Fighting in the dark without night vision googles


23 July 2014
Chuan Wei Hoo of BT Advise Assure

The key cybersecurity issue facing data centre operators today is the lack of knowledge to respond and the capability to respond to security incidents. There is a lot of information generated by perimeter and network defence devices, but many operators lack the intelligence rules to convert the data into insights. They are also not adequately trained to respond appropriately to such incidents. It is akin to fighting in the dark without night vision goggles. Visibility is poor and the limited availability of cyber intelligence hinders meaningful decisions.

The current cyber threats are not new. Distributed Denial of Service (DDoS), WLAN infrastructure attacks, SQL injection, cross-site scripting and social engineering have been around for a while. What has changed is the magnitude of these attacks - the number of perpetrators, the ease with which attackers can join forces and the impact that they can have on one’s business have all grown exponentially over the years.

For example, according to a study from BT, the most significant DDoS attacks in Singapore are estimated to cost companies up to a whopping S$120,000 per incident. This does not include damage to reputations, revenue and customer confidence.

In order to combat the onslaught of cybersecurity attacks, organisations need to look at updating their systems, improve their processes and train their operators.

Firstly, data centre operators need to understand that security is only as strong as the weakest link. Security is often implemented in a fragmented way, built as tactical solutions in an attempt to mitigate risk. This only results in incoherent architectures which increase network vulnerability.

Data centre operators must identify their critical assets and understand the full cost of a breach. Spending a dollar to protect a cent is bad business. It is more efficient and cost-effective to identify core business assets and adopt an in-depth strategy around them. Good security should deter and slow down the attacks that do come, so that corrective actions can be taken before any serious damage is done.

Next, organisations need to focus on improved visibility and predictive security. The growing popularity of analytics has resulted in an overwhelming amount of data being collected, without the time or skillsets to evaluate it. Knowhow, time and relevant tools are needed to transform this data into insightful knowledge.

For many organisations, the most efficient way to protect against the attack is raising awareness among employees and partnering with a trusted and capable supplier. Singapore business leaders recognise the value of this. This is reflected in the BT study which shows that 73 per cent of organisations believe that they require the assistance of a third party organisation to protect its IT estate from DDoS attacks.

Periodic training of in-house personnel is also becoming more critical as more and more organisations embark on a digital transformation. The cyber troopers of the future will have to learn and practise the right way to respond to security incidents.

Investing in comprehensive security measures will definitely offset the costs of an actual cyber-attack or breach. Providing information security education and engaging a competent third-party organisation to protect assets will eventually yield value to the organisation.

At the end of the day, however, it must be accepted that there is no perfect security system in the real world. Sites will be hacked, data will be stolen, and vulnerabilities will be exposed. The best approach to implementing security is to adopt a combination of proactive and preventative security strategies to ensure that the organisation is always in a ready state.