WHY A NEW SECURITY SYSTEM?
Today the Internet is accessible to everyone and it is becoming the preferred means of conducting business. It's not unlike public health. One of the reasons health officials urge almost everyone to get a flu shot is because people who are infected are more likely to infect others. And the same is true for cyber security. Infected devices have a way of infecting other devices and compromised systems can make everyone vulnerable. So your cyber hygiene isn't just about protecting you, it's about protecting all of us.
Cybersecurity isn’t about one threat or one firewall issue on one computer. It's about zooming out and getting a bigger perspective on what's going on in an IT environment. Keeping companies safe from attackers is no longer just a technical issue of having the right defensive technologies in place. To me, this is practicing IT security, which is still needed but doesn’t address what happens after the attackers infiltrate your organization. In cybersecurity, the defenders acknowledge that highly motivated and creative adversaries are launching sophisticated attacks. There’s also the realization that when software is used as a weapon, building a stronger or taller wall may not necessarily keep out the bad guys. To them, more defensive measures provide them with additional opportunities to find weak spots and gain access to a network.
This mentality goes against the fundamental principle in IT security of erecting multiple defensive layers around what you’re trying to protect. By separating what you’re trying to protect from the outside world, you’re keeping it safe—at least in theory. While this works in physical security, where IT security has its roots, it doesn’t really work when you’re facing enemies who need to be successful just once to carry out their mission. Defenders, unfortunately, don’t have this luxury. They need to catch every attack, every time. Don’t take this statement as a knock against these antivirus software, firewalls and other defensive technologies; they’re still needed in conjunction with cybersecurity.
Bots or zombie networks are just one example. Bad guys look for vulnerable machines to infect and enlist them into a zombie army that infects other machines, thus greatly amplifying their ability to reach millions of users. Even bad social networking and email security can be contagious. If your accounts are insecure, it makes it easier for others to go online as you and spread infections or social engineering attacks designed to steal data or money.
Cyber security is a shared responsibility. Internet companies and brick and mortar merchants can do their part by shoring up the security of their networks and payment systems. Government can educate the pubic and enforce anti-cyber crime laws. Businesses can make sure that they have strong security processes in place, including making sure their employees use strong passwords and everyone can play an important role by securing our devices and being sure that our passwords are strong and unique. But IT security and cybersecurity also differ on what action to take after an attacker breaks through your defenses. In IT security, when a problem is detected on one computer, it’s considered an isolated incident and the impact is limited to that machine.
Most important, the incident wouldn’t be seen as a random, one-off event. When you apply a cybersecurity lens to incidents, the belief is that every incident is part of a larger, complex attack that has a much more ambitious goal besides infecting machines with malware. If you close a ticket without asking how an incident or incidents are linked (remember, attacks have many components and adversaries commonly carry out lateral movement) or where else attackers could have gained a foothold, you’re not doing your job.
I admit this approach is a radical departure from how most organizations currently handle security. Further complicating this perspective is the fact that what I’m proposing can’t be learned in classrooms or professional development courses. The notion of experience being the best teacher applies to figuring out cybersecurity. Step one is thinking like a detective and asking questions about the incident like why was this attack vector used, are there any strange activities (however minor) occurring elsewhere in my IT environment, and why would attackers target our organization.
Deny List to prevent attacks idea is simple technique but useful. We want to zoom out on cybersecurity and network status to see as a threat. Our effort is to make real-time automation sharing experiences.
Thanks to IDG Network, also Ewan Spence for new insight on cybersecurity and Infosec.