Anomaly detection is the first layer

Issue 3 2021 Security Services & Risk Management

Cybercrime incidents have surged in the last year, as malicious actors take advantage of the current global situation, including the work from home (WFH) trend. As IT has evolved, so too has ransomware and attacks have become increasingly targeted, pervasive and damaging. A multi-layered, proactive approach to data management and protection is essential and this begins with anomaly detection as the first line of defence.

Kate Mollett.

The evolving threat

In a WFH environment, people are connecting to critical applications and data from multiple distributed points, without the safety blanket of the enterprise network perimeter. People working from home are also more vulnerable to attack, as it is difficult to maintain standards of awareness when face-to-face contact is limited.

In addition, cybercrime has evolved into a fully-fledged business. Ransomware-as-a-Service is available to purchase on the dark web and South Africa is an attractive target for attack. In fact, a report from Accenture reveals that South Africa has the third most cybercrime victims worldwide, losing R2,2 billion a year.

Ransomware has become extremely sophisticated, with multifaceted and highly targeted attacks exploiting multiple points of vulnerability. Malware has even begun to attack the data protection solution itself, rather than just production data, making recovery from a successful exploit all but impossible.

The attack surface is so vast that traditional solutions are simply no longer enough. A new approach to data management and protection is necessary and this begins with the ability to discover unusual activity before it can cause damage – also known as anomaly detection.

Proactive alerting is the key

Malware exploits rely on slipping through network defences without detection. Much like burglars need to get into a building undetected so that they can steal valuables, ransomware needs time to infiltrate and steal data. Anomaly detection can be likened to a security camera for your network. It helps enterprises to identify unusual or suspicious network activity as it happens, flagging it for investigation and blocking it before damage can be done. For example, dramatic and sudden increases in network traffic, moved files, or even logins from unusual locations, can all be red flags that a threat actor is attempting to penetrate the network.

With anomaly detection in place, the appropriate people are immediately made aware of potential issues so that they can take action. As the old adage goes, prevention is better than cure. While protecting data is essential, it is actually a secondary issue, because an early warning of potential issues means that risk and damage is mitigated. This enables enterprises to take a proactive approach to potential threats rather than reacting after the fact.

Layered threat detection and prevention

Backup and recovery should not be the primary defence against ransomware or any other form of data loss – it is the final step in the process. It is critical today to identify threats, protect applications and data, monitor systems, respond to threats, create awareness and then if all else fails, recover from an event.

Anomaly detection as part of a data management framework is essential to an holistic solution, because data management is about more than just security. Tools like artificial intelligence and machine learning help systems to immediately identify potential threats and automate processes to stop attacks before they can penetrate a network. Building the right framework to manage your data, with multiple layers, covering all areas from the end point to the data centre and beyond, is essential to a modern data management strategy.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Natural catastrophes and fire risks top concerns
Security Services & Risk Management Asset Management Residential Estate (Industry)
Natural disasters are the highest risk in the real estate industry, followed by fire and explosions, and then business interruption. Estates must prioritise risk management and take proactive measures to safeguard their assets, employees, and reputation.

Building a solid foundation
Alwinco Security Services & Risk Management Asset Management Residential Estate (Industry)
Understanding the roles of a Risk Assessor and a Risk Manager is like building a solid and secure foundation in the security world. Andre Mundell makes it easy to understand.

Using KPIs to measure smart city progress
Axis Communications SA Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
United 4 Smart Sustainable Cities is a United Nations Initiative that encourages the use of information and communication technology (including security technology) to support a smooth transition to smart cities.

Enhancing estate security, the five-layer approach
Fang Fences & Guards Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
Residential estates are designed to provide a serene and secure living environment enclosed within gated communities, offering residents peace of mind and an elevated standard of living.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Detecting humans within vehicles without opening the doors
Flow Systems News & Events Security Services & Risk Management
Flow Systems has introduced its new product, which detects humans trying to hide within a vehicle, truck, or container. Vehicles will be searched once they have stopped before one of Flow Systems' access control boom barriers.

A standards-based, app approach to risk assessments
Security Services & Risk Management News & Events
[Sponsored] Risk-IO is web-based and designed to consolidate and guide risk managers through the whole risk process. In this article, SMART Security Solutions asks Zulu Consulting to tell us more about Risk-IO and how it came to be.

Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Integrate digital solutions to reduce carbon footprint
Facilities & Building Management Security Services & Risk Management
As increasing emphasis is placed on the global drive towards net zero carbon emissions, virtually every industry is being challenged to lower its carbon footprint and adopt sustainable practices.

Visualise and mitigate cyber risks
Security Services & Risk Management
SecurityHQ announced its risk and incident management capabilities for the SHQ response platform. The SHQ Response Platform acts as the emergency room, and the risk centre provides the wellness hub for all cyber security monitoring and actions.