Wednesday, 17. December 2014

Advanced Threat Protection: Making Your Business Case

We all know the attention data breaches are generating. Yet what appears to be lacking in the dialogue about targeted attacks and advanced threats are the impacts that can result, and therefore, how to frame a business case. As an example, according to a recent study published by PWC, the average cost of a data breach for a large enterprise is US$5.9 million.  Let us ponder the ramifications of this number in the context of what we all have been seeing:


•  The majority of data breaches are a surprise event
•  The costs associated with data breaches are rarely a budgeted line item
•  Given the material nature of the costs resulting from a data breach, it is reasonable to expect corollary impacts on an organization’s strategy, exposure to additional risks, and other potential impacts as adjustments are made to deal with an unexpected seven figure (or more) outflow of cash
•  Therefore, a data breach is a potentially disruptive occurrence that reaches above and beyond the loss of data or intellectual property


The point being explored here is there is much more to consider than the pure security aspects of targeted attacks and advanced threats. Given the potential for costs alone to be in the millions of dollars (such as with the infamous Target breach), the problem of targeted attacks quickly becomes a strategic business conversation. As such, some changes in perspective that may help you to come to terms with the true nature of the problem:


•  Walk a Mile in an Attacker’s Shoes: Understanding how attackers perceive your data and intellectual property, and, how they are likely to monetize it. This action will provide you with an outside-in view into your ‘crown jewels’ and,
•  Accept the Unacceptable: Fact is if your organization is perceived to have attractive sources of data, your adversaries will find a way to breach your networks without you knowing. Accept this and the fact that the means and methods attackers will utilize to access and monetize your data will stretch from the predictable to the unknown.
•  Establish Broad Detection and Early Warning Signs: Despite what some may want you to believe, in this day and age, it is no longer just about strengthening the perimeter of your network. The dynamic and expansive nature of remote devices, employees and mobile computing provides your adversaries with ample opportunities to exploit. What you need to consider is how to identify malicious network activity such as suspicious behaviour, exploits, advanced malware and command and control at and behind your perimeter. We call this 360 degrees of detection. As depicted in the image below, you cannot stop what you cannot see. Having acute visibility at the perimeter does little to help your data center, servers or other assets inside your network.


The key “business case” for establishing network-wide, 360 degree detection is readily summarized as:


•  Minimizing the ability of attackers to design and execute an attack on your network that can result in $5.9 million or more in costs
•  Avoiding additional unforeseen ancillary costs such as impacts on your brand or stock price, exposure to indemnity or fiduciary claims as well as the opportunity costs resulting from the need to reprioritize business investments given an immediate hit on your bottom line
•  Improving the effectiveness of detecting malicious activity and attacker behaviour on your network and IT assets in order to improve the efficiency of incident response teams
•  Enhancing the capabilities of existing security investments to help contain the execution and expansion of targeted attacks through sharing of threat insight


The efficacy of this business case is predicated on a critical assumption: the ability of your security team to detect what to date they have not seen. To learn more about the unique abilities of Trend Micro Deep Discovery to detect targeted attacks and advanced threats, we invite you to download our latest white paper, “How 360 Degree Detection Stops Targeted Attacks.”


Logo NSSLabs_DD_VertBadge_140401US (3) apvd