When it comes to business, there's nothing better than a quick solution to a big problem. Identify the issue, roll out an efficient solution, and watch it do its work immediately: This is an ideal scenario for problem solving. In terms of cyber crime, there are those who'd like to believe that the problem can be tackled this way. But unfortunately, that's not the case. There's no such thing as a quick fix for the problems of enterprise cyber crime – nor is there a solution that business leaders can apply and then not have to worry about the problem again. Instead, cyber crime is a persistent issue that demands sustained focus and proactive energy. In racing terms, it's a marathon, not a sprint. And just like in marathons, it's the slow and steady approach that will win the race.
At the federal level, a 30-day "Cybersecurity Sprint"
Since taking office, President Obama has advanced a proactive approach to cyber security at the federal government level, and his efforts have resulted in the U.S. government making significant strides in terms of cyber preparedness. These days, efforts at the national level are accomplishing a multitude of cyber-focused goals, including promoting cyber education, recruiting young people to become professional cyber defenders, elevating cyber security standards across the board for organizations, and advancing, in general, a more proactive approach to cyber security among not just businesses and other organizations, but individual citizens as well.
The federal government's commitment to cyber security has generated significant headlines for the cause and gotten individuals and organizations focused on the issue who may not otherwise have paid attention to it. In recent months, one of the biggest government cyber-focused stories was the launching of the so-called "30-day Cybersecurity Sprint." News of this initiative – which was spearheaded by United States Chief Information Officer (CIO) Tony Scott – quickly spread to the mainstream media, where it was covered in publications like the Federal Times. However, the initiative was specifically geared toward federal agencies, asking them to come up with ways to better increase cyber awareness, control malicious incidents, bolster cyber proficiency, and implement data guarding mechanisms, among other goals.
As an initiative, the cyber security sprint's success in gaining media traction was undoubtedly due to the presence of that operative word – sprint. In terms of solutions, after all, we tend to prefer a quick one, and so the notion of sprinting toward cyber security was one that was palatable to the many individuals and businesses who want to be able to attain optimal cyber security and then not have to worry about it anymore. But this, unfortunately, is wishful thinking.
Cyber threats: Evolving all the time
To its credit, the federal government's cyber sprint wasn't meant to imply that cyber-related issues can be solved within the span of a month. But for enterprise leaders looking for an easy fix to a complex problem, the headlines about the "30-day Sprint" perhaps played to their desire to have the issue of cyber preparedness solved quickly. In reality, preparing a company of any size – and in any sector – to defend itself against the cyber threats of today is work that demands not just in-depth focus, but a sustained effort as well. That is due to the constantly evolving nature of the cyber threat realm – a realm that sees 12 new malware types be detected every minute. And these numbers aren't headed on the decline anytime soon.
"We expect that the number of new malware strains will be well above the level of 2014," explained a research firm that carried out a study covering the first half of 2015.
That study returned the alarming finding that there were more than 3 million new malware strains to be detected in the first half of 2015 alone. While these 3 million attack strains encompass a wide array of malware types, there have been some trends that have emerged this year in terms of the type of malware produced. Here are some of the more common malicious strains to emerge – and continue emerging – this year:
- Banking trojans: Banking trojans are experiencing a resurgence this year, and their momentum is spurred by the evolution of malicious strains like that of the Swatbanker family, whose persistent presence this year peaked back in March. Of that malicious family, the research firm stated the following about its concerning growth this year: "Previously, waves of attacks by e-mail had not been unusual for this Trojan, but this wave was so successful that in March 2015 the highest number of repelled banking Trojan attacks since records began was measured. Also unusual was the fact that the wave did not stop within a few weeks as usual, but carried on until mid-June. Also, shortly before the wave of attacks ended, there was another unusual occurrence: The attackers apparently were targeting computers in the German Parliament's intranet7."
- Mobile malware: These days, the typical workplace isn't one where you go to the physical office, punch into the network and log off at the end of the day. Instead, many workers literally take their work home with them thanks to the corporate remote access that the era of mobile work is allowing. This trend, which has gained steam in recent years and shows no signs of slowing down, has a definite positive impact on company culture and productivity, but it's not without risks. That's because mobile malware is highly prevalent, and cyber criminals are always looking for ways to refine malicious strains that attack the mobile sphere. After all, with a carefully targeted mobile attack on a single employee's personal company-connected mobile device, a cyber criminal could gain access to an entire corporate network.
Planning for an evolving threat sphere
When devising a cyber strategy, companies need to take into account the fact that it's going to require sustained effort, and that the policy you put into place today will definitely evolve in the months and years to come. To that end, however, there are steps businesses can take to ensure that they approach cyber security with the adaptable mindset that's conducive to long-term success in protecting against virtual threats. Here are some of the things organizations need to do to effectively run the cyber marathon:
- Create a company culture of continued preparedness: In the realm of enterprise cyber defense, having a company culture that's up to the task is one of the key ingredients. After all, there's only so much that can take place within the walls of the IT department – but to have true protection, a business needs to ensure that its preparedness extends across every department and includes every worker. As CSO pointed out, establishing this culture means first getting over the idea that it's only IT workers and executives who should be occupied with cyber issues. A company with a robust cyber security culture is one in which every worker is familiar with the workplace cyber security policy. However, this is not the responsibility of each individual staffer to learn on his or her own – instead, there needs to be a strong effort at the administrative level to ensure that the proper company cyber education takes place through training sessions and other cyber-focused events.
- Pursue tools that are built to adapt to the times: When you're a company looking to defend its network, that's not something you want to do alone. Instead, you'll want to look for cutting-edge enterprise software that helps make the job easier. But when looking to identify the perfect software package, it can be easy to stumble upon something that may be right for that exact moment, but which won't be prepared to evolve to the always-growing cyber threat sphere. Therefore, it's imperative for organizations to pursue cyber security software that is built not only to meet the needs of today, but to scale to meet the needs of the future.
- Ensure that mobile devices are guarded: This is the age of workplace mobility, and that means it needs to be a time of mobile security too. If your corporate environment is one in which workers use their mobile devices to access the business network – and more organizations match this description – then it's imperative to rollout a mobile strategy that can deal with the vulnerabilities that mobile workplace access can otherwise pose. At the administrative level, a commitment to mobile security means making sure that mobile protection is afforded the same degree of attention as the defense of the physical enterprise network. While it's true that enterprise mobility can be a significant benefit for overall productivity, it can also expose businesses to the vast sphere of mobile malware – and that fact should impel businesses to leverage mobile defense solutions.
There's no quick solution to the cyber issues of today. It is, after all, a distance event – and if you try to sprint it, you'll tire out far too early. For continued protection that keeps a consistent and steady pace, leverage a custom defense solution.