When thinking of the best analogy for the battle against cybersecurity threats, we may very well use chess laws to describe the game security professionals and cyber-criminals are constantly engaging in. On the one side, you have the hackers, perpetually trying to breach defenses, and on the other side – the targeted enterprises, wary of the former’s every move. The stakes are the same: at the end, only one party can be left standing.
However, times have changed and attackers have not ceased to refine their strategies: we are no longer witnessing a speed-chess tournament, but rather a test of patience. The perfect heist does not consist in hackers chasing after the fool’s mate  anymore. Instead, the big league hacks bask in the more damaging consequences of a delayed checkmate. Simply put, the longer the game is stalled (a.k.a. the longer they can maintain their presence within a system without being detected), the more they give you the impression that your security solutions are impenetrable. Once you’ve let your guard down, they’ll draw the final blow.
This is why businesses need to keep their heads above the water and remain vigilant. They can no longer afford the luxury of just wondering “if” their system is hackable or not. With the dawn of APTs (Advanced Persistent Threats), cyber-criminals will keep poking until they’ve reached their goal. But where does this leave enterprises nowadays? Acknowledging the fact they are all possible targets can actually pass as a blessing in disguise and should trigger a chain of awareness never before encountered in the world of cybersecurity. Nevertheless, in 2015, only 25% of directors were involved in the review of cybersecurity risks (according to the Global State of Information Security Survey conducted by PWC).
Being aware of an imminent or possible threat should push CEOs to see the importance of treating cyber-threats the same way they treat market stock and monitor them in real-time. Of course, it is up to the CIOs and CISOs to increase defenses, to transpose themselves in the role of a hacker, but without a culture of security best practices that cascades top-down throughout the enterprise, incidents are bound to reoccur.
Consequently, this should serve as a wake-up call for all business that need to understand that having a multitude of tools alone cannot always prevent APTs that, more often than not, are ingeniously choreographed by another human mind. That being said, we return to our chess game analogy: if one player were to rely just on its first line of defense and not exploit and coordinate all the players on the chessboard, their king would quickly fall. Similarly, if the person behind an enterprise’s security strategy does not correlate various tools, fostering security best practices, and relies exclusively on a basic antivirus or firewall, data breaches become inevitable. In other words, simply being able to detect attacks on your information system, once it has already been infiltrated, can leave you vulnerable and put an even bigger target on your back.
Prevention can ameliorate responsiveness to security crises, but cannot heal a company’s image in the eyes of its clients and/or even employees in the aftermath of a data breach fiasco. Take, for instance, the example of the US discount retailer Target, which had 40 million of its customer accounts hacked during November 27 and December 15, 2013. The event did not go unnoticed, leading to numerous customers suing the retailer for their failure to ensure proper security of their data.
Such occurrences are so damaging to a business’s morale that expectations in terms of reviving cybersecurity efforts will become more complex and more difficult to prioritize. As such, what more can be done? The need to completely immerse ourselves in the reality of the issue is imperious. If we ignore the other player’s moves, even for one turn, we risk losing the entire game. Real-time detection is what enterprises have to aspire to in order to make the other player resign first.
ITrust proposes an array of solutions and services centered on the winning trifecta: detect – prevent – resolve. Reveelium enables real-time detection of behaviors that deviate from the norm and can be coupled with SIEM products and services, surpassing the simple processing of system logs. The added value of this intelligent system developed by the ITrust team resides in the detection and evaluation of said deviations, enabling us to identify attacks overlooked by SIEM solutions.
 In chess, Fool’s Mate, also known as the “Two-Move Checkmate”, is the checkmate in the fewest possible number of moves from the start of the game.