Could Threat Hunting Be the Answer to Global Cybercrime?
In the midst of a record-breaking cybercrime wave, companies are starting to take a proactive approach to detecting and repelling network security threats.
From the WannaCry and Petya attacks to politically-motivated meddling in the U.S., France, and other elections, 2017 seemed to suggest that cybercriminals are now winning the war for digital supremacy.
In fact, according to the Ponemon Institute’s 2017 Cost of Data Breach Study, the odds of a company suffering a data breach in any given year exceed one in four, and the average cost of such a breach sits at $3.8 million. All told, industry insiders expect the global cost of cybercrime to top $6 trillion as soon as 2021, a 100 percent increase over the 2016 bill.
This explosion of cybercrime notwithstanding, companies can take solace in the fact that proper preparation can go a long way toward minimizing both the likelihood and the potential damage of a breach. Businesses thwarted nearly 145 million cyberattacks in 2016, and Ponemon indicates that the simple act of employing an incident response team can reduce the per-record cost of a data breach by up to $12.60, or roughly 8%.
That said, as the adage goes, “An ounce of prevention is worth a pound of cure.” No matter how efficiently a company responds to a breach, it’s always better to have prevented the breach in the first place. In order to improve their capacity for derailing cyberattacks before they even start, many companies are experimenting with a new approach to corporate cybersecurity: cyber threat hunting.
From Ad Hoc to Agile
The SANS Institute defines threat hunting as “a focused and iterative approach to searching out, identifying, and understanding adversaries internal to the defender’s networks.” With the rise of workplace IoT devices and BYOD policies, the “perimeter defense” cybersecurity paradigm has become inadequate for protecting a company’s networks. Firewalls and antivirus software are still important, but today’s cybersecurity professionals need to be able to recognize and repel intruders who manage to bypass these liminal protections.
While various threat hunting activities have been a fixture of the corporate cybersecurity world for years, they’ve typically been executed on an ad hoc basis by long-serving IT professionals who know their company’s network landscape like the back of their hand. “The recent focus on threat hunting is not about rebranding what many defenders have endeavored to do over the years,” the SANS Institute emphasizes. “It’s about placing an appropriate, dedicated focus on the effort by analysts who purposely set out to identify and counteract adversaries.”
A comprehensive threat hunting program also requires a mature network infrastructure and a great deal of data. Just as a detective needs forensic evidence to solve a crime, a threat hunter needs data to intercept a cyberattack. With enough data, an experienced cybersecurity professional (perhaps with the help of an automated tool) can pinpoint unusual network connections and expel bad actors before they inflict any damage.
Despite Encouraging Results, Challenges Remain
According to Cybersecurity Insiders CEO Holger Schulze, threat hunting is already starting to take hold. “Following the unprecedented wave of cybersecurity attacks, threat hunting is quickly becoming a new line of defense for security operations centers to proactively combat advanced security threats,” he said in a new report commissioned by Crowd Research Partners.
The report shows that 40% of companies currently use some sort of threat hunting platform — a 5% increase over 2017. What’s more, roughly 60% of the companies that have yet to integrate threat hunting into their cybersecurity protocols plan to do so within three years.
Much of this growth has been driven by the encouraging preliminary results the approach has produced. Crowd Research Partners found that companies with a dedicated threat hunting team detect and deal with cybersecurity threats 2.5 times faster than companies without one. Among companies with a threat hunting program in place, 64% say the program improves their detection of advanced threats and 63% say it reduces incident investigation time.
However, as one might expect with such a new approach, threat hunting is not without its challenges. More than three-fourths (76%) of threat hunters feel that they don’t have enough time to search for emerging threats to their company’s networks, and 43% admit that they lack the cybersecurity expertise to hunt threats effectively.
Perhaps the easiest way for these companies to mitigate these challenges is to partner with a seasoned cybersecurity expert like Turn-key Technologies (TTI). With than two decades of experience designing, deploying, and managing corporate networks that are as high-performing as they are secure, TTI has the know-how necessary to help any company detect and deter any and all cybersecurity threats it may face.