The security threat landscape is confusing and changing rapidly – there’s so much out there, how do you understand where the true risks are?
Every 40 seconds a business falls victim to a ransomware attack. Cyber criminals are creating an average of around 1.4 million phishing websites every month with fake pages designed to mimic the company they’re spoofing. At BT alone, we detect more than 100,000 malware samples every day — more than one a second. But 99 per cent of malware is used for less than one minute. In addition to over 4,000 cyber-attacks, daily, BT and its customers see three million suspect emails per month.
In this article, we talk to the team protecting BT about how we're responding to the changing threat landscape and how you can apply the learnings to your organisation.
A security breach is inevitable
It’s difficult to admit, but no system is 100 per cent secure. We all need to face the fact that at some point, we will be breached.
We’ve observed an acceleration in the production of new attacks, especially those that regularly evolve to evade security controls which can’t keep up. For example, the Emotet malware changed the links or attachments being used to deliver the virus up to 24 times a day. Automated tools have made it easy for criminals to launch attacks, making this new environment a more difficult one for security teams to operate in successfully.
That’s why security has to be a part of your strategy that’s always evolving. As threats shift and your needs change, your security strategy needs to change too.
Threat intelligence to stay one step ahead
Because of BT's global scale, client base, and active relationships with leading law enforcement and cyber security authorities such as Interpol, Europol and the UK National Cyber Security Centre, we’re often the first to correlate events and know of new attacks. For example, we were able to give our customers intelligence around Wannacry six weeks in advance.
Security teams can be overwhelmed by the volume of data being picked up by a raft of security monitoring tools which are not correlated to provide intelligence that is easy for analysts to understand and act upon. Integration and automation are key to keeping pace with the changing threats.
But a tool is nothing without the analyst sat in front of it. By drawing out abnormalities, analysts can then examine them, understand them and move quickly to mitigate risks. That’s why we have a team of 2500 security experts who understand how to prioritise and validate the threats that really matter.