Technology has, without a doubt, created a new era for businesses.
It has transformed how enterprises manage and secure their environments to create exceptional services and products that satisfy their needs as well as customers.
The potential of the use of technology is anything but limited and can be leveraged to improve operations, reduce costs and enhance productivity.
Nonetheless, this comes with a great price and that is keeping the environments that facilitate the provision of technological services and products secure from the outsider attacks, commonly known as cybercrime or hacking.
As businesses realise the importance of technology, many attackers have also realised its weak spots.
These weak spots are exploited to access unsecured networks, push computer malware that infect the entire network and fraudulently retrieve confidential information, which could harm the continuity of any business.
These risks made businesses recognise the need for preventive measures.
Several of these measures were deployed to monitor any potential threat through network communications.
The most renowned is the security information and event management (SIEM) solution.
SIEM combines log file collection, correlation and analysis with real-time security event monitoring.
Modern SIEM solutions go beyond log file searching to provide correlation and visualisation tools to help security operations centre (SOC) personnel spot patterns and anomalous behaviour.
Leading solutions use powerful analytics to detect advanced persistent cyber-attacks in mountains of security Big Data and provide the forensics analysis needed by the analytics-driven intelligent SOCs of the future.
SIEM solutions have been successful in detecting attacks and shortening their dwell time, so attackers exfiltrate less data.
This has kept hackers on the move developing new approaches rather than relying on known attacks.
It’s driven them to low-and-slow attacks more likely to avoid detection, and it has led them to focus on softer targets.
Nonetheless, because attackers are constantly looking for data to steal, why not bait them with fake data to detect and identify them?
That’s a honey pot.
Many are set up to for research purposes – to capture and analyse attacks and identify attackers.
Others serve as a detection mechanism in production environments alerting defenders to hacker activity.
Deception grids simulate specific environments – like the design for your nuclear power plant or latest fighter jet.
They are highly customised to convince attackers they have reached their target and in some cases feed them false data.
Honey pots have been useful in identifying bad actors and their Internet Protocol (IP) addresses.
So they can keep attackers on the move, causing them to change or disguise their identity and network location.
As MySpace was created in 2003 and was the most visited social networking site until overtaken by Facebook in 2009 alongside other major social networking players such as Twitter and Instagram, the privacy of millions of people’s personal information was under a huge threat.
While these measures attempt to mitigate or prevent certain attacks, protecting information that is meant to be published to the entire web is the biggest concern.
According to a research by Ponemon Institute, it was identified that attacks by malicious insiders are the costliest kind of attack.
And the theft of classified information from the US National Security Agency by Edward Snowden reinforces the need to detect insider threats and inappropriate access to information.
User behaviour analytics looks for patterns of human behaviour and can recognise meaningful deviations from normal patterns that suggest unauthorised data access, theft or fraud.
Although many businesses tend to allocate great investments to implement security measures, not all would be in use when it comes to an exploitation of a security weak spot.
Businesses must deploy layers of information security defences that best match the threats to their enterprises.
Also, they must ensure to innovate fearlessly to keep attackers on the move, not expecting the advanced measures put in place to prevent or detect and quickly respond to known and unknown attacks.
The author is a Bahrain-based management and technology expert
&uuid=(email))