Reactive Cybersecurity Means a Dangerous Game of Chase
What’s on the minds of cybersecurity leaders? I had the opportunity to participate in a recent event where leading companies and cybersecurity practitioners gathered to discuss the latest—M&A activity in the security landscape, collaboration, security hygiene and the like. But there was one topic in particular that resonated with me: the strengthening of cyber threats and how continuous, proactive security is needed to thwart them.
From “Simple” Access to Dangerous Games
In the 90s, IT departments were focused on preventing malware and virus trojan horses from getting into the company and wreaking havoc. Every desktop had the latest antivirus software which hopefully, but amazingly not always, was set to update automatically. In the 2000s, cyber criminals were focused on crime, on stealing whatever information they could access. During this decade we saw the the first significant breach of customer data, where the thieves wanted credit card information to make purchase against the victims’ accounts. It also happens to be the same decade where we saw the rise of the CISO, in function if not necessarily in title. During both periods, the endgame for the criminals was always to get in and get out.
But in the 2010s the bad guys are getting exponentially smarter, and organizations have to play a dangerous game of chase. As one barrier is implemented in answer to a breach or vulnerability, the attackers have already moved on with a different approach. This decade is now, still, again about advanced persistent threats (APT). Towards the end of 2000s, this type of threat was identified. But then “APT” became a very buzzy concept and was overused to describe a broader array of threats. At its core however, advanced persistent threats are still ominous and insidious. APT attackers don’t want to get in and get out, content with stealing thousands of credit card numbers. They want to get in, stay there for a while and steal high-value data and targets.
Think military, financial services, healthcare.
And this is usually done with customized tools that continue to morph and adapt as they sense impending detection. Yet many organizations are still taking a reactionary, defensive stance, often scanning just twice a year as required by multiple industry regulators (e.g. OCC, SEC & HIPAA). If cyber criminals are as smart as we know they are, they likely know when those scheduled scans are, infiltrate right after and lay low until the next scan.
Proactive, Continuous Monitoring and Remediation
Forward-looking companies should adopt a continuous cybersecurity stance, employing proactive remediation and incident response. This two-pronged approach can be successful in preventing a breach before it takes place and a commitment to incident response remediates the situation when cyber attackers pry their way in. When these two prevention measures are both given adequate resources to perform at their highest levels, cyberattacks are less likely to occur and, when they do, they will do far less damage.