategy leveraging the multi-pronged data collection of vital intelligence from multiple systems across the organisation.

 

Act Now for an Integrated Cyber Defence

Though digital opportunities abound, we live in dangerous times indeed. Indeed, aAnalytics data collected by StarHub has allowed us to identify a growing list of malicious sites globally, and our Security Operation Centre (SOC) observes suspicious traffic and outright attacks conducted across every industry sector including banks, firms in the hospitality industry and retail outlets every day.

To prevail, enterprises must take a step back from the siloed and limited approach of spending their limited budgets to defend against point threats, but to plan for the long haul by establishing a holistic and well-integrated defence. Against a backdrop of constantly evolving cyber threats, only a strategic approach can deliver the substantially better protection needed to adequately protect digital resources against modern threats.

Organisations that face talent shortages or bureaucracy resistance to establish a security team may want to consider turning to outsourcing their threat hunting or their SOC operations to trained and experienced external experts. With a centralised security dashboard and alerts that are automatically investigated, the result is increased responsiveness and effectiveness to defend organisations from cyber aggressors.

As a leading telecommunications provider in Singapore, StarHub are is in the position to deliver the latest intelligence to help businesses prepare for potential security incidents, and to offer recommendations and best practices to stay a step ahead of cyber attackers.

Find out how StarHub can enable secure your businesses in digital transformation. Visit www.starhub.com/cybersecurity.

 

Follow StarHub Business on Linkedin for the latest business updates.

Changing the game with cyber threat Intelligence

Enterprises are moving towards a more predictive and proactive approach on cyber security to counter the onslaught of attacks. Find out how CTI transform your cyber strategies. 

Read more
Dark network with glowing red node targeting a hacker information security 3D illustration
Cyber Threat Hunting

Uncover the hidden threats that cause costly damage to your company reputation and disrupt your business.

 

Read more
Are enterprises ready for Singapore Cyber Security Bill?

Singapore has witnessed its fair share of cyber attacks over the past few years. With the passing of Singapore Cyber Security Bill, is it sufficient to secure the enterprises? Find out more.

Read more