The rising cost and complexity of today’s evolving cyberattacks require organizations to take a new approach to cybersecurity – one that blocks threats and malicious sites at the network level and is characterized by a closed loop model. This is particularly true for the small and medium-sized business (SMB) market, where cost constraints and limited security expertise leave Main Street businesses around the globe vulnerable to ransomware and other damaging malware.
In a new white paper published by Strategy Analytics, the necessary components of a network-based, ‘closed loop’ model are discussed, along with an overview of the benefits to Communications Service Providers (CSPs) if they can fill the SMB gap through a security-as-a-service (SECaaS) offering that utilizes their DNS infrastructure. See excerpt below.
Excerpt from White Paper:
“Today’s cyberthreats are characterized by innovation, and are designed to propagate, and bypass detection and controls by continually ‘changing their complexion.’ No one is immune because they spread randomly using software flaws or social networks. SMBs are especially vulnerable because they frequently do not have a dedicated IT professional on site. As of June 2016 the Ponemon Institute reported that “55 percent of SMBs say they experienced a cyberattack in the past 12 months and 50 percent of SMBs had a data breach during the past year.”1
The Internet of Things (IoT) is emerging and there is every reason to believe more and more ‘things’ will get ‘smart’ and ‘connected’. IoT devices have a wide range of capabilities that can be ‘hijacked’ to create diverse security vulnerabilities. These include:
- Intelligence – processor/memory/networking stack
- Instrumentation – cameras, microphones, speakers, sensors
- Susceptibility to compromise – NATed (Network Address Translation) – always-on or polled
- Accessibility – open ports and agents, unpatched vulnerabilities
This massive pool of IoT devices creates a new playing field for attackers. The potential for harm was demonstrated in October 2016 when a Mirai botnet delivered the largest DDoS attack in history leveraging a relatively small number of ‘dumb’ devices.2 Attackers have begun to explore IoT vulnerabilities as part of the ‘weaponization of IoT devices’.3
The cost of these attacks for SMBs is escalating. The FBI estimated that the total cost of ransomware in the U.S. was $24 million in 2015 and increased to $209 million in just the first three months of 2016.4 Those numbers could be conservative since many transactions are never reported due to business concerns about public disclosure. The Small Business Association survey referenced above also showed that attack costs for SMBs averaged nearly $9,000 with losses from hacked bank accounts averaging slightly less than $7,000. Since SMB cost of capital is often high, these losses are even more painful.
To meet these new network-based threats and the risks introduced by mobile devices, a new strategy is needed. SMBs cannot wait until an attack reaches end user PCs, tablets or smartphone devices and hope that each termination will respond appropriately to promptly block a threat, stop an attack or refuse to join a botnet. SMBs need to preempt threats before they jeopardize end user devices, applications or corporate databases. A new approach that handles the problem from the network perspective is required, SMBs cannot rely on millions of busy end users to update software that would classify, isolate or redirect the incoming flood of attacks on every different device.
IT security professionals and their Internet and Communications Service Providers (ISPs and CSPs) need to work together to:
- Stop attacks at a distance as they develop
- Block emerging threats and attacks within seconds of identifying them, e.g. by rejecting unregistered phishing URLs as fast as they pop up rather than relying on end users to avoid clicking on bad links
- Assume that some users will always become infected and automatically prevent them from spreading an infection, virus or ransomware software across the network
- Prevent unknowing users whose resources have been hijacked from participating in botnets and becoming threats themselves
Network-based threats demand we scan proactively for threats and attacks as they arrive in the network. Service providers operating DNS network-based security services can see everything that is coming in real time and with the right software instantaneously trigger network-based solutions to fight both network- and end user-originated attacks.
DNS is the ‘always on’ threat protection mechanism that can close the security loop by detecting and preempting threats to SMBs or other end users even before they are aware they have a problem.”
Click here to read the white paper in its entirely.