Any news about cybersecurity is usually negative. Stories about rising threats, unprecedented data leaks and crippling ransomware attacks are becoming commonplace. But despite these trends and challenges, cyberspace remains the greatest enabler of our century and it is possible to effectively protect private networks for attacks, says Suleyman Anil, the Former Head of Cyber Defence at NATO.
Speaking at CLOUDSEC Singapore, Anil shared his view on the current state of cyber defence and his recommendations regarding where organisations should focus their investments. You can either read the summary below, which includes Forgie's key recommendations, or watch the video at the end of the article.
2012 NATO began a major project to centralise the protection of NATO' private networks. This is because NATO operates its own network and has end-points across the world, from the US, to Africa to Afghanistan. Ultimately, to protect any network you need to have defence in depth, layers of technology across your network, but in addition to this, centralisation has been a key part of NATO' cyber defence strategy for a couple of key reasons.
Firstly, it's important to get a good situation awareness of your networks from one single location, but equally important, is also the lack of talent. Anil explains, "When you centralise your cybersecurity operations into one large room with experts, you can use your experts more effectively no matter where the incident happens. So centralise your cybersecurity operations and have your cybersecurity talents work very closely with industry. About 30% of our experts are not NATO employees, they are members of different companies that are contracted in NATO and they work in our teams, that's how NATO is trying to counter the expert shortage problem."
Yet any centralisation project inevitably leads to the collection of a much larger volume of data pertaining to network behaviour and security incidents. So the priority is to be able to sift through all this data and detect and react to an actual attack as soon as possible. For example, on an average day across all of NATO' networks, they have 200 million "security events" detected per day. Out of these 200 million events identified by their firewall, anti-virus and intrusion detection software, 99 per cent are filtered out by big data analysis software, following which, only 10 - 12 are classified as an actual case that requires investigation and remediation. These cases may take an hour to resolve or possibly weeks, furthermore a single case may comprise of multiple incidents.
Sign up for MIS Asia eNewsletters.