The Cybersecurity and Infrastructure Security Agency (CISA) is once again reminding organizations to remain vigilant this holiday season largely because cybercriminals tend to strike whenever they suspect IT teams may have let their guard down. After a year of security incidents that now includes a Log4J vulnerability that roiled organizations that employ Java applications these past two weeks, it’s clear many cybersecurity professionals need a break.
The trouble is there seems to be a high correlation between when IT professionals are starting to engage in a little rest and relaxation and when cybersecurity attacks are launched. A recent report published by the RiskRecon arm of MasterCard notes that nearly half (47%) of 650 publicly reported ransomware events occurred either on either a Friday, Saturday, or Sunday. It’s almost as if many cybercriminals spend most of their week preparing to launch an attack that only gets launched when they assume there are fewer IT professionals around to combat it.
Most organizations, alas, don’t have the resources required to monitor cyberattacks made against their IT environments on a 24/7 basis. Even if they do, not every member of the cybersecurity team is going to be as adept at spotting threats. Not many of the best and brightest in cybersecurity are anxious to work weekends and holidays. While there are many dedicated cybersecurity professionals the simple fact of the matter is cybercriminals are counting on the fact that IT professionals have a life outside of work.
Realistically, there are only two options when it comes to maintaining the external vigilance that cybersecurity now requires. The first is to contract a service provider that has invested in the resources required to provide 24/7 monitoring capabilities on behalf of multiple customers. In effect, the service provider is distributing the cost of providing such service across a base of customers. It’s often just too expensive for most organizations to build and maintain such a capability on their own.
The next option is to invest more in artificial intelligence (AI). The machine learning algorithms that are at the core of an AI model are not going to replace cybersecurity professionals any time soon. However, over time an AI platform eventually becomes better at identifying anomalous activity indicative of a cyberattack. It may take months for an AI model to reach a level of proficiency given the unique attributes of any given IT environment. However, attempting to secure modern IT environments without relying on AI is at this point an act of hubris that will precede the inevitable fall.
Complacency and fatigue, with the notable exceptions of zero-day vulnerabilities that appear out of nowhere, are at the root of any cybersecurity breach. The former needs to be guarded against with as much rigor as possible. The latter needs to be prevented by ensuring that cybersecurity doesn’t become too dependent on the expertise of a few heroic individuals that may not be at always be at the top of their game or, for that matter, even available.
It may never be possible to attain and maintain perfect security. However, there are plenty of measures that can be taken to reduce the level of cybersecurity stress any organization experiences.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.