Detection more important than prevention in cyber security, says Microsoft CTO

Detection more important than prevention in cyber security, says Microsoft CTO

Amid rising stress levels, 50% of cyber security pros choosing vCISO as career option

Detecting malware and other kinds of threats is more important than protection in cyber security, Michael Wignall, CTO for Microsoft UK believes.

Detecting intrusions as soon as possible and responding to them effectively are essential for a sound cyber security strategy, Wignall said.

In July, a question was thrown at a panel of security professionals and IT experts about whether it was possible to prioritise either detection or prevention in cyber security. Responding to the query, an overwhelming number of experts stated that organisations need to invest in both and must maintain a balance between prevention and detection.

‘How many firms have guards, and utilize locks and alarms on their doors, yet have motion detectors and/or security cameras inside their buildings? The same is true in the information security world. It is necessary to have both preventative mechanisms as well as ways to detect and address breaches after they have already occurred,’ said Joseph Steinberg, founder of SecureMySocial.

‘The key is finding the right balance of the two given an organization’s risk profile. For most enterprises, security investments are substantially “overweighted” in favor of prevention. A rebalancing exercise that emphasizes detection and response capabilities will typically pay significant dividends,’ said Jason Straight, Senior VP of Cyber Risk Solutions and Chief Privacy Officer of UnitedLex Corp.

However, Michael Wignall, CTO for Microsoft UK, thinks that detection is essentially more important than prevention in cyber security. Speaking at the Microsoft Decoded event in London, he said that his belief comes from the fact that on an average, a hacker spends as many as 144 days on a network before being detected.

To reduce detection times, Wignall added that enterprises should embrace machine learning and artificial intelligence as soon as possible.

‘It’s vitally important to understand your technology environment and how it’s changed – you’re now much more connected than ever before. We have to think about cybersecurity in a very different way.

‘A lot of the threat isn’t as targeted and sophisticated as you might think, it’s actually much more opportunistic – they’re taking advantages of some of the changes in the tech landscape. If you’re not taking advantage of AI in your systems, you better believe that the attackers are – so you’ve got to keep up,’ he said.

Wignall may be right to an extent. Over-reliance on perimeter security has made a large number of firms in the UK vulnerable to sophisticated cyber threats in the recent past. While prevention tools like firewalls, IDPS, antivirus, content filtering and anomaly detection are impacting employee productivity, they have also been found to be less effective compared to solutions like end-to-end encryption and two-factor authentication.

Hence, enterprises must invest on effective detection tools and techniques to ensure that malware, ransomware or spyware can be detected, isolated and destroyed before they can cause significant damage. According to CybeRisk, a number of new detection techniques have been rising to the challenge.

‘Detection technologies have been rising to the challenge, with the growth of platforms for the analysis and correlation of network events and logs, such as security information/event management (SIEM), User and Entity Behavior Analytics (UEBA), context-sensitive Data Loss Prevention methods, and the development of dedicated Endpoint Detection and Response (EDR) systems,’ it says.

‘But detection alone isn’t enough – unless the enterprise objective is to keep security operations center personnel chasing their tails in the follow-up to a continuous barrage of alerts and reports. Detecting threats is only part of a solution which requires swift and definitive action to stop them, and/or mitigate their effects,’ the firm added.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]