+
EDITOR’S QUESTION
STEPHEN MOORE,
CHIEF SECURITY
STRATEGIST AT EXABEAM
/////////////////
M
odern cyberthreats are not simple
to defend against. The biggest
change in recent years has been
a shift towards more targeted and more
advanced attacks that traditional security
systems struggle to detect.
Cybercrime is changing because the cost to
conduct the crime is falling, while profitability
for cybercriminals is rising. For example,
usernames and passwords can now be
purchased on the dark web. Malware simply
steals passwords by logging keystrokes or
grabbing the hashed password from memory,
regardless of the password complexity. Once
this happens, the hacker is getting in.
The theft of IDs and passwords is by
far the most common goal for today’s
cyberattackers. Valid credentials, especially
when federated across many platforms,
really are the keys to the kingdom.
Once an attacker has them, they have
a legitimate means to access files and
databases at will. To become aware of and
stop such cases, businesses need to be able
to detect unusual use of valid credentials –
with easy and non-heroic work.
This is why behavioural analytics has grown
so quickly over the last couple of years. It
can help combat insider threats by notifying
the security team when someone is doing
something that is unusual and risky – even
www.intelligentcio.com
out of context, both on an individual basis
and compared to peers.
For example, if an employee begins moving
around the network accessing multiple
fileservers and databases for the first time
and nobody else in his/her department has
done so, it can be an indicator of a stolen
– but valid – credential. Ensuring that the
password is more complex doesn’t help.
With behavioural analytics and Machine
Learning, this actionable information about
these cases should be available in a couple
of clicks; not after a day of queries. n
“
CYBERCRIME
IS CHANGING
BECAUSE THE
COST TO CONDUCT
THE CRIME IS
FALLING, WHILE
PROFITABILITY FOR
CYBERCRIMINALS
IS RISING.
INTELLIGENTCIO
35