Vulnerabilities / Threats

7/7/2016
10:30 AM
Dotan Bar Noy
Dotan Bar Noy
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

A Holistic Approach to Cybersecurity Wellness: 3 Strategies

Security professionals need to rely on more than 'vaccinations' to protect the health and safety of company systems and data.

As humans, we try and do everything we can to keep our bodies healthy. We do our best to follow preventative measures like taking vitamins or getting vaccines. We try and eat right to keep our bodies functioning as attended. If this preventative approach can work for the human body, maybe it’s an approach worth trying in enterprise cybersecurity.

Looking back at the online attacks of 2016, we have had a mixture of a strong flu season (new strains of the same old viruses) along with some more exotic Zika-like threats that are still being figured out (ransomware variants). Like any natural virus, a cyber threat only has to work at a low percentage to be successful. If a virus is too powerful, the infected don’t live long enough to pass along the disease.

In the cyber realm, if we could, we’d all probably just turn off our computers for a while until the threat is neutralized. But seriously, when a virus or threat fails, there’s a low chance of its survival. But because threats only need to have a successful attack at a miniscule percentage, cybercriminals can effectively prey on weak links for continued adaption and spreading.  

The comparison between viruses in the cyber world and the natural world can also be extended to the approaches used to combat them.

Vaccination
When individuals are vaccinated against a disease, they gain an adaptive immunity. As more threats are identified, more vaccinations are needed to build on that immunity. In the U.S. healthcare system, this involves coverage for about 15 viruses. But for a computer or network to be vaccinated against all threats, it would require millions and millions of “immunizations” in the form of signature or behavioral definitions. Humans add new layers of adaptive immunity over time, whether through boosters to old immunities or new treatments. In the enterprise, the information security department is constantly patching and updating definitions to stay ahead of the evolving threats, or adding new layers of protection.

For computers and humans, the concept of immunization requires knowledge of the threat. This means there is always a gap between emergence and recognition that allows a virus to proliferate. The consequences can be severe, which is why it’s important to do more than rely on immunity to stay healthy.

Wellness
In addition to vaccinations, people try to live a healthy lifestyle, which could include exercise, meditation, and proper nutrition. The reasoning behind this is that by adequately supporting the different systems of the body, we can better fight off viruses, bacteria, and other threats. In the enterprise, it’s equally important to build up healthy habits to try and prevent problems.

Cyber attackers are becoming increasingly sophisticated at staying ahead of defenses, making the vaccination approach less and less effective. Instead, companies need to look at three strategies to promote a holistic wellness in their approach to cybersecurity:

1. Educated Employees
Enterprises are often quick to blame individual employees for cyber attacks because they were the ones who clicked the link or downloaded the malicious file that set off the attack. But, attacks are becoming so advanced and well-disguised, that it is increasingly more difficult to distinguish the real from the fake. Instead of blaming the employees, educate them. Feed them with the basic knowledge they need to protect themselves from potential attacks. Of course, it is impossible for every employee to be expert, but by having a basic knowledge of what to look out for, they can better protect themselves as well as the enterprise.

2. Advanced Prevention
Cyber threats present a fast-moving target for detection-based solutions, so enterprises need to move beyond traditional approaches that adapt to different threats – or simply treat everything as a potential vehicle for an attack. There’s often no need to get rid of the “basic” security in place as each layer can share the load and help reduce demand on more compute or human-resource intensive platforms.

If a company can reduce the workload on their sandbox solution, for example, the cost savings alone could pay for a new, more advanced layer. The disadvantage of having many solutions is the need to manage all of them. So security teams need to understand to which category a solution belongs (endpoint, gateway, etc.) and what are the real problems it solves. You need to be efficient and look for the most coverage from the least amount of solutions. While some overlap is good and will happen naturally, the wider the risk coverage (data source and threat), the better.    

3. Faster Recovery
It is impossible to be 100% secure, so enterprises should be hedging their investment in security by adding tools that address remediation and recovery. Whether that involves backing up files to speed recovery, investing in better network segmentation to limit damage, or protecting against data loss, these efforts will help decrease the cost of a breach and minimize lost productivity.

Even the most effective vaccinations can fail if the overall health of the patient is poor. By looking at enterprise security holistically and developing a sense of cyber wellness, companies will be better prepared for the challenges to come.

Related Content:

Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business. Click to register.

Dotan Bar Noy Lt. Commander Israel Navy. (RET) is the CEO & Co-Founder of ReSec Technologies. He has more than 10 years of management experience in technology and software companies. Prior to founding ReSec, he served as Director at Issta (listed ISTA.P), CEO of G.F.A. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
7/7/2016 | 1:18:14 PM
Spot on
I love the way you compared IT security to the security of the body. I also think that in IT, like in medicine, you have to look at where an infection can enter. Sure, you want to cover the most common entry points -- in a human: nose, eyes and mouth and in an IT network PCs, laptops and other endpoints. But then you have to think about the less common entryway. Humans can get an infection by getting bit by a bug or getting a scrape or a cut. In an IT network you have to cover lesser-known entry points such as printers or even IoT devices such as HVAC. 

Really great points! Thanks again! 

--Karen Bannan for IDG and HP
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.