“Cybercrime may now be bigger than the drug trade”, quoted the City of London police commissioner Adrian Leppard.
Security breach announcements that were once a rarity in the non IT world are now BBC front page news on a regular basis. Whether it’s the attack and successful removal of data from a previous unknown (but now well known) dating site or the more recent attack and potentially successful data breach of a major consumer telecoms services provider, Cyber attacks are the norm. Is it time to accept them as a necessary by product of the relentless creation and consumption of digital data, sadly yes. But to accept they exist does not mean an acceptance that an attack should be effective when there are so many steps that can be taken to reduce the potential for success. Defending and securing IT systems are not an easy task as the approach includes people, process and systems. To keep all three security aware and congruent at all times is a challenge with that one “out of sync” moment the attack window for a hacker. Do nothing or “do something but slowly” is a sure-fire way to be the next big story on the front page of the BBC news broadcast. It’s time for new thinking, new skills and better visibility EVERYWHERE or the enterprise will NEVER be secure.
Many years ago a large IT company ran a brilliant ad campaign about the need to think differently. In the case of IT systems and Cyber security, thinking differently should include a rigorous appraisal of existing defences, a perspective on the most valuable digital assets within the organisation (and the additional protection they require) and most importantly the need for people to change the way they interact with digital systems (vigilance). To defend against an attack, it’s time to “think like an attacker” and not based on a viewpoint that attacks follow standardised behaviour, are seeking random targets and lack rigour and planning. Today’s attackers or attack teams are extremely well trained, often well funded and have razor sharp focus on the target and expected outcome. Old school thinking based on technology will fall short in this new digital age. It’s time for new school thinking based on the psychology of an attacker as that will surely deliver greater value (protection).
We are in the midst of an enterprise business landscape with an aging work population aligned with traditional IT skills needing to evolve to a revised “digital rich” skills portfolio. This new skillset is likely to be software influenced and will definitely drive the need to think differently, learn now and learn very differently. And to further compound matters the emerging work force of Generation Y and Z thinkers may not be viewing Information Technology as the “must join” profession of circa 25 years ago. Modern enterprises face the quandary of an old workforce with dated security skills, coupled with a new workforce with skills too new to make an impact – who then will solve the security challenges we currently face? Sadly the skills problem will not be resolved overnight with a major investment in academic level cyber awareness, new age security skills training on mass for existing networking and security personnel plus enhanced employee security education as a mandatory activity within all enterprises. It’s time for enterprise organisations to encourage everyone who embraces the benefits of IT to also part be of the solution to the cyber security challenge.
There has been an age old management quote highlighting the difficultly managing things that can’t be seen – so why believe it to be different with data and information technology outcomes. Digital data is now the DNA of modern enterprises with the potential to ignite ongoing success or collapse an organisation to failure. Full visibility of data from edge to core with the potential to preempt attacks or fast remediate breaches is now an essential element of the enterprise IT systems operational playbook. Breaches will occur in a digital data rich enterprise due to the challenge of continually appraising human, IT and non IT systems behaviour in context and in sync. However enhanced visibility leveraging optimised data analytics can highlight anomalies or areas for further investigation earlier with the hope it’s early enough for the correct intervention prior to a breach. And if an when a breach unfortunately occurs, “flight recorder” type data playback of the pre and post breach state will accelerate the time to triage and remediate plus reduce the potential for a mirrored attack. Many highlight “encryption everywhere” as one of the most impact full strategies for data protection and the emerging and very interesting “software defined perimeter (SDP)” approach (zero trust access control and data movement) as instant fixes. There is no doubt that both will be highly effective protection elements but only as part of a wholesale rethink of security defence, protection and breach remediation.
Enterprises MUST now change their approach and security solutions expectations. The increased use of mobile solutions, cloud computing and virtualisation are not creating a problem for security professions but instead delivering the potential to “reset” security protection and defence within the enterprise. The days of “adding more layers”, often bigger or higher than previously delivered are no more – instead it’s time to design a solution for an enterprise in a state of continual attack not in “comfortable defence”. Effective digital systems security WILL be a primary business enabler in the digital age as enterprises that fail to defend well, remediate quickly and understand attacks may not survive for long enough to fully recover.
Until next time.
Chief Technologist – Networking, Security, UC – Computacenter UK
The front page of Today’s Metro highlighted something that the security industry has been calling out for a while – what was once complicated technology is now commonplace in our homes – in our computers, tablets, routers, digital televisions and even domestic appliances such as smart fridges and unfortunately much of it is vulnerable to compromise.
Researchers at Proofpoint and Lancope have identified compromised household appliances being used to send Spam. Should we be worried? Personally I think we should heed this warning – many of these devices are running old operating systems that are open to compromise; something driven by the ongoing drive for value and cost effective computing. This is in all likelihood the tip of the iceberg – Manufacturers need to accept responsibility and more importantly start to develop self healing operating systems that update on demand from trusted sources – let’s hope the industry takes heed and consumers accept what will be more expensive systems in the future.
In a similar vein for a while now I’ve been concerned about the amount of power in our mobile devices. Whilst the UK bucks the trend with a penchant for the seemingly secure Apple operating system, much of Europe favours the Android operating system which has been targeted by criminals for some time. Couple this to the uncapped “all you can eat” internet packages and we have an attack vector much larger than many botnets – I only hope that the mobile network operators are well prepared.
It’s a moot point when you consider that increasingly users trust their phones more than their computers that we suddenly find ourselves in a situation where those devices we trust the most potentially present the biggest threat to our security. This is even more prevalent when we consider the amount of data now traversing business devices – the endpoint is mobilising and organisations are increasingly looking to securely enable and empower employees. In this rapidly changing landscape it’s critical that the right security strategy is deployed.
Computacenter delivers differentiated security solutions – from email and web gateway security solutions to advanced persistent threat mitigation and from desktop to datacenter and network to cloud we have end to end solutions that help maintain the security posture of your organisation.