Jon AbbottOnly 24% Of Organisations Focus On Breach Prevention!
If we use the latest cyber security report from Accenture as a benchmark, I think it is safe to say that currently the cyber criminals are winning
If we use the latest cyber security report from Accenture as a benchmark, I think it is safe to say that currently the cyber criminals are winning. In fact if Cybercrime was a business it would be six times larger than Apple. With an estimated cost to the global economy of $6 trillion in 2021, equivalent to $11.5 million a minute, there is clearly no letting up.
Yet this dire situation is not through lack of trying, or more accurately not through lack of spending. It is estimated that $181 billion will be spent on cybersecurity in 2021, up from $105 billion back in 2015, that’s an increase of around $12 billion year-on-year.
So, with an increase in spending, yet no sign of curbing the cyberattacks, is it that the global approach is all wrong?
I have felt for a long time that the industry is focusing too heavily on breach detection, whilst downplaying breach prevention. Perhaps there is a better approach.
To focus on a set of specific attacks might imply that the issue is unique to a particular hack, when in fact I believe the issue is a much wider problem.
Some points to consider might be:
- After a huge breach, do the security team always manage to kick out the hackers?
- Have you ever come across a hack which was impossible to stop?
- If you can kick a hacker out after an attack, why can’t you prevent them in in the first place?
The point I am making is that hackers are just following a process, they are not all elite hackers who cannot be stopped. Hackers will exploit known weaknesses, so the more weaknesses your business has, the more likely the hackers will find and exploit them.
Learning From Others’ Mistakes
Let’s look at some of the recent big attacks and hopefully you’ll begin to see the pattern. Starting with TravelEx, the hackers broke through a vulnerability in their Checkpoint firewall, a vulnerability which was patched by Checkpoint 18 months earlier. How is it possible that TravelEx didn’t apply the patch? It would be fair to assume that they have the resources, and operating within the financial market, they are clearly a potential target. Did they have an asset risk register?
Hackers were able to obtain the credentials of two admins and go on to steal 4.5 million customer records, including some credit card and personal information. Three questions immediately spring to mind:
- Why did the admins have access to so much data, surely there should be more data controls around accessing the data?
- How were the credentials obtained, are they using creds in multiple systems?
- Why wasn’t two factor authentication and other security barriers in place before having access to the data?
Given this is the second hack in 18 months, there must be a relaxed culture towards security, especially for both accounts to be compromised.
Is There A Trend Between Getting Hacked And Pure Breach Detection?
According to the Accenture report, 76% of cyber professionals are only focusing on breach detection. It is true that a simple shift towards breach prevention will not necessarily guarantee that no more hacks will occur. However doing the basics brilliantly would undoubtedly alleviate the problem considerably. More generally, from a societal perspective, I am a firm believer that if can take simple steps to cover the fundamentals and dramatically reduce attack volumes, we will start to reduce the revenues of cyber criminals. This will have significant knock on benefits of de-funding their practices thereby reducing their sophistication and, just perhaps, the allure of becoming a cyber criminal may diminish.
What Does Proactive Security Look Like?
1. Have you got the right security tools for the job?
I would recommend the following for any organisation.
- Antimalware on all devices (yes all, that includes Macs and Linux boxes).
- Web proxy on all workstations.
- Cloud based patching solution on all devices (again don’t forget the Macs or Linux machines).
- Monthly automated vulnerability scanning.
- Automated Darkweb ID searches.
The critical part of managing those tools is ensuring that they are installed on everything and that they are doing their job. For example, it is no good having antimalware that is out-of-date or a patching solution that is stuck on repeat trying to install a particular patch. The term set it and forget it, does not really apply, regular checks must be carried out to ensure processes are still working correctly.
2. Have you configured the tools correctly?
Cloud apps are brilliant and give you access to some of the best security in the world. Big Cloud providers such as 365, G-Suite, Salesforce, Hubspot, and Egnyte to name just a few, are world leaders in cybersecurity, and provide fantastic security tools, but if you don’t switch them on, they’re of no benefit.
Multi factor authentication (MFA) is a prime example of this. MFA blocks 99.9% of Office 365 email business compromise attacks. However, only 10% of logins are using MFA, 10%!
3. Are you checking your systems as frequently as the hackers?
It is no longer enough to perform annual, bi-annual, or even quarterly checks, the hackers are working a lot more efficiently than that. You need to be checking on a weekly basis, ideally more. If you have more than 100 employees, things will need adjusting, there will be starters/leavers, new apps coming online and constant adjustments to your systems.
Why Would You Not?
The resistance towards this approach is often due lack of time to perform the check and implement the fixes, rather than a lack of belief in the benefits. This is where ThreatAware’s latest feature of built-in remediation comes into play, it’s that extra resource that you’ve been lacking. Tasks such as applying updates, running virus scans, and even deploying missing tools, can all be done straight through the console.
Reference: Ponemon institute 2020 report