- Cyber threats are impacting the bottom line, leading to increased security spending.
- Priority is being placed on managed firewalls, identity management, and SIEM.
- Telcos like BT are stepping forward with shared threat intelligence initiatives.
Endless new threats impacting businesses and consumers are driving demand for IT and cybersecurity products and services both by besieged IT departments – with the thankless task of protecting against invisible thieves and miscreants – and by their bosses, who have been firmly pulled into cybersecurity decision making.
It’s starting to feel like an endless war.
CEOs began taking responsibility for data breaches a couple of years ago, and mega-breaches, such as the one suffered by Equifax in 2017, are now even being punished in the stock market. But, mid-sized and smaller businesses, as well as public sector organizations, are also being exposed to new cyber-related peril by everything from ransomware demands to potential GDPR breach penalties.
Small Arms Buildup
According to GlobatData’s research, this is causing up to 73% of enterprises to prioritize spending in areas such as identity and access management systems, endpoint security and anti-virus products, vulnerability management, and data loss prevention tools. Priority over the next two years is also being given by as much as 70% of all enterprises to engaging security services like managed intrusion detection and prevention as well as security incident and event management – a difficult function to handle in-house for the typical company lacking dedicated security skills.
There is a foreboding sense that, even with such prioritized investments, it is never going to be enough to fight against unknown external threats. Indeed, something like vulnerability management is literally installing ‘patches’ on out-of-date software — the digital definition of sticking a Band-Aid on an infected wound. With hundreds of potential solutions that might help mitigate certain cyber threats but definitely won’t magically solve the greater existential threat, organizations and their clients may be indulged for wondering who else is going to step up and own this fight.
Calling Up the Troops
No one ‘owns’ the responsibility for global cyberspace, so there is no reason to expect a single actor or entity to do so. At national levels, governments have established five-year strategies to secure the digital environment, but what about the IT and Internet service providers impacted most directly, monitoring and analyzing billions of daily cyber events, many of which turn out to be security incidents?
This week, BT stepped up and put up its hand, challenging the other broadband and connectivity providers in the UK to start sharing information about malicious software and websites on a much larger scale. It has launched a free collaborative online platform to share its own threat intelligence data across the ISP community in a secure and trusted way, as it continues efforts to protect consumers and businesses from what has become a global cyber-crime industry.
BT’s effort is in direct response to an initiative led by the National Cyber Security Centre (NCSC) to enable ISPs to share detection events as part of its ongoing efforts to disrupt millions of online commodity attacks against UK citizens, businesses, and institutions. BT now alerts other ISPs in the country to any malicious domains associated with malware control that it identifies using its advanced threat intelligence capabilities. ISPs can then choose whether to take any action to protect their customers by blocking such harmful malware. To date, BT has identified and shared over 200,000 malicious domains since initiating the sharing of threat information at the end of 2017.
Unlike most businesses, BT has the skills and advanced technologies in-house to join the battle at a national and even global level (its global SOCs and 2,500 cybersecurity experts around the world are currently preventing the delivery of 50 million malicious e-mails with 2,000 unique malicious attachments every month – or nearly 20 malicious e-mails every second). And, given its ownership of critical infrastructure, it has more motivation than most to fight back hard.
It’s not the only telco doing so.
Another large European operator with global interests is preparing to launch a new cyber threat alliance in April, taking intelligence feeds from the world’s leading network and security platform vendors, global software giants, and telcos from around the world – all incentivized to share their unique threat data with the alliance in order to benefit from the larger intelligence pool. With the goal being to protect customers in near real-time while disrupting malicious actors and elevating overall security, the alliance seeks to strengthen global critical infrastructure for the greater good.
Such efforts won’t stop businesses from spending on firewalls and software patches, or from subscribing to managed security services. Indeed, these things all help to channel new threat information to experts behind the technology who are constantly seeking to improve its efficacy. And with big telcos stepping up to gather, analyze, and take action collectively on those cyber events and incidents in support of the ‘greater good,’ some measure of progress in the endless war could soon be evident.