 "Indian enterprises seek to preempt cyber attacks")
To minimise risks amid rising cyber threats, Indian enterprises are moving from the traditional prevention approach of protecting themselves from cyber attacks to detection and response approach —detecting threats to pre-empt attacks.
Indian organisations are expected to increase the spend on detection and response from 10 per cent of the overall security spend at present to 60 per cent over the next three to five years, Siddharth Deshpande, principal research analyst at Gartner Inc, told Business Standard.
Enterprise security spending on hardware, software and services in India is expected to reach $1.12 billion by the year end, up 10.6 per cent from $1.01 billion in 2015, according to a recent report by Gartner.
Preventive steps entail deploying conventional defence measures such as firewalls and antivirus software and services along with educating employees on cyber security and potential threats. On the other hand, detection and response involve simulating and analysing attacks that have happened in the industry, dissecting the tactics and motivation of attackers, and taking actions to prevent the anticipated attack.
According to a study by Trend Micro, it takes 230 days on an average for an organisation to detect a breach in the system, even when it has security software installed and running on it. Another study by FireEye puts the median time from compromise to discovery for an organisation at 146 days.
Although prevention still remains important, Deshpande said to plug in the existing gaps, enterprises in the country have started investing in detection and response framework.
“Many organisations realise it is impossible to prevent all security incidents. Because, as a defender, we need to be right every time; but, the attacker needs to be right only once,” said Deshpande. “Because of that, organisations are moving from prevention approaches to detection and response. They are changing their mindsets to be able to detect security incidents and respond to them in more effective manner.”
“Enterprises are looking to predict attacks and pre-empting attacks on their infrastructure by using threat intelligence capability. They are trying to look at the attackers’ motivation is,” said Deshpande.
For example, he said, if a bank finds that several other banks have been attacked by a certain attacker group using a certain method, then it has a relative level of early warning that it might happen to them as well. Thus, they can try to pre-empt some of the attacks.
Detection and response approaches also entail advanced capabilities such as predictive analytics although it still remains a small subset of the entire process.
“Companies are also trying to use security analytics tools to look at what risks they might be exposed to in the future and try to mitigate those pre-emptively,” said Despande. “But we haven't seen predictive analytics in security becoming mainstream. It is still a niche area, but with concepts like machine learning coming into the picture where a machine is able to create algorithms that project certain scenarios for the security environment, the companies will be able to prepare for those scenarios.”