Protecting Against Cyber Criminals: An Asymmetrical Battlefield
Twitter: @MikeDeCesare
Everyone likes a fair fight. Two worthy opponents, equally trained and armed, each with their individual specialties, duking it out to the finish. Unfortunately, life doesn’t often deal fair fights. So we’re left with the front-runner and the underdog.
What happens if the front-runner, the one with the odds stacked on their side, is a bad guy. A thief, a hacker, who is more nimble, craftier and relentless than their enterprise opponent. Consider the battlefield is constantly evolving as well, giving those nimble hackers an additional edge-up on the slower moving company. Finally, imagine invisible tunnels popping up left and right giving the bad guy unsecured access to attack from the inside.
This scenario is exactly what’s happening in cybersecurity today. We’re dealing with an uneven, unfair, asymmetrical battlefield. The sweeping movement of the Internet of Things (IoT) – essentially anything that connects to a network – is leaving companies exposed and vulnerable to hackers.
Don’t get me wrong, the IoT isn’t the bad guy. In fact, the IoT is pretty bad ass and allows us to be connected to an incredible range of “things” including medical devices, surveillance cameras, sensors, point-of-sale devices, thermostats, smart appliances, smart cars, and those uber-nerdy Google Glass headsets (there’s no way to make those look cool). Altogether, 6.4 billion connected “things” will be in use worldwide in 2016, up 30 percent from 2015, and Gartner forecasts that the number of Internet-connected things will grow to 20.8 billion by 2020.1 The issue becomes securing all of those devices when they try to connect to your company network.
Cybercriminals are opportunists
As the good guys, the cybersecurity protectors, it’s our job to try to secure every entrance point that gives access to the Internet, including all the mobile devices and “things” mentioned above. But for the bad guys, all they need to do is find one single point of entry, and they’re in. Your surveillance camera, conference room smart TV, your printer – you name it, they can get into it. Don’t think their reach only extends to overriding your print jobs. Once they hack into a device, they can now access everything connected to your network, including corporate and employee online activity and desktops.
It’s like home security. You can put 15 locks on the front door, but if you leave a bedroom window opened, opportunistic thieves will take the path of least resistance and ravage your home before you even realize your security has been breached. That’s not to say organizations such as Sony, OPM, UC Berkeley or others who experienced highly publicized and embarrassing breaches didn’t do a great deal to protect themselves before getting hacked. They put a premium on security and made substantial investments in that regard. But there’s a consistent, stressful pattern after many successful breaches that typically leads to the discovery of some old laptop, neglected server or contractor-owned device was not securely managed.
It’s a daunting fight knowing us good guys need to defend every single entrance point to a network, and the bad guys only need one single entrance point. This is the asymmetrical battlefront.
Cybercriminals are persistent
If we look just five years back, phishing and sending random emails hoping for a click that would provide an open door to your network was the standard. Educating employees on the dangers of clicking on unfamiliar, mysterious emails would be enough. But today, cybercriminals have evolved into organized groups targeting the same customers from every angle, every day. Protecting against one battlefront, like rogue emails, seems manageable. Protecting against every possible entry point when you’re being hit from all sides it’s a much larger task. The odds are clearly stacked in the bad guys favor and the odds are, they will get in. Remember, cybercriminals only need to get it right one time. We need to get it right every time.
Security starts with visibility
Fortunately IoT is here to stay. Unfortunately we need to figure out how to protect ourselves from these unprotected access points, keeping our businesses, customers and employees safe.
The first step is visibility. You can’t stop what you can’t see. The first step in securing your network is being able to see all of these devices trying to connect to your company network. It’s easy to see company issued devices like laptops and work phones as most of these have security agents on them. It’s the rogue, unmanaged devices that don’t accommodate security agents that you need to be able to detect. In talking with customers, it’s not unusual for them to tell me that ~70% of the devices connecting to their network are unmanaged devices.
A new report by Frost & Sullivan shows security agents alone are not sufficient. There are too many devices that don’t support agents, software updates and patches aren’t always up-to-date, and there’s no accounting for IoT devices. The standard approach of issuing agents will not work in today’s landscape. A new approach is needed.
Minimize manual incident management with automation
Enterprises today typically have a ton of software products, each serving a different need. And each of these is set up to trigger different alerts to the IT department. It’s then up the IT team to manually evaluate the situation and execute a solution. This is a losing value proposition that can consume your IT team and introduce a lot of human error. A better approach is to set up policy enforcement points throughout your network. This enables you to better manage security alerts as they come in and control them either manually or automatically, allowing the good guys to move at the same machine speed as the bad guys.
With proper cybersecurity measures in place, IoT is something to get really fired up on. I’m imagining the day my driverless Tesla handles my morning commute as I catch up on emails, my doctor has all my medical records available to digitally transfer to a specialist, and the office smart fridge knows when the milk is starting to spoil. The Jetsons were on to something.
We might be dealing with an asymmetrical cybersecurity battlefield today. But I love rooting for the underdog. And in this fight, the good guys will prevail.
Mike D.
