You can’t avoid the headlines. Week after week. Compromise after compromise impact companies, data, and users. For many, these kinds of headlines are discouraging signs of a state of cybersecurity that has and continues to fail. But I am in a different camp that says there is opportunity to do better and for organizations like the one I work for to help companies do better.
Bad News from the Industry
A few of the recent incidents are just plain ugly. Some examples:
- American Airlines released info about how they suffered a data breach back in July. The cyber attackers accessed sensitive information, customer records, and significant numbers of identifiable data. The root cause was reported to be phishing emails, which suggests that all this damage came down to a critical point where somebody clicked, submitted credentials, or unknowingly allowed malware into the enterprise. It is simply tragic when you compare that first action to all of the impact of assessment, triage, and cleanup.
- Uber – another significant name in transportation had its own major incident. The company was compromised through a social engineering attack that provided the outside party access to what was essentially total privileged access control over Uber, including administrative access to Windows networks, Amazon Web Services, Slack, and internal IT systems. The organization responded quickly to recover, and the organization shared that the group likely to have been behind the attack, Lapsus$, purchased the credentials out on the dark web, prompting MFA confirmations to the affected account. Possibly burnt out on MFA prompts, the attackers were able to pose as Uber’s own IT department and trick the account holder to confirm access and the rest is history.
- Samsung recently found themselves amid their second data breach in less than six months. Personal data, account info, and more were found to have been stolen. Importantly, the incident was tangibly traced down to the server levels while consumer devices were not compromised directly. With many millions of users, a global compromise can be very bad news for any company.
- The Internal Revenue Service, critical to much of our national integrity also reported a major data breach. The agency lost the private information to some 120,000 taxpayers when confidential data from business tax returns were accidentally misconfigured and made public for about a year. The organization indicated that the ‘coding error’ was discovered by an employee.
There is no way to hide those headlines and there is no way to hide what significant cyber incidents mean to the integrity of a business and its users. Throughout the industry however, it is important to draw some lessons from these incidents.
Lessons from the Fires
The first lesson should be obvious: you should never rely on passwords as your only form of authentication. Passwords are too easy to steal, whether through simple means like purchasing them online or more elaborate schemes using social engineering techniques. Multifactor, everywhere, all the time – no exceptions. Next lesson, the insider threat situation is bad, really bad.
Beyond that, it gets much more complicated. If you are fortunate, your organization has the elements and budget to make for an effective cybersecurity program. However, these days, even that position is not enough by itself.
Even Standard Cybersecurity Doesn’t Cut It
Consider how a major Gartner report explored how a large majority of organizations continue to look for consolidation of their security vendors. The issue most reported was an increased dissatisfaction with operating efficiency and lack of integration between the different parts that make up a heterogenous stack. That would include multi-cloud, on-premises, and application environments.
Many organizations have spent millions on firewalls, encryption, and more, but if intruders are already inside the building – as pointed out by a countless number of security experts – these measures will do little good. Misconfigurations, social engineering, fake MFA, phishing, smishing, and an entire list of specific targeted attack variations exist, each of these perilously positioned between the company and varying levels of data disaster.
Enter Comprehensive Security
The enduring prescription in a challenging world of cyber threats is a comprehensive approach to cybersecurity. This is the most effective way to detect, isolate, and respond to the insider threat. From the ground up, comprehensive security must be built with specific goals in mind:
- Zero trust
- Full encryption
- Continuous visibility
- Active defense
- Anomaly detection and response
- Integrated threat channel intelligence
- Intelligent perimeter protections
- Backup and recovery
- Real-time principles and response playbooks
- And an ever-improving ecosystem of response-driven iteration
The existing cyber threat landscape is becoming increasingly complex, and it is evolving each and every day. To respond effectively to these threats, it’s imperative that organizations build their active-defense capabilities – which include better intelligence and stronger collaboration with others in your organization, as well as external stakeholders such as law enforcement or the cybersecurity metrics community.
Stepping Up to the Challenge
Unfortunately, there simply are not enough resources in terms of human and financial capital for most organizations to implement this type of security. That is where partnering and offering comprehensive security services to an organization can help protect what is essential, and cybersecurity can become a strategic component of the data landscape rather than a cost.
As an industry, we can and will do better. Our hope is that through comprehensive security services, the most adaptive, responsive approach for dealing with modern threats will thrive and encourage organizations to build their best to take on the challenges of the day.