Vulnerabilities / Threats

7/7/2016
10:30 AM
Dotan Bar Noy
Dotan Bar Noy
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

A Holistic Approach to Cybersecurity Wellness: 3 Strategies

Security professionals need to rely on more than 'vaccinations' to protect the health and safety of company systems and data.

As humans, we try and do everything we can to keep our bodies healthy. We do our best to follow preventative measures like taking vitamins or getting vaccines. We try and eat right to keep our bodies functioning as attended. If this preventative approach can work for the human body, maybe it’s an approach worth trying in enterprise cybersecurity.

Looking back at the online attacks of 2016, we have had a mixture of a strong flu season (new strains of the same old viruses) along with some more exotic Zika-like threats that are still being figured out (ransomware variants). Like any natural virus, a cyber threat only has to work at a low percentage to be successful. If a virus is too powerful, the infected don’t live long enough to pass along the disease.

In the cyber realm, if we could, we’d all probably just turn off our computers for a while until the threat is neutralized. But seriously, when a virus or threat fails, there’s a low chance of its survival. But because threats only need to have a successful attack at a miniscule percentage, cybercriminals can effectively prey on weak links for continued adaption and spreading.  

The comparison between viruses in the cyber world and the natural world can also be extended to the approaches used to combat them.

Vaccination
When individuals are vaccinated against a disease, they gain an adaptive immunity. As more threats are identified, more vaccinations are needed to build on that immunity. In the U.S. healthcare system, this involves coverage for about 15 viruses. But for a computer or network to be vaccinated against all threats, it would require millions and millions of “immunizations” in the form of signature or behavioral definitions. Humans add new layers of adaptive immunity over time, whether through boosters to old immunities or new treatments. In the enterprise, the information security department is constantly patching and updating definitions to stay ahead of the evolving threats, or adding new layers of protection.

For computers and humans, the concept of immunization requires knowledge of the threat. This means there is always a gap between emergence and recognition that allows a virus to proliferate. The consequences can be severe, which is why it’s important to do more than rely on immunity to stay healthy.

Wellness
In addition to vaccinations, people try to live a healthy lifestyle, which could include exercise, meditation, and proper nutrition. The reasoning behind this is that by adequately supporting the different systems of the body, we can better fight off viruses, bacteria, and other threats. In the enterprise, it’s equally important to build up healthy habits to try and prevent problems.

Cyber attackers are becoming increasingly sophisticated at staying ahead of defenses, making the vaccination approach less and less effective. Instead, companies need to look at three strategies to promote a holistic wellness in their approach to cybersecurity:

1. Educated Employees
Enterprises are often quick to blame individual employees for cyber attacks because they were the ones who clicked the link or downloaded the malicious file that set off the attack. But, attacks are becoming so advanced and well-disguised, that it is increasingly more difficult to distinguish the real from the fake. Instead of blaming the employees, educate them. Feed them with the basic knowledge they need to protect themselves from potential attacks. Of course, it is impossible for every employee to be expert, but by having a basic knowledge of what to look out for, they can better protect themselves as well as the enterprise.

2. Advanced Prevention
Cyber threats present a fast-moving target for detection-based solutions, so enterprises need to move beyond traditional approaches that adapt to different threats – or simply treat everything as a potential vehicle for an attack. There’s often no need to get rid of the “basic” security in place as each layer can share the load and help reduce demand on more compute or human-resource intensive platforms.

If a company can reduce the workload on their sandbox solution, for example, the cost savings alone could pay for a new, more advanced layer. The disadvantage of having many solutions is the need to manage all of them. So security teams need to understand to which category a solution belongs (endpoint, gateway, etc.) and what are the real problems it solves. You need to be efficient and look for the most coverage from the least amount of solutions. While some overlap is good and will happen naturally, the wider the risk coverage (data source and threat), the better.    

3. Faster Recovery
It is impossible to be 100% secure, so enterprises should be hedging their investment in security by adding tools that address remediation and recovery. Whether that involves backing up files to speed recovery, investing in better network segmentation to limit damage, or protecting against data loss, these efforts will help decrease the cost of a breach and minimize lost productivity.

Even the most effective vaccinations can fail if the overall health of the patient is poor. By looking at enterprise security holistically and developing a sense of cyber wellness, companies will be better prepared for the challenges to come.

Related Content:

Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business. Click to register.

Dotan Bar Noy Lt. Commander Israel Navy. (RET) is the CEO & Co-Founder of ReSec Technologies. He has more than 10 years of management experience in technology and software companies. Prior to founding ReSec, he served as Director at Issta (listed ISTA.P), CEO of G.F.A. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
7/7/2016 | 1:18:14 PM
Spot on
I love the way you compared IT security to the security of the body. I also think that in IT, like in medicine, you have to look at where an infection can enter. Sure, you want to cover the most common entry points -- in a human: nose, eyes and mouth and in an IT network PCs, laptops and other endpoints. But then you have to think about the less common entryway. Humans can get an infection by getting bit by a bug or getting a scrape or a cut. In an IT network you have to cover lesser-known entry points such as printers or even IoT devices such as HVAC. 

Really great points! Thanks again! 

--Karen Bannan for IDG and HP
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3812
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-8919
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-8917
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...