Traditionally threat detection in organisations is reactive through pre-defined and preconfigured rules that are embedded in automated tools such as firewalls, anti-virus software, security information and event management (SIEMs) and intrusion detection systems/intrusion prevention systems (IDS/IPS). As the fourth industrial revolution (4IR) brings with it an exponential increase in technological advances and global interconnectivity, the cyberspace presents security risks and threats the scale of which is unprecedented. These security risks and threats have the potential of exposing confidential information, damaging the reputation of credible organisations and/or inflicting harm. The regular occurrence and complexity of cyber intrusions makes the guarding enterprise and government networks a daunting task. Nation states and businesses need to be ingenious and consider innovative and proactive means of safeguarding their valuable assets. The growth of technological, physical and biological worlds necessitates the adoption of a proactive approach towards safeguarding cyber space. This paper centers on cyber threat hunting (CTH) as one such proactive and important measure that can be adopted. The paper has a central contention that effective CTH cannot be an autonomous ‘plug in’ or a standalone intervention. To be effective CTH has to be synergistically integrated with relevant existing fields and practices. Academic work on such conceptual integration of where CTH fits is scarce. Within the confines of the paper we do not attempt to integrate CTH with many of the various relevant fields and practices. Instead, we limit the scope to postulations on CTH’s interface with two fields of central importance in cyber security, namely Cyber Counterintelligence (CCI) and Cyber Threat Monitoring and Analysis (CTMA). The paper’s corresponding two primary objectives are to position CTH within the broader field of CCI and further contextualise CTH within the CTMA domain. The postulations we advanced are qualified as tentative, exploratory work to be expanded on. The paper concludes with observations on further research.
Small, medium, and micro enterprises (SMMEs) are obliged to adopt digital technologies to render services to their clients and remain competitive. The COVID-19 global crisis has accelerated the cyberfication of systems and services. The move to digital platforms has afforded SMMEs opportunities to offer their services to a broader geographical area. However, this has also presented opportunities for cybercriminals to invade the digital infrastructure. Adopting digital transformation has put SMMEs in a vulnerable position since they need to manage their cybersecurity while lacking the necessary skills and ICT infrastructure. The inability of SMMEs to defend themselves against cyberattacks compels them to outsource their security needs to external security service providers. These external security service providers offer security services based on a hierarchical operating model. Essential security services are offered at a lower level. If the paying clients require advanced security services, they may be provided as an add-on to the contractual agreement resulting in additional cost. This paper explores the active cyber defence (ACD) approach to enhance cybersecurity defence while minimising service costs. Therefore, the primary objective and outcome of this paper are to identify some of the essential drivers that will contribute towards developing the active cyber defence framework for SMMEs in developing countries. For purposes of clarity, essential drivers are the gaps highlighted during the literature review and will be referred to as “essential drivers” throughout the paper. The essential drivers, together with suggested recommendations, will be consolidated. The essential drivers were drawn from existing literature by going through peer-reviewed academic papers and company whitepapers. To achieve the primary objective, we need to establish whether SMMEs are utilising the services of external security service providers. The external security service providers will be referred to as “Security Operation Centre - SOC as a service” throughout the paper. The secondary objective of this paper is to determine whether SMMEs are utilising the SOC as a service and if they do, whether they realise value for money.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.